CGI and Perl

Dynamic Generation of Forms

One of the major strengths of the CGI approach over static HTML is, of course, the ability to dynamically generate the contents of a page. The best approach to setting up a list of products for sale is to define a database that contains the product information such as the price, whether it's in stock, and a brief description of the item. Because this information is dynamic, you want the ability to generate your pages based on the current state of your products. If something is out of stock, you would like to be able to tell the shoppers and provide them with an estimated date of when it may be available again.

Rather than constantly update static HTML pages with this information, it makes much more sense to store the information in a database and have a script retrieve the information and generate the pages on request. After all, dynamic content retrieval is one of the intents of CGI, and Perl is one of the best languages for doing this type of work. Several database modules that work using standard ASCII formatted files are available with Perl. You see one of these database interfaces in the MiniVend example. Another strength of Perl is the powerful regular expression capabilities for reformatting text and global substitution of strings.

Database Issues

I've already touched briefly on the need for storing information in a database. The database interface modules available in Perl are a good start. As your product inventory grows, you may want to store your data in a large commercial relational database. Other database modules are available for Perl to use with some of the popular database systems.

Security

Last but certainly not least among the implementation issues is the issue of security. The standard HTTP protocol does not define any means of encryption and decryption when transferring data. You may have seen a dialog box in your browser warning you of this situation whenever you press a Submit button in a form. This warning essentially tells you that, when you send this data through the Net, anyone can see the data that you are transmitting. This lack of security can lead to a lot of worries when that data includes your credit card number and other personal information about yourself.

One solution to this security problem is Netscape's Secure Socket Layer (SSL) protocol. This protocol is discussed briefly in Chapter 3, "Security on the Web." You can also find more information on this at Netscape's Web site with the following URL:

http://home.netscape.com/comprod/server_central/config/secure.html

I strongly suggest that anyone setting up an electronic store should thoroughly understand where the holes are and how to prevent surreptitious use of your and your customer's data.

The MiniVend package addresses the issue of security in several ways. You look more deeply into this important issue at the end of the example.