• Subject: RE: CGI Fact Finding Mission (Need Input)
  • From: "Stone, Brad V (TC OASIS)" <bvstone@xxxxxxxxxxxxxx>
  • Date: Wed, 17 Nov 1999 14:42:42 -0600

Whew! Lots of questions... I'll give em a shot below...

> 
> Now for the questions:
>       
>       What is the best approach to emulate or maintain "context
> sensitivity". Normally a CGI request is processed and the 
> server forgets all
> about you. How do I keep track of where the user is in the 
> registration
> process as it will undoubtedly be a multiple page process. 

You can use Persistent CGI.  But, I prefer to use my own method of
Persistence.  When a user signs on to the sight, I'll generate an "ID"
number and pop it into a cookie on their machine.  Then for each page I
retrieve the value of that cookie.  If it's not there, direct them to the
first page.  You could also pass this value as a Query String evironment
variable throughout the process and this would would just the same.


>       How do I encrypt data such as a pin number or social security
> number? 

I know there are encryption routines available.  I just got some code that I
am going to review that encrypts data for use in CGI programs.  I haven't
gotten a chance to look at it yet, but I'm guessing it's pretty cool.

> How do I get it out of StdIn? 

Use the QtmhRdStin API.  The main thing here is to make sure that for the
length of data parmater that you use the value retrieved from the
CONTENT_LENGTH environment variable or you will no doubt lose the value
during the QtmhCvtDB API of the last field on the form.  Just retrieve
CONTENT_LENGTH, convert the character value to numeric, and use that as the
length parm on the QtmhRdStin API.

> I also will have to 
> take payment via a
> credit card at some point.
> 

You will want to look into using SSL for this.  I haven't had the luxory yet
(I'm not too excited about it).  I'm sure there are others that can help.

>       Should I be writing a straight cgi program, or a main 
> server program
> and spawned server program?
> 

I have no clue what you mean by this.  CGI is just fine.

>       Has anyone used Persistent CGI?
>       

Some have.  There have also been a couple articles on Persistent CGI in
Midrange Computing (Ted Holt did one a few months ago) and NetJava Expert
had one as well.  The IBM Manuals also discuss how to do this.  Again, I
prefer to use my own method of Perstitance with cookies or Query String
Environment Variables.

>       Has anyone coded CGI with encryption?

I'm sure someone has.  Whether it's manual encryption or using SSL.  SSL
would be your best bet, I'm guessing.  Also, since you already mentioned you
have to take Credit Card Numbers, you will have to use it anyway.
 
> 
>       Can Java help me? We are an RPG shop and I don't want 
> to be the only
> one who knows Java. If I use Java do I have to purchase 
> something and where
> do I get started? Can Pearl help me?

If you're an RPG shop, don't take on a new project to learn Java, IMHO.
Javascript, though, you should learn and can learn on the way.  Learn Java
on your spare time (what's that?) and then later you may be able to
incorporate it.  I prefer not to try and learn something on mission critical
projects.  Perl, you won't need that if you're using RPG for CGI.

JavaScript is not Java.. that confuses people.  I could tell you
stories...heheh..

> 
>       I also had trouble with numeric fields in the data base 
> and matching
> up the form field. Is there a way to ensure numeric input in 
> a form field? 

You should verify the data in a form field that should be numeric with
Javascript.  There are a ton of JS routines out there that will do this
easily.  You will also want to look into a JS routine that strips trailing
blanks when doing low-level field verification with JS.  (Yes, JS plays a
very important role in a good internet app).


HTH!

Bradley V. Stone
BVS/Tools
http://www.bvstools.com

+---
| This is the Midrange System Mailing List!
| To submit a new message, send your mail to MIDRANGE-L@midrange.com.
| To subscribe to this list send email to MIDRANGE-L-SUB@midrange.com.
| To unsubscribe from this list send email to MIDRANGE-L-UNSUB@midrange.com.
| Questions should be directed to the list owner/operator: david@midrange.com
+---

This thread ...


Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2019 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].