Sheerpower can be used as a very powerful web scripting language. Sheerpower allows you to write simple to complex interactive web applications---fast---very fast!

Sheerpower web scripting programs produce dynamic webpages, and can be embedded into HTML code, similar to PHP, ASP and Perl languages.

Programs written in other languages can be called from a Sheerpower web scripting program (using the PASS statement Section 10.8), and the database capabilities are extremely powerful (Chapter 15, Data Table Statements).

The full power and simplicity of the entire Sheerpower language is available for use when web scripting.

Sheerpower Web Scripting: Immune to SQL Injection Attacks Sheerpower web scripting is immune to SQL injection attacks. This is because Sheerpower does not mix data and code when doing database operations. With Sheerpower, the data and the code are always separate and well defined---eliminating the possibility of SQL injection attack methods. For more on SQL injection attacks, see http://en.wikipedia.org/wiki/SQL_injection

19.0.1 Chapter Overview

This chapter assumes you have experience using HTML code to develop webpages. The content of this chapter is in the following format:

• Running two different sample script programs to get a feel for the output that can be generated, and how Sheerpower script programs are run using SPINS Webserver
• A breakdown of how the matrix.spsrc sample program works to generate identical browser results using either SCRIPT areas or CODE areas
• A breakdown of how the more advanced test.spsrc sample interactive web form application works
• Sections on all of the Sheerpower web scripting tags (with code examples), along with information on where script programs are saved and the steps to run them:
  
  • SCRIPT and CODE area tag syntax (including "short tags") ( Section 19.2)
  • displaying complex expression results ( Section 19.4.1)
  • embedding code into script areas using the %include directive ( Section 19.4.2)
  • using getsymbol$() to retrieve CGI environment symbols ( Section 19.4.3)
  • [[%persist]] to enhance the performance of your web application ( Section 19.5)
  • the [[%once]] tag used to cause specific code that you want to run only once per application instance. ( Section 19.5.1)
  • where script programs are located ( Section 19.6)
  • how to invoke a Sheerpower script program in the browser ( Section 19.6.1)

To see a Sheerpower Web Script program in action, follow the steps below to run the following example script program located in \Sheerpower\sphandlers\scripts\sp4gl\test.spsrc.

1. Start the SPINS_WEBSERVER (if not yet started) by clicking on the Windows Start menu and select Run. You can also click on the Windows logo key + "R" to open the Run window.
   Type the following path into the "Open" field:
   

   \sheerpower\sphandlers\spins_webserver.exe

   
   
   Then click on the OK button. SPINS_WEBSERVER will start up in a Command Prompt window.
   You can also start SPINS_WEBSERVER by double-clicking on the spins_webserver.exe program icon in the \sheerpower\sphandlers\ folder.
   
   

2. Open the Windows Run program again ("Start" menu, then select "Run" or press the Windows logo key + the "R" key) and type the following into the "Open" field:
   

   http://localhost/test.spsrc

   
   

The browser window will display the following form where a visitor can interactively search a database for information relating to a city name.

When the Submit button is pressed, the program retrieves the results and displays them in a table below the form.

19.1.2 Sample Matrix Web Script Program

Run the next sample web scripting program using the following steps:

1. Start the SPINS_WEBSERVER (if not yet started) by clicking on the Windows Start menu and select Run. Type the following path into the "Open" field:
   

   \sheerpower\sphandlers\spins_webserver.exe

   
   Then click on the OK button. SPINS_WEBSERVER will start up in a Command Prompt window.
   

2. Open the Windows Run program again ("Start" menu, then select "Run" or press the Windows logo key + "R") and type the following into the "Open" field:
   

   http://localhost/matrix.spsrc

This sample program creates a two identical Multiplication Tables displayed in a web browser window; one table is generated with a SCRIPT AREA, and the other is generated with a CODE AREA.

Next, in the browser address bar, change the URL to be:

http://localhost/matrix.spsrc?highvalue=25

This changes the multiplication tables to display 25 x 25 instead of the default 10 x 10 display. The program file is located in C:\Sheerpower\sphandlers\scripts\sp4gl\matrix.spsrc.

19.1.3 How the Matrix Sample Program Works

When you invoke matrix.spsrc with the browser, two identical multiplication tables are generated and displayed. The table on the left is generated by a SCRIPT AREA, and the table on the right is generated by a CODE AREA. We'll first take a look at how the Script Area works.

When writing a Sheerpower web scripting program it is important to note that you are always in either a SCRIPT area or a CODE area.

19.1.3.1 Script Area in MATRIX.SPSRC

In matrix.spsrc, the "Script Area" begins with HTML code to setup the table. Because neither the [[%script]] or [[%spcode]] tags were used to designate the area as script or code, SPINS Webserver sees the HTML code and outputs it directly to the browser, processing it as SCRIPT.

<h1><center>Multiplication Table<br>Written in SCRIPT</center></h1> <table border=2 cellpadding=5> <tr> <td>&nbsp;

The next lines illustrate how Sheerpower code can be embedded inside a Script Area to process and display in the webpage dynamically.

[[for j=1 to highvalue]] <td bgcolor=yellow align=right>[[j]] [[next j]]

To embed the Sheerpower code in a Script area, surround the code with the [[ ]] tags. SPINS Webserver sees the code between the [[ ]] tags and processes it accordingly.

The code above says tells SPINS Webserver to take the value of "j", display it inside a table cell, then increment the value of "j" by one and display the new value into the next table cell - until the value of "highvalue" is reached.

The following embedded Sheerpower code shows how to display the result of an evaluated expression:

<td align=right> [[=i*j]]

The "=" in front of the expression causes the result to be displayed in the browser. This is how the values of "i" and "j" are multiplied together to complete the multiplication table.

The complete Script Area used to create the multiplication table on the left side of the browser window is below:

Example 19-1 MATRIX.SPSRC Script Area

<h1><center>Multiplication Table<br>Written in SCRIPT</center></h1> <table border=2 cellpadding=5> <tr> <td>&nbsp; [[for j=1 to highvalue]] <td bgcolor=yellow align=right>[[j]] [[next j]] <tr> [[for i= 1 to highvalue]] <tr> <td bgcolor=yellow align=right> [[i]] [[for j=1 to highvalue]] <td align=right> [[=i*j]] [[next j]] [[next i]] </table>

19.1.3.2 Code Area in MATRIX.SPSRC

Next, let's look at the CODE Area used to generate the multiplication table displayed on the right side of the browser window.

[[ print '<td>' print '<h1><center>Multiplication Table<br>Written in CODE</center></h1>'

The first line with the short tag "[[" by itself begins the Code Area. This ended the previous Script Area. Note that the tag is on a line all by itself. Alternatively, the [[%spcode]] tag could have been used to end the Script Area as well.

The next lines in the Code Area are standard Sheerpower PRINT statements used to send the HTML code directly to the browser.

[[ print '<td>' print '<h1><center>Multiplication Table<br>Written in CODE</center></h1>'

Code used to perform the calculations required is written in standard Sheerpower code format. SPINS Webserver processes it, and the PRINT statements are used to display the results in the browser.

for j=1 to highvalue print '<td bgcolor=yellow align=right>'; j; next j

After the last PRINT statement, the ending tag ]] is used on a line all by itself to signify the end of the Code Area:

print '</table>' ]]

The complete Code Area used to generate the multiplication table displayed on the right side of the browser window is below:

Example 19-2 Matrix.spsrc Code Area

[[ print '<td>' print '<h1><center>Multiplication Table<br>Written in CODE</center></h1>' print '<table border=2 cellpadding=5>' print '<tr>' print '<td>&nbsp;' for j=1 to highvalue print '<td bgcolor=yellow align=right>'; j; next j print '<tr>' for i= 1 to highvalue print '<tr>' print '<td bgcolor=yellow align=right>'; i for j=1 to highvalue print '<td align=right>'; i*j next j next i print '</table>' ]]