|Keep It Simple, Stupid|
Writing CGI Applications with Perlby footpad (Monsignor)
|on Apr 12, 2001 at 00:45 UTC||Need Help??|
Item Description: An Introduction to Perl CGI scripting.
Review Synopsis: Wonderful introduction to CGI scripting with Perl, with security concerns and good practices showcased immediately. Nicely complements other respected titles.
Writing CGI Applications with Perl
Published: February 2001 by Addison-Wesley
If you've been around the Monastery for any length of time, you've probably noticed that we're pretty hard on books and tutorials designed to quickly teach you the basics of Perl CGI scripting. This happens because most titles repeat the same mistakes:
In short, most introductory Perl CGI titles fail because the authors fail to cover the most important elements: security, modules, effective design, and good Perl.
When defending these titles, supporters usually respond with something along the lines of, "We can't showcase the best practices because we want to keep the examples simple and we're writing for people who don't know how to program." When reviewing one of the least successful attempts to do so, Ovid offered an interesting challenge to writers of such materials,
"When we have a book that is specifically aimed at new programmers, what better time to teach them good habits?"
It seems Kevin Meltzer and Brent Michalski accepted this challenge when designing Writing CGI Applications with Perl (WCA, for short), for they quickly introduce and demonstrate the advice we often repeat when responding to CGI-related nodes posted by initiates and newbies alike. Some of the first topics discussed include:
All this takes place in forty pages. In that time, WCA answers many of the most common Perl CGI questions we see posted on a regular basis. (This isn't entirely surprising since one author is a member of our Order and other runs well-regarded Perl web site, sadly neglected of late.) Given the fact that most introductory titles don't even discuss many of these issues, this is pretty impressive.
WCA builds from there, borrowing a style similar to a certain columnist. Each chapter covers a specific topic and provides example scripts that are discussed line by line. In general, each chapter is devoted to building a useful framework for solving a common real-world need. Chapter 3, for example, discusses the environment and how to build a web client visitor log (so you can learn which browsers your visitors are actually using). When doing this, you learn how to:
All of this takes place in 22 pages.
You'd think that such density would be difficult to read. It's not. As noted earlier, each line is presented and discussed carefully, with appropriate references to other documentation as needed. In addition, chapters generally end by summarizing the major points, providing exercises to extend the scripts in useful ways, and complete listings of the scripts built during the chapter. As a result, those taking the time to enter and run the examples learn not only the basic topics, but are also exposed to new, interesting, and (perhaps most importantly) effective ways to use Perl.
This continues throughout the book. For example:
The authors have carefully selected 90% of the CGI applications that people want to build and then show skeletal solutions that can be expanded into more complete examples. Like the Monastery's inhabitants, WCA expects you to do some of your own thinking.
In short, this book gives you a very solid grounding with Perl, the best of CPAN, and CGI scripting techniques. It's example-driven, hands-on approach is very effective.
The book is not perfect, however.
As you might expect from the first printing of a new book (a 1.0 release, if you will), there are several typographic errors, especially in the earliest chapters. This is unfortunate, because these tend to detract from the confidence one has in the material. I expect these will be reduced or eliminated in future printings.
While the prose is generally effective and easy to read, there are a couple of tortured sections. For example, when describing why you should avoid manual decoding of CGI data, the authors say,
Writing your own decoding routines should only be done in limited situations, such as to learn more about CGIs and how they work or, if you know everything about how CGIs work, to write a streamlined routine that handles data better than CGI.pm.
It's an accurate statement, but horribly comma-spliced. It might be more effective as three separate sentences. (Yes, this is a nit, but remember that I've been a technical writer and these things tend to leap out at me.) Also, some of the writing could be made more active.
Granted, these are things that a good editor will likely pick up on. (Personally, I suspect these glitches are due, in part, to deadline constraints.)
There is, however, one problem that's not an editorial glitch. Chapter 7, Web-Based File Uploading, provides an excellent grounding with uploads, multi-part forms, MIME type handling and so forth. However, nowhere do the authors mention the upload() method, which the CGI documentation describes as the "recommended idiom,"
To be safe, use the upload() function (new in version 2.47). When called with the name of an upload field, upload() returns a filehandle, or undef if the parameter is not a valid filehandle.
Given the quality of the rest of the book, the fact that the upload() function isn't even discussed is a little startling. Again, I would hope that a future printing will correct this.
Given its popularity in our community, it seems appropriate to briefly compare WCA to O'Reilly's CGI Programming with Perl (the so called "Rat" book), a title we commonly recommend.
Given the fact that both books are trying to cover pretty much the same ground, it's clear that WCA's authors took care not to duplicate material Rat book provides in detail. For example, where Rat provides a thorough introduction to the CGI process, HTTP, and so on, WCA provides just the details you need to know to understand the examples in the book. As another example, WCA doesn't provide a web site search engine, presumably because Rat's Chapter 12 discusses the subject in depth.
(Personally, I found the lack of a web site search engine discussion disappointing. Rat's discussion is good, however, it's beginning to look a little long in the tooth and it would be nice to see an alternate point of view on the subject. To be fair, WCA does cover searching to some degree, though in the context of a SQL query.)
For some people, Rat's depth can be counter-productive. Earlier, for example, I noted where you feel like you're really learning productive skills right away in WCA. When reading the Rat book, I didn't get that feeling under well after page 100. (This isn't a criticism of Rat; it's just the way I felt while reading it.) Rat's detail is helpful, useful, and necessary. However, if you don't have the time to learn it at the moment, WCA's hands-on approach is just the ticket.
WCA also covers material that Rat doesn't. In Chapter 6, HTML Templates, the Rat book discusses HTML::Mason in a little more than half a page. WCA, on the other hand, devotes an entire Chapter on it, showing how you can use Mason to quickly and easily create a template driven web site.
WCA's examples complement other O'Reilly titles, such as Programming the Perl DBI, Mastering Regular Expressions, and so on. Again, WCA does not (and should not) replace these books; its examples help you see the trees in the forest of details.
It's clear that WCA's authors tried very carefully to avoid re-inventing wheels that other well respected titles have already nailed. Some duplicate coverage is to be expected, however, WCA manages to complement such efforts. This is a good thing, for you can see working applications and let the other titles to fill in the blanks.
WCA does (and should) replace other less successful titles, such as the less than stellar The CGI/Perl Cookbook (read that title again, please), Perl and CGI for the World Wide Web, and other wastes of time.
Be aware that WCA is not designed as a Perl tutorial, per sé. In fact, the author's clearly state, "This book will not teach you Perl." Those with no grounding in Perl should consider either Learning Perl or Learning Perl on Win32 (depending on your operating system background).
(Note: According to rumor, these last two titles will be combined in the Third Edition. If you're reading this much after its original post date, look for the combined title.)
I think, though, the authors give themselves too little credit. They carefully explain what they do. Again, there's great advantage and benefit to seeing good code in action.
Here's who I think can benefit from this book:
Here's the rub: If you can only afford one book, I have to recommend the Rat book for the following reasons; it's
Writing CGI Applications with Perl is an excellent tutorial for those wanting to quickly learn good (and secure) Perl CGI scripting and for those wanting to improve their skills. While it does not dethrone the Rat book as the defacto standard, it complements it nicely by providing different and well-designed examples of Perl in action. WCA should be the second Perl book you read, though you can use as your first if you're careful.
Final Score: 4 out of 5 camels, primarily due to editing.