Server-Side Scripting and Database Connectivity
In a Nutshell - CIW Course Section 1, Part C, Chapter 7
It is not too many years since any scripting required, had to take place on the server. Advances in browsers now mean that more and more scripting can take place client-side. Certain tasks are better performed on the client and others are better carried out at the server.
Tasks that require information from the client or need interaction from the user should, obviously, be client-side operations. Similarly, tasks that read or write to or from a database should be server-side.
There are benefits and drawbacks to both. Too much client-side scripting will bloat the HTML files and incur long download times and use valuable bandwidth. Too much server-side scripting will load the server and may slow the performance for all clients.
HTML Forms
Currently, most Web-based transactions occur via HTML forms, When a content designer creates an HTML form, he or she uses the <FORM> tag to associate the form with a server resource. This server resource is a program (or script) that receives the information from the form and processes it.
Common Gateway Interface (CGI)
CGI represents the most simple and universal gateway. In CGI, the server responds to an HTML form by executing a co-process and returning the output from the process to the client. This process is responsible for constructing a properly formatted HTTP reply.
Because CGI and other gateways permit remote users to execute programs on a local machine, the use of such gateways has important security implications.
CGI Drawbacks
One of the drawbacks of CGI is that it creates out-of-process events, meaning that each instance of a script runs as a separate process on the server. Too many users running too many scripts will quickly exhaust the server resources, which may prevent the server from servicing new users.
Another drawback with CGI programs is that unless they are very well written, they may not account for unexpected user entries. If a script does not account for all possibilities, it will not deliver the user's information correctly, resulting in lost information.
Owing to it's ability to call events out of process, CGI can also invite security problems. Hackers can initiate these scripts for their own ends.
CGI Alternatives
To solve the problems presented by CGI, developers have designed gateways using dynamically loaded object libraries. In this type of gateway, the server generates the reply document by calling a dynamically loaded subroutine and returning the subroutine's output to the client. Using dynamically loaded libraries eliminates the substantial overhead involved in starting new process on the host, thus providing better performance.
Scripting solutions such as: Microsoft Active Server Pages (ASP), Netscape Server-Side JavaScript (SSJS), and Allaire Coldfusion all provide effective alternatives but are proprietary locking the developer into one vendor. Pre-Hypertext Processor (PHP) and JavaServer Pages (JSP) are similar in function and are not proprietary.
Databases
A database is a file or collection of files used to organise information. Three types of database exist within businesses and organisations: relational, non-relation and object-oriented. Whichever database type you use, you will need software to access and manipulate the data.
Database management systems are designed to provide the "business logic" that enables a client to manipulate a database. The software that performs this task for a non-relational database is known as a Database Management System (DBMS). Within a DBMS there are two types of database: hierarchical and Network.
Similarly, when working with a relational database, you need an RDBMS and an ODBMS to work with object oriented databases. In all cases the management system is designed to ensure orderly access to the information and to ensure the data maintains it's integrity.
Database Connectivity
Currently, two standards exist to allow users to program the operating system to recognise a database for use with gateway applications. These are the Open Database Connectivity (ODBC) and Java Database Connectivity (JDBC) standards.
- ODBC is a Microsoft solution that allows programmers to refer to databases. It is based on the X-Open standard call-level interface, and is one of the industry standard APIs for using SQL to access relational databases.
- JDBC was developed by Sun Microsystems subsidiary JavaSoft. JDBC allows a server to work with any SQL compliant database, rather than forcing a DBMS to comply with a standard created by one company.