CPS 353: Internet Programming

HTML Forms, Basic HTTP, and more c#

Marcos Elugardo

Gordon College

Last Modified: 09/23/2015

Agenda

Check-in
HTML Forms
HTTP and Web Servers
Class Research Mini-opics
Milestone 3

Notes should go here...

Check-in

Homeworks and Milestones
- How are these going?

Form Basics

5.1: Form Basics
5.2: Form Controls
5.3: Submitting Data
5.4: Processing Form Data in C#

Web data

most interesting web pages revolve around data
- examples: Google, IMDB, Amazon, Facebook, YouTube, Rotten Tomatoes
- can take many formats: text, HTML, XML, multimedia
many of them allow us to access their data
some even allow us to submit our own new data
most server-side web programs accept parameters that guide their execution

Query strings and parameters

URL?name=value&name=value...

http://www.google.com/search?q=Obama
http://example.com/student_login?username=aardvark&id=1234567

query string: a set of parameters passed from a browser to a web server
- often passed by placing name/value pairs at the end of a URL
- above, parameter username has value aardvark, and sid has value 1234567
Server-side code (i.e. PHP, C#) can examine and utilize the value of parameters
a way for server-side code to produce different output based on values passed by the user

HTML forms

form: a group of UI controls that accepts information from the user and sends the information to a web server
the information is sent to the server as a query string
JavaScript can be used to create interactive controls (seen later)

HTML form: `<form>`

<form action="destination URL">
	form controls
</form>

required action attribute gives the URL of the page that will process this form's data
when form has been filled out and submitted, its data will be sent to the action's URL
one page may contain many forms if so desired

Form example

<form action="http://www.google.com/search">
	<div>
		Let's search Google:
		<input name="q" />
		<input type="submit" />
	</div>
</form>

should wrap the form's controls in a block element such as div

Form Controls

5.1: Form Basics
5.2: Form Controls
5.3: Submitting Data
5.4: Processing Form Data in C#

Form controls: `<input>`

<!-- 'q' happens to be the name of Google's required parameter -->
<input type="text" name="q" value="Colbert Report" />
<input type="submit" value="Booyah!" />

input element is used to create many UI controls
- an inline element that MUST be self-closed
name attribute specifies name of query parameter to pass to server
type can be button, checkbox, file, hidden, password, radio, reset, submit, text, ...
value attribute specifies control's initial text

Text fields: `<input>`

<input type="text" size="10" maxlength="8" /> NetID <br />
<input type="password" size="16" /> Password
<input type="submit" value="Log In" />

input attributes: disabled, maxlength, readonly, size, value
size attribute controls onscreen width of text field
maxlength limits how many characters user is able to type into field

Text boxes: `<textarea>`

a multi-line text input area (inline)

<textarea rows="4" cols="20">
Type your comments here.
</textarea>

initial text is placed inside textarea tag (optional)
required rows and cols attributes specify height/width in characters
optional readonly attribute means text cannot be modified

Checkboxes: `<input>`

yes/no choices that can be checked and unchecked (inline)

<input type="checkbox" name="lettuce" /> Lettuce
<input type="checkbox" name="tomato" checked="checked" /> Tomato
<input type="checkbox" name="pickles" checked="checked" /> Pickles

none, 1, or many checkboxes can be checked at same time
when sent to server, any checked boxes will be sent with their value attribute or on:
- ```
http://webster.cs.washington.edu/params.php?tomato=on&pickles=on
```
use checked="checked" attribute in HTML to initially check the box

Radio buttons: `<input>`

sets of mutually exclusive choices (inline)

<input type="radio" name="cc" value="visa" checked="checked" /> Visa
<input type="radio" name="cc" value="mastercard" /> MasterCard
<input type="radio" name="cc" value="amex" /> American Express

grouped by name attribute (only one can be checked at a time)
must specify a value for each one or else it will be sent as value on

Text labels: `<label>`

<label><input type="radio" name="cc" value="visa" checked="checked" /> Visa</label>
<label><input type="radio" name="cc" value="mastercard" /> MasterCard</label>
<label><input type="radio" name="cc" value="amex" /> American Express</label>

associates nearby text with control, so you can click text to activate control
can be used with checkboxes or radio buttons
label element can be targeted by CSS style rules

Drop-down list: `<select>`, `<option>`

menus of choices that collapse and expand (inline)

<select name="favoritecharacter">
	<option>Jerry</option>
	<option>George</option>
	<option selected="selected">Kramer</option>
	<option>Elaine</option>
</select>

option element represents each choice
select optional attributes: disabled, multiple, size
optional selected attribute sets which one is initially chosen

Using `<select>` for lists

<select name="favoritecharacter[]" size="3" multiple="multiple">
	<option>Jerry</option>
	<option>George</option>
	<option>Kramer</option>
	<option>Elaine</option>
	<option selected="selected">Newman</option>
</select>

optional multiple attribute allows selecting multiple items with shift- or ctrl-click
- must declare parameter's name with [] (for PHP) if you allow multiple selections
option tags can be set to be initially selected

Option groups: `<optgroup>`

<select name="favoritecharacter">
	<optgroup label="Major Characters">
		<option>Jerry</option>
		<option>George</option>
		<option>Kramer</option>
		<option>Elaine</option>
	</optgroup>
	<optgroup label="Minor Characters">
		<option>Newman</option>
		<option>Susan</option>
	</optgroup>
</select>

What should we do if we don't like the bold italic?

Reset buttons

Name: <input type="text" name="name" /> <br />
Food: <input type="text" name="meal" value="pizza" /> <br />
<label>Meat? <input type="checkbox" name="meat" /></label> <br />
<input type="reset" />

when clicked, returns all form controls to their initial values
specify custom text on the button by setting its value attribute

Common UI control errors

I changed the form's HTML code ... but when I refresh, the page doesn't update!
- By default, when you refresh a page, it leaves the previous values in all form controls
- it does this in case you were filling out a long form and needed to refresh/return to it
- if you want it to clear out all UI controls' state and values (e.g. browser cache), you must do a full refresh
  - Windows: Shift-Ctrl-R
  - Mac: Shift-Command-R

Hidden input parameters

<input type="text" name="username" /> Name <br />
<input type="text" name="sid" /> SID <br />
<input type="hidden" name="school" value="Gordon" />
<input type="hidden" name="year" value="2048" />

an invisible parameter that is still passed to the server when form is submitted
useful for passing on additional state that isn't modified by the user

Submit and other Buttons

<input type="text" name="name" /> Name <br />
<input type="text" name="sid" /> SID <br />
<input type="submit" name="action" value="Go For It!" />
<input type="button" name="another-action" value="Do Something Else..." />

Submit button sends form data to the server for processing.
Other buttons can trigger logic via JavaScript.

Grouping input: `<fieldset>`, `<legend>`

groups of input fields with optional caption (block)

<fieldset>
	<legend>Credit cards:</legend>
	<input type="radio" name="cc" value="visa" checked="checked" /> Visa
	<input type="radio" name="cc" value="mastercard" /> MasterCard
	<input type="radio" name="cc" value="amex" /> American Express
</fieldset>

fieldset groups related input fields, adds a border; legend supplies a caption

Styling form controls

element[attribute="value"] {
	property : value;
	property : value;
	...
	property : value;
}

input[type="text"] {
	background-color: yellow;
	font-weight: bold;
}

attribute selector: matches only elements that have a particular attribute value
useful for controls because many share the same element (input)

Submitting Data

5.1: Form Basics
5.2: Form Controls
5.3: Submitting Data
5.4: Processing Form Data in c#

Problems with submitting data

<label><input type="radio" name="cc" /> Visa</label>
<label><input type="radio" name="cc" /> MasterCard</label> <br />
Favorite Star Trek captain:
<select name="startrek">
	<option>James T. Kirk</option>
	<option>Jean-Luc Picard</option>
</select> <br />

this form submits to our handy params.php tester page
the form may look correct, but when you submit it...
[cc] => on, [startrek] => Jean-Luc Picard

The `value` attribute

<label><input type="radio" name="cc" value="visa" /> Visa</label>
<label><input type="radio" name="cc" value="mastercard" /> MasterCard</label> <br />
Favorite Star Trek captain:
<select name="startrek">
	<option value="kirk">James T. Kirk</option>
	<option value="picard">Jean-Luc Picard</option>
</select> <br />

value attribute sets what will be submitted if a control is selected
[cc] => visa, [startrek] => picard

URL-encoding

certain characters are not allowed in URL query parameters:
- examples: " ", "/", "=", "&"
when passing a parameter, it is URL-encoded (reference table)
- "Anthony's cool!?" → "Anthony%27s+cool%3F%21"
you don't usually need to worry about this:
- the browser automatically encodes parameters before sending them
- the c# automatically decode them
- ... but occasionally the encoded version does pop up (e.g. in Firebug)

Submitting data to a web server

though browsers mostly retrieve data, sometimes you want to submit data to a server
- Hotmail: Send a message
- Flickr: Upload a photo
- Google Calendar: Create an appointment
the data is sent in HTTP requests to the server
- with HTML forms
- with Ajax (seen later)
the data is placed into the request as parameters

Query parameters: `Request.QueryString`

user_name = Request.QueryString["username"];
id_number = (int) Request.QueryString["id"];
eats_meat = FALSE;
if (Request.QueryString.AllKeys.Any(k => k == "meat")) {
    $eats_meat = TRUE;
}

$_REQUEST["parameter name"] returns a parameter's value as a string
test whether a given parameter was passed with Request.QueryString.AllKeys.Any

HTTP `GET` vs. `POST` requests

GET : asks a server for a page or data
- if the request has parameters, they are sent in the URL as a query string
POST : submits data to a web server and retrieves the server's response
- if the request has parameters, they are embedded in the request's HTTP packet (POST body), not the URL
For submitting data, a POST request is more appropriate than a GET
- GET requests embed their parameters in their URLs
- URLs are limited in length (~8K characters)
- URLs cannot contain special characters without encoding
- not really more secure

GET Example: Exponents

@{
	var firstName = Request.QueryString["fname"];
	var lastName = Request.QueryString["lname"];
	var result = "Hello " + firstName + " " + lastName;
	@result;
}

http://example.com/hello?fname=Donald&lname=Trump

Hello Donald Trump

GET Example: Print all parameters

@{
foreach (var key in Request.QueryString.AllKeys) {
	

	<p>Parameter @key has value @Request.QueryString[key]</p>

	
}
}

http://example.com/printparams?name=Orycteropus+afer&sid=1234567

Parameter name has value Orycteropus afer

Parameter sid has value 1234567

Form POST example

<form action="http://foo.com/app" method="post">
	<div>
		Name: <input type="text" name="name" /> <br />
		Food: <input type="text" name="meal" /> <br />
		<label>Meat? <input type="checkbox" name="meat" /></label> <br />
		<input type="submit" />
	<div>
</form>

GET or POST?

if (Request.HttpMethod == "GET") {
	# process a GET request
	...
} elseif (Request.HttpMethod == "POST") {
	# process a POST request
	...
}

some MVC actions process both GET and POST requests
to find out which kind of request we are currently processing,
look at the global Request object's "HttpMethod" property

The `Server.UrlEncode` function

returns an HTML-escaped version of a string

text from files / user input / query params might contain <, >, &, etc.
we could manually write code to strip out these characters
better idea: allow them, but escape them

var text = "<p>hi 2 u & me</p>";
text = Server.UrlEncode(text);   # "&lt;p&gt;hi 2 u &amp; me&lt;/p&gt;"

Processing Form Data in C#

5.1: Form Basics
5.2: Form Controls
5.3: Submitting Data
5.4: Processing Form Data in C#

"Superglobal" arrays

Array	Description
`Request.QueryString`, `Request.Form`	parameters passed to GET and POST requests
`Server`, `Request.ServerVariables`	information about the web server
`Request.Files`	files uploaded with the web request
`Session`, `Request.Cookies`	"cookies" used to identify the user (seen later)
`Request.Params`	Gets a combined collection of QueryString, Form, Cookies, and ServerVariables items.

Uploading files

<form action="http://webster.cs.washington.edu/params.php"
      method="post" enctype="multipart/form-data">
	Upload an image as your avatar:
	<input type="file" name="avatar" />
	<input type="submit" />
</form>

add a file upload to your form as an input tag with type of file
must also set the enctype attribute of the form to multipart/form-data

it makes sense that the form's request method must be post (an entire file can't be put into a URL!)
form's enctype (data encoding type) must be set to multipart/form-data or else the file will not arrive at the server

Processing an uploaded file in c#

uploaded files are placed into array Request.Files, not Request.Form
each element of Request.Files is itself an array, containing HttpFileCollectionBase objects. A few properties of this object are:
- FileName : the local filename that the user uploaded
- ContentType : the MIME type of data that was uploaded, such as image/jpeg
- ContentLength : file's size in bytes

Uploading details

<input type="file" name="avatar" />

example: if you upload borat.jpg as a parameter named avatar,
- Request.Files["avatar"].FileName will be "borat.jpg"
- Request.Files["avatar"].ContentType will be "image/jpeg"
- Request.Files["avatar"].ContentLength will be something like "32421343"

Processing uploaded file, example

	var username = Request.Form["username"];

	<p>Received  file from @username called  @Request.Files["avatar"].FileName</p>

A form that submits to itself

<form action="" method="post">
	...
</form>

a form can submit its data back to itself by setting the action to the page's own URL (or blank)
benefits
- fewer pages/files (don't need a separate file for the code to process the form data)
- better encapsulation and modularity
- can more easily re-display the form if there are any errors

Processing a self-submitted form

if (Request.HttpMethod == "GET") {
	// normal GET request; display self-submitting form
	
	<form action="" method="post">...</form>
	
} elseif (Request.HttpMethod == "POST") {
	// POST request; user is submitting form back to here; process it
	var var1 = Request.Form["param1"];
	...
}

a page with a self-submitting form can process both GET and POST requests
look at the Request.HttpMethod to see which request you're handling
handle a GET by showing the form; handle a POST by processing the submitted form data
another approach: process the form if the submit button's value is set

allows form processing on both GET and POST requests
processing on POST only is "truer" to the spirit of HTTP methods

Web Server Basics

Web server is the program on the remote computer generating and serving up content

takes a request
returns a response
- both of these have headers -- i.e. content (MIME) type, user agent, cookies, etc.
server settings reside in a configuration file
- for instance, Apache configuration values live in the httpd.conf file

Popular Web Servers

Apache -- most widely-used server (well over 50% of websites run on Apache
Microsoft Internet Information Services (IIS) -- Propriety web server optimized to run in Windows environment
nginx -- open source web server with simpler configuration than Apache

The Netcraft Web Server Survey tracks web server usage statistics.

Common Server Configuration Values

Document Root -- server-side directory that serves as the root for URLs to the server
- static content (i.e. HTML files) typically must reside beneath the document root
Server Name

Used in conjunction with DNS to route requests to the server

Location -- path configured to execute special application code (i.e. PHP programs)
- does not need to correspond to a real directory within the document root

What is a web service?

web service: software functionality that can be invoked through the internet using common protocols

like a remote function you can call by contacting a program on a web server
many web services accept parameters and produce results
can be written in PHP (or another language) and contacted by the browser in XHTML and/or Ajax code
service's output is often not HTML but rather text, JSON, XML, or other content types

Content ("MIME") types

MIME type	related file extension
text/plain	.txt
text/html	.html, .htm, ...
text/css	.css
text/javascript	.js
text/xml	.xml
image/gif	.gif
image/jpeg	.jpg, .jpeg
video/quicktime	.mov
application/octet-stream	.exe

Lists of MIME types: by type, by extension

Setting content type with `Response.ContentType`

Response.ContentType = "text/javascript"

by default, a C# page's output is assumed to be HTML
use the Response.ContentType function to specify non-HTML output
- must appear before any other output generated by the script

`Request.ServerVariables`

index	description	example
`Request.ServerVariables["SERVER_NAME"]`	name of this web server	`"math-cs.gordon.edu"`
`Request.ServerVariables["SERVER_ADDR"]`	IP address of web server	`"128.208.179.154"`
`Request.ServerVariables["REMOTE_HOST"]`	user's domain name	`"hsd1.wa.comcast.net"`
`Request.ServerVariables["REMOTE_ADDR"]`	user's IP address	`"57.170.55.93"`
`Request.ServerVariables["HTTP_USER_AGENT"]`	user's web browser	`"Mozilla/5.0 (Windows; ..."`
`Request.ServerVariables["HTTP_REFERER"]`	where user was before this page	`"http://www.google.com/"`
`Request.ServerVariables["REQUEST_METHOD"]`	HTTP method used to contact server	`"GET"` or `"POST"`

Reporting errors

how does a web service indicate an error to the client?
- error messages (print) are not ideal, because they could be confused for normal output

web service should return an HTTP "error code" to the browser, possibly followed by output

these are the codes you see in Firebug's console and in your Ajax request's .status property

HTTP code	Meaning
200	OK
301-303	page has moved (permanently or temporarily)
400	illegal request
403	you are forbidden to access this page
404	page not found
500	internal server error
complete list

Using headers for HTTP error codes

Response.StatusCode


	 I am not happy with the value of foo; this is an error
	Response.StatusCode = (int)HttpStatusCode.BadRequest

	Response.StatusCode = (int)HttpStatusCode.NotFound

Class Research Mini-topics on Web Servers

HTTP Methods
User agents
Server logs
Custom error pages
Web server parent and child processes

CPS 353: Internet Programming

HTML Forms, Basic HTTP, and more c#

CPS 353: Internet Programming

HTML Forms, Basic HTTP, and more c#

Marcos Elugardo

Gordon College

Last Modified: 09/23/2015

Agenda

Check-in

Form Basics

Web data

Query strings and parameters

HTML forms

HTML form: <form>

Form example

Form Controls

Form controls: <input>

Text fields: <input>

Text boxes: <textarea>

Checkboxes: <input>

Radio buttons: <input>

Text labels: <label>

Drop-down list: <select>, <option>

Using <select> for lists

Option groups: <optgroup>

Reset buttons

Common UI control errors

Hidden input parameters

Submit and other Buttons

Grouping input: <fieldset>, <legend>

Styling form controls

Submitting Data

Problems with submitting data

The value attribute

URL-encoding

Submitting data to a web server

Query parameters: Request.QueryString

HTTP GET vs. POST requests

GET Example: Exponents

GET Example: Print all parameters

Form POST example

GET or POST?

The Server.UrlEncode function

Processing Form Data in C#

"Superglobal" arrays

Uploading files

Processing an uploaded file in c#

Uploading details

Processing uploaded file, example

A form that submits to itself

Processing a self-submitted form

Web Server Basics

Popular Web Servers

Common Server Configuration Values

What is a web service?

Content ("MIME") types

Setting content type with Response.ContentType

Request.ServerVariables

Reporting errors

Using headers for HTTP error codes

Class Research Mini-topics on Web Servers

Milestone 3

HTML form: `<form>`

Form controls: `<input>`

Text fields: `<input>`

Text boxes: `<textarea>`

Checkboxes: `<input>`

Radio buttons: `<input>`

Text labels: `<label>`

Drop-down list: `<select>`, `<option>`

Using `<select>` for lists

Option groups: `<optgroup>`

Grouping input: `<fieldset>`, `<legend>`

The `value` attribute

Query parameters: `Request.QueryString`

HTTP `GET` vs. `POST` requests

The `Server.UrlEncode` function

Setting content type with `Response.ContentType`

`Request.ServerVariables`