Unit 6

XML and Server-Side Scripting with PHP

Markup Languages: XHTML

 Extensible HyperText Markup Language (XHTML) is part of the family of

XML markup languages which is the extended versions of the widely used
HyperText Markup Language (HTML).
 It is the language in which Web pages are formulated.
 XHTML. Filename extension. .xhtml, .xht, .xml, .html, .htm.
 XHTML was developed to make HTML more extensible and flexible to
work with other data formats (such as XML).
 In addition, browsers ignore errors in HTML pages, and try to display the
website even if it has some errors in the markup.
 HTML and XHTML are both markup languages used for creating and
displaying web pages.
 The main difference between them is the syntax and structure.
 HTML is more lenient in its syntax, while XHTML has a more strict syntax
and follows XML rules.
 The primary goal of XHTML is to create a stricter way to develop websites
consistently and with interest.
 XHTML works by allowing you to write standard HTML using the strict
guidelines of the XML format.

Advantages of XHTML
 XHTML allows you to define and use your own tags.
 It follows the standards of XML, making it portable.
 XHTML is easier to maintain as the rules are clear.
 It is easy to upgrade the documents.
 XHTML is sustainable.
 XHTML has closing tags, making it advantageous for beginners.

Disadvantages of XHTML against HTML

 As XHTML is not backward compatible with older versions of HTML,

some web browsers may be unable to display its documents correctly.
Java Servlets Architecture

 Servlet is one of the server-side programming language which runs on Java

enabled server.
 It is used to develop web based applications.
 As it is built on Java platform, servlet is fully compatible with Java classes
and interfaces.

What Are Servlets?

 Servlets are used to develop dynamic web applications.

 Servlets are nothing but the Java programs which reside on the server side
and their main purpose is to serve the client request.
 Servlets are fully compatible with Java.
 We can use any of the available Java APIs like JDBC inside the servlets.
 As servlets are written in Java, they are platform independent, robust, and
secured.
 In Servlets, a thread is created for each request unlike in CGI where a
process is created for each request.
 Hence, servlets give better performance than CGI.
 Servlets are protocol independent. i.e. they support FTP, SMTP, HTTP etc.
protocols.

 Step 1 : Client i.e. web browser sends the request to the web server.
  Step 2 : Web server receives the request and sends it to the servlet container.
Servlet container is also called web container or servlet engine. It is
responsible for handling the life of a servlet.
 Step 3 : Servlet container understands the request’s URL and calls the
particular servlet. Actually, it creates a thread for execution of that servlet. If
there are multiple requests for the same servlet, then for each request, one
thread will be created.
 Step 4 : Servlet processes the request object and prepares response object
after interacting with the database or performing any other operations and
sends the response object back to the web server.
 Step 5 : Then web server sends the response back to the client.

Advantages Of Servlets :
 As servlets support all protocols like FTP, SMTP, HTTP etc. they can be
used to develop any kind of web applications like E-commerce, Content
management systems, chat based or file based web applications etc.
 As servlets are fully compatible with Java, you can make use of wide range
of available Java APIs inside the servlets.
 As servlets are written in Java, you can extend them according to your
requirements.
 As servlets are compiled into bytecodes, they are faster than any other
server-side scripting languages.

Disadvantages Of Servlets :
 Designing a servlet can be pretty difficult.
 Exceptions need to be handled while designing a servlet.
 Developers may need additional skills to program a servlet.
 The web container maintains the life cycle of a servlet instance.
 life cycle of the servlet as follows:
 Servlet class is loaded.
 Servlet instance is created.
 init method is invoked.
 service method is invoked.
 destroy method is invoked.
Java Servlets Life Cycle

1) Servlet class is loaded

 The classloader is responsible to load the servlet class. The servlet class is
loaded when the first request for the servlet is received by the web container.
2) Servlet instance is created
 The web container creates the instance of a servlet after loading the servlet
class. The servlet instance is created only once in the servlet life cycle.
3) init method is invoked
 The web container calls the init method only once after creating the servlet
instance. The init method is used to initialize the servlet. It is the life cycle
method of the javax.servlet.Servlet interface.
4) service method is invoked
 The web container calls the service method each time when request for the
servlet is received. If servlet is not initialized, it follows the first three steps
as described above then calls the service method. If servlet is initialized, it
calls the service method. Notice that servlet is initialized only once.
5) destroy method is invoked
 The web container calls the destroy method before removing the servlet
instance from the service.
 It gives the servlet an opportunity to clean up any resource for example
memory, thread etc.

Cookies in Java Servlets

 A cookie is a small piece of information that is carry on between the
multiple client requests.
  A cookie has a name, a single value, and optional attributes such as a
comment, path and domain qualifiers, a maximum age, and a version
number.
How Cookie works
 By default, each request is considered as a new request.
 In cookies technique, we add cookie with response from the servlet.
 So cookie is stored in the cache of the browser.
 After that if request is sent by the user, cookie is added with request by
default.
 Thus, we recognize the user as the old user.

Types of Cookie
 There are 2 types of cookies in servlets.
Non-persistent cookie
Persistent cookie
1. Non-persistent cookie
 It is valid for single session only.
 It is removed each time when user closes the browser.
2. Persistent cookie
3. It is valid for multiple session .
4. It is not removed each time when user closes the browser.
5. It is removed only if user logout or signout.

Advantage of Cookies
6. Simplest technique of maintaining the state.
7. Cookies are maintained at client side.
Disadvantage of Cookies
8. It will not work if cookie is disabled from the browser.
9. Only textual information can be set in Cookie object.

Difference between Server-side Scripting and Client-side Scripting

What is Server-side Scripting?
Server-side scripting is a programming technique for creating code that may run
software on the server side. In other words, server-side scripting is any scripting
method that may operate on a web server. At the server end, actions such as
website customization, dynamic changes in website content, response creation to
user requests, database access, and many more are carried out.

Server-side scripting creates a communication channel between a server and a

client. Previously, CGI (Common Gateway Interface) scripts were used to
implement server-side scripting, and CGI was created to execute scripts written in
computer languages such as C++ or Perl on websites.

The server-side is made up of three parts: the database, the server, the APIs, and
the backend web software written in the server-side scripting language. When a
browser requests a page with server-side scripting, the web server evaluates the
script before delivering the page to the browser. In this case, script processing may
entail collecting information from a database, performing simple computations, or
selecting the relevant material to be shown on the client end. The output is
provided to the web browser when the script is processed. The web server hides the
scripts from the end user until the content is delivered, making the data and source
code safer.

Server-side scripting languages

There are various server-side scripting languages. Some main server-side scripting
languages are as follows:

Python

It is an open-source language that is very powerful and easy to learn. It is suitable

for beginners because it is simple to learn and read. It is believed to be used by
Google and YouTube. It is a OOPs language with dynamic typing and data
structures. It has grown to be one of the most popular languages for both quick
application development and web development.

PHP

It is an open-source server-side scripting programming language mainly designed

for web apps and is the most utilized scripting language. It allows you to retrieve
and manipulate data from a database and is utilized along with SQL to query the
database. It is a fast and simple language to learn and develop, and Facebook,
Wikipedia, and WordPress utilize it.

Ruby

It is a free and open-source programming language that was developed and firstly
introduced in the early 1990s. It is a dynamic language that is simple to read and
write and an OOPs language that is interpreted as it runs. It has evolved
continuously since its development and is one of the most utilized web
development languages.

Features of Server-side Scripting

There are various features of server-side scripting. Some main features of the
server-side scripting are as follows:

1. It is connected with data access, error handling, and data processing speed.
2. It is processed and interacts with the server.
3. Using a highly integrated programming language makes it more secure than
client-side scripting.

What is Client-side Scripting?

Client-side scripting generates code that may be executed on the client end
without needing server-side processing. These scripts are typically embedded into
HTML text. Client-side scripting may be utilized to check the user's form for
problems before submitting it and to change the content based on the user input.
The web needs three components to function: client, database, and server.

The client-side scripting may significantly reduce server demand. It is intended to

be utilized as a scripting language with a web browser as the host program.
The HTML and CSS are delivered as plain text when a user uses a browser to
request a webpage from the server, and the browser understands and renders the
web content at the client end.

Client-side Scripting Languages

There are various client-side scripting languages. Some main client-side scripting
languages are as follows:

HTML

It is not a scripting language; it is a markup language. However, it serves as the

basic language for client-side web development, also referred to as front-end. The
presence of hypertext on a page denotes its hyperlinks. The markup language uses
tags to define the structure and layout. It is a programming language that is mainly
used to design a web page's structure and layout.

CSS
CSS is an abbreviation for Cascading Style Sheets. It provides a technique for
creating graphic elements that help a web application's appearance look more
appealing. A style tag in a web page defines all the specifics regarding the web
page's presentation, including its border styles, image styles, colour, font styles,
borders, format, font size, margins, padding, etc.

JavaScript

It is a client-side scripting language designed for a specific purpose, but several

JavaScript frameworks are already utilized as server-side scripting technologies.
VBScript

VBScript is based on Visual Basic, which was created by Microsoft in 1996. It is a

scripting programming language that is lightweight, fast, and easy to learn. It is not
a OOPs language but is similar to JavaScript.

Features of Client-side Scripting

There are various features of client-side scripting. Some main features of the
client-side scripting are as follows:

1. It is intended to execute code on which a web browser runs, and the results
of the inputs are delivered to an accessible user.
2. Client-side scripting enables greater involvement with clients via the browser and is used to
validate programs and functionality based on the request.
3. The client does not include any contact with the server in client-side scripting; the only
interaction is receiving the requested data

Main Differences between the Server-side scripting and Client-side

scripting
1. Server-side scripting is utilized in the backend when the source code is
invisible or hidden on the client side. In contrast, client-side scripting is
utilized at the front end, which users may access via the browser.
2. The files are inaccessible to the client-side script. In contrast, the server-side
script has access to the files on the web server.
3. Server-side scripting is very useful for personalizing web pages and
implementing dynamic updates to websites. In contrast, the client-side script
may effectively minimize the load on the server.
4. The client-side script responds faster than the server-side script.
5. Client-side scripting is less secure than server-side scripting due to the
server-side scripts are commonly concealed from the client end. In contrast,
the client-side scripts are exposed to users.
6. The client-side script is run on a local computer. In contrast, the server-side
script is run on a remote machine.
 7. The client-side programming languages are HTML, CSS, and JavaScript.
In contrast, server-side scripting programming languages, including PHP,
ColdFusion, Python, ASP.net, Java, C++, Ruby, C#,
8. A server-side script communicates with the server when it is executed. In
contrast, Client-side scripting doesn't need server involvement.
9. The script on the client side lacks security. However, the server-side script is
protected.
10. The client-side script is dependent on the user's browser version. In contrast,
the Server-side doesn't depend on the client.

What is concurrency in Servlet?

Concurrency in a servlet refers to the ability of a program to execute multiple tasks
simultaneously. It's a crucial aspect of modern applications, allowing for smoother
user experiences and optimal resource utilization.

Here are some details about concurrency:

Definition

Concurrency is the simultaneous execution of multiple tasks or processes, either

using the same or different resources.

Benefits

Concurrency enables the efficient utilization of system resources and can improve
the overall performance and responsiveness of the application.

Multithreading

In a multithreaded process on a single processor, the processor can switch

execution resources between threads, resulting in concurrent execution.

SIP Servlet
A SIP Servlet application can specify the required level of concurrency control.
A Java servlet container or web server is multithreaded and multiple requests to the
same servlet may be executed at the same time. Therefore, we need to take
concurrency into consideration while writing servlet.

As we discussed earlier that one and only one instance of Servlet gets created and
for every new request , Servlet Container spawn a new thread to execute doGet() or
doPost() methof of a servlet.

By default servlets are not thread safe and it is a responsibility of a servlet

developer to take care of it.

In this chapter we will discuss about concurrency in servlets and this is very
important concept so your attention is required.

Threads Overview

A thread is a lightweight process which has its own call stack and accesses shared
data of other threads in the same process (shares heap memory). Every thread has
its own memory cache.

When we say that a program is multithreaded, we mean that same instance of an

object spawns multiple threads and process this single instance of code.

This means that more than one sequential flow of control runs through the same
memory block.

So multiple threads execute a single instance of a program and therefore shares

instance variables and could possibly be attempting to read and write those shared
variable.

public class Counter

{
int counter=10;
public void doSomething()
 {
System.out.println(“Inital Counter = ” + counter);
counter ++;
System.out.println(“Post Increment Counter = ” + counter);
}
}

Now we execute two threads Thread1 and Thread2 to execute doSomething()

method. So it is possible that

Thread1 reads the value of counter which is 10

Displays the Inital Counter =10 and increment

Before actually Thread1 increments the counter another Thread1 increments the
counter which changed the value of counter to 11

Now Thread1 has value of counter as 10 which is stale now

This scenario is possible in multithreaded environment like servlets and it is

because instance variables are shared by all threads running in same instance.

Same can be the issue with the Servlets also.

Write Thread Safe Servlets

There are certain points which we should consider while writing servlets.

1. Service() , doGet(), doPost() or to be more generic doXXX() methods

should not update or modify instance variables as instance variables
are shared by all threads of same instance.
2. If you have a requirement which requires modification of instance
variable then do it in a synchronized block.
3. Above two rules are applicable for static variables also because they
are also shared.
4. Local variables are always thread safe.
5. The request and response objects are thread safe to use because new
instance of these are created for every request into your servlet, and
thus for every thread executing in your servlet.

Below are the two approaches to make the thread safe

a. Synchronized the block where you are modifying instance or static

variables.(refer below code snipped).

We recommend to synchronize the block where your code modifies the instance
variables instead of synchronizing complete method for the sake of performance.
 b. Single Thread Model –Implements SingleThreadModel interface to make
our thread single threaded which means only one thread will execute
service() or doXXX() method at a time. A single-threaded servlet is slower
under load because new requests must wait for a free instance in order to
proceed.

What is Generating Dynamic Content for servlet?

Servlets are simple Java programs that are helpful to create dynamic content
on the server side.
Servlets of two types:
1. Generic Servlets: These are Protocol independent
2. HTTP Servlets: These are protocol dependent

Client-server Architecture When a client Request dynamic content then the

server takes that request and gives it to a helper application called Web
container like Tomcat, glass fish, etc., Then Here comes Servlets into the
picture, in the web container we have Servlet(a simple Java program) which
takes the request from the client and generates corresponding dynamic
content(in the form of html page, video, images, JSON objects).

When we see the servlet life-cycle we have 3 stages:

1. Construction (which uses init () method)
2. Service (which uses the Service () method)
3. Destruction (which uses destruction()method)
Some of the packages used by any servlet program includes:
1. import java.io.PrintWriter;
2. import javax.Servlet.http.HttpServlet;
3. import javax.Servlet.http.HttpServletRequest;
4. import javax.Servlet.http.HttpServletResponse;

In the HTTP Protocol we use different methods includes:

1. Get
2. Post
3. Put
4. Delete
5. Options

Here doGet() and doPost() are the two common methods used for taking
requests and sending responses back to the server.

When we call the doGet() or doPost() methods first the Service() method is
called and then only the doGet() or doPost methods are called accordingly.
How Server side programming works. Explain in detail?

Server-side programming allows sites to restrict access to authorized users and

serve only the information that a user is permitted to see. Real-world examples
include social-networking sites which allow users to determine who can see the
content they post to the site, and whose content appears in their feed.

Server-side scripts are programs that run on a web server to generate dynamic
web pages, creating a unique experience for each user. These scripts form the
basic framework for back-end web development.

Every website splits into two parts: the front end and the back end. The front
end, or client-side component, contains all the visuals and buttons that help
you interact with the website.

The back end controls how each visual and button responds.

This scenario better explains how back-end web development works. When a
user visits a website, the front-end code sends a request to the back end for the
data it needs.
The back end then fetches the requested data from the database and sends it to
the front end. The front-end code then renders the data in the user’s browser.

The back end has several key components, each playing an important role in
how the site functions. They include the server, database, and web apps.

 The server is responsible for storing and delivering the website’s files.
Each time a user loads a webpage, their device sends a request to the
server for the files needed to display the page. The server then sends
the requested files to the user’s device, which assembles them into a
webpage and displays it to the user.
 Databases store all the data that a website needs, such as user
information, search history articles, and comments. The database might
be relational, like Oracle and Microsoft SQL Server, or cloud -based,
like Microsoft Azure and Amazon Web Services (AWS).
 Back-end web applications are codes written in back-end programming
language and are responsible for the functionality of a website. They
run on a web server to handle user authentication, database
management, and server-side rendering tasks. Understanding different
languages and software is a big part of web development.

Server-side code and databases

Now that we’ve explained how the back end contributes to making a functional
website, the next step is understanding the various microprocesses in back-end
web development.

Websites communicate with web servers via a uniform resource locator (URL),
which helps the site locate specific codes from the server. Every time a user
clicks a button on a website, it translates the command into a web address
before communicating with the server to retrieve relevant information.
The URL, or web address, has several parts, each narrowing the search on the
server.

 Protocol. This scheme tells how the computer will communicate with
the server over the internet. Web servers use the Hypertext Transfer
Protocol (HTTP), which allows computers worldwide to share
information over the internet. Many web servers add a Secure Socket
Layer (SSL) protocol to better secure the interaction by encrypting
each session.
 Domain. This part of the web address helps identify whic h server holds
the information the user requests. Usually, each domain registers under
the global Domain Name System (DNS), which helps the user’s
computer locate the host and location of the server.
 Pathname. This URL section contains the complete details about where
the file or webpage resides on the server.
The server may use various retrieval methods depending on the file type. It
uses the HTTP “GET” command to retrieve static resources like JavaScript,
CSS, images, .zip, .jar, and PDF files. Static resources are files that don’t
change, even after several requests. The server returns an error message if it
doesn’t find the file.

Dynamic resources allow changes in the response content based on user

behavior, interests, or preferences. In this case, the server decodes the request
and passes the information to the server-side code or web application.

It retrieves relevant data from the database, combines the Hypertext Markup
Language (HTML) templates, translates the message into an HTML page, and
transmits the message to the user.
Server-side script basics
Besides creating a personalized user experience, the server relies on the back -
end code to store login details, manage the source code, run relevant analyses
on user behavior, and control who has access to information in the database.

Highlighted below are several other functionalities of server-side scripts.

 Manage data in a database. To a large extent, the type of server-side

script you intend to use will determine how to build and manage the
database. It also helps control who has access to the data on the
database and distributes relevant data accordingly.
 Send and receive cookies. Server-side codes are essential for building
and sending cookies on the website. Cookies help improve the website
experience by storing data like logins and passwords.
 Encrypt and validate data. Encryption is especially important for
sensitive data, such as financial information or medical records.
Through data encryption and validation, back-end scripts help keep
information safe from unauthorized access and misuse.
 Run server-side code on a server embedded in the site’s code. When a
user enters a URL into their web browser, the browser sends a request
to the server for the specific page. The server then processes the
request and sends the HTML code for the page back to the user’s
browser.
 Build web apps unique for the database. Server-side codes allow users
to build web applications that interact with permanent back -end
storage, like databases, and process information from the server to
access the database—like a direct line from a user to a database.
 Create dynamic webpages. The code can generate the HTML code for
the response page based on user input or other conditions.
 Run on-call. Whether the web servers run an HTTP “GET” or “POST”
command, the back-end code helps process the data and send a
response.
 Build Application Programming Interfaces (APIs). The server-side
code is responsible for creating the API, a set of functions and
protocols that allow software programs to communicate with each
other.

Popular server-side programming languages

If you’re considering getting into programming, you may want to know more
about some of the most popular server-side programming languages. This
section explores some of the most popular back-end programming languages
and frameworks.

JavaScript

JavaScript enables you to dynamically update web content multimedia,

improve the website design, validate forms, detect browsers, create cookies,
and more. While it’s most common for client-side scripting, it’s also getting
more popular for back-end development as more people use frameworks like
Express.js and Nest.js.

Back-end programmers use JavaScript to build server-side applications that

power the web. They use various JavaScript frameworks to streamline the
development process and make it easier to build complex applications.
JavaScript is beginner-friendly, providing instant visual feedback with a
minimal amount of codes and a vast learning community.

According to StackOverflow's 2022 report, JavaScript is the most common

language among developers. There is also high demand for JavaScript
developers.

Here are some examples of companies that use JavaScript for their website’s
back end.

 Netflix
 Facebook
 Uber
 PayPal
Java

Java is a robust, object-oriented language with various features and

functionalities. Its syntax is similar to other popular programming languages
like C++ and JavaScript, making it easy to read, write, and understand. Being a
cross-platform language, it can run on various operating systems, including
macOS, Windows, and Linux.

Java is a popular language for mobile app development. It enables developers

to create robust, high-performance web applications. Web developers also use
it to create high-end web applications for rapidly scaling businesses.

Take a look at some examples of brands that use Java to power their back -end
system.
  Amazon
 eBay
 Spotify
 Pinterest
Python

Inspired by the ABC programming languages, Guido van Rossum created

Python in the 1990s to be an easy programming language to read and write.
It’s an open-source, object-oriented, high-level language with a dynamic type
system. It is also a versatile language that you can use in any operating system.

In addition, Python has features like data types and dynamic typing, making it
an excellent scripting language. Today, Python has become one of the most
popular programming languages in the world. Check out these major
organizations that use it.

 Google
 Reddit
 Dropbox
 The National Aeronautics and Space Administration (NASA)
PHP

Hypertext Preprocessor (PHP) is a general-purpose programming language

widely used to develop dynamic webpages. It began as a common gateway
interface CGI script for taking basic analysis on a website homepage.
However, it can now be embedded into HTML code or used with various web
frameworks to develop web applications.

PHP has many features that make it excellent for back-end web development.
It supports object-oriented programming, has a built-in development server,
and can be integrated with many databases. PHP also has a large community of
developers who contribute to the language, create helpful resources, and
develop extensions that add extra functionality.

Here are some popular websites powered by a PHP back-end system.

 Slack
 MailChimp
 Tumblr
 WordPress
Ruby

Ruby has gained popularity for its straightforward syntax and robust
functionality. It combines features of PHP and SQL-based databases, creating
a dynamic language focused on simplicity and productivity. Ruby is also
highly expressive and useful for writing concise and readable codes.

Those reasons and more make Ruby an excellent language for back-end
programming. It helps you write programs that are easy to understand and
maintain.

Several very large organizations that serve millions of people use Ruby-
powered websites.

 Twitter
 Hulu
 Airbnb
 GitHub

Popular server-side frameworks

Today’s developers use a few popular server-side frameworks. We highlight
some of the most popular and explore their features.

Ruby on Rails

Ruby on Rails is a web application framework written in the Ruby

programming language. It features a Model-View-Controller (MVC), which
provides default structures for a database, web service, and webpages. It
encourages and focuses on using web standards like JSON or XML for data
transfer and HTML, CSS, and JavaScript for display and user interfacing.

Rails is designed to make programming web applications easier by making

assumptions about what every developer needs to start. It includes everything
from the basic structure of a web application to the most advanced features.

Express.js

Express.js is a web application server framework for Node.js to design single -

page web applications and APIs. It’s the standard server framework for
Node.js and is hosted by many of the world’s largest web applications and
websites, including PayPal, Uber, and Instagram.
Express.js is a fast, lightweight, and modular server-side JavaScript framework
that enables programmers to create and deploy web applications quickly.
Express.js is also relatively easy to learn and use, making it a good choice for
developers of all experience levels.

Django

Django is a web framework designed to meet the needs of complex, database -

driven websites. Django is written in Python and has various features,
including an ORM system, a template engine, an admin panel, and an
extensive user guide. It also includes a powerful template engine that makes it
easy to create sophisticated layouts.

Flask

Flask is a microframework for Python that allows you to create web

applications quickly and easily. It contains numerous features, such as URL
routing, request dispatching, HTML templates, and support for unit testing.
Flask is also easy to extend, allowing back-end developers to create custom
extensions and plug-ins.

Laravel

Laravel is a PHP web application framework with expressive, elegant syntax.

Taylor Otwell designed it for web developers who need a simple and beautiful
toolkit to create full-featured web applications.

Laravel has several features, including a Command-Line Interface (CLI) tool

called Artisan, a convenient way to bootstrap your application’s database. In
addition, it features built-in error and exception handling, caching, and session
management.

Spring Boot

Spring Boot is one of the most popular Java frameworks for developing
microservices. It’s a lightweight framework with various features and
functionalities that make it easier to develop, deploy, and run microservices.

Some of Spring Boot’s key features include embedded servers, which make it
easy to deploy Spring Boot applications. Spring Boot can also automatically
configure itself based on the dependencies it detects in the project.