Week 15 - Server Side Includes, Other Scripting Techniques


There are a couple of bugs in some of the previous snippets of Perl code that we have reviewed.

The first is in a very early snippet of code I showed you which demonstrates how to decipher the query string and store form data in a %FORM hash. As discussed, one of the biggest chores with query strings is substituting + signs to spaces and converting the 2-digit, %-prefixed hex numbers into their ASCII equivalents. This is accomplished with the lines:

    $pair =~ tr/+/ /;
    $pair =~ s/%([\da-fA-F]{2})/pack "C", hex($1)/eg;

The problem is that I'm performing this conversion before I split up the pair into a key and a value around the equals sign. This really messes things up if the user entered an equals sign into one of the text fields in your HTML form. Big Problem. The fix is to split the pair into keys & values first and then apply the above regular expressions to both the key AND the value. I have fixed the example on the week13 notes.

The second is on last week's notes. In the example that read ice cream votes from a file there were two bugs: first, you can't do the line %hash = split /:\s*/, <STATS>; , you have to put it in a while loop to read all the entries. The other bug is in the foreach loop below. Originally, I had a loop that read: foreach ($flavor, $count) (each %stats) { ... and that doesn't work either, because you can't have two scalar variables that have values assigned to them in the opening of the foreach loop, only one. Please have a look at the fixed example .


Sometimes a full-blown CGI program is more work than you want to do to just display something simple like the current time or the last modification date of a file.

To provide a quick solution to tiny problems such as these, there is a server-based approach to displaying dynamic content called Server Side Includes (or just SSI for short). As the name would suggest, this is something that is executed on the server, not on the client.

HTML Documents that contain SSI directives are named with a .shtml suffix. SSI commands have the following format:

 <!--#command parameter="argument"--> 

As you've probably already guessed, SSI directives are placed inside comment tags for similar reasons that styles are: If there is a problem executing them, then nothing gets displayed.

Let's look at a few of these.


The echo command allows you to display the values of some special variables to the browser. You can use any of the CGI variables that we have already become familiar with seeing in the %ENV hash (i.e. REQUEST_METHOD, CONTENT_LENGTH, HTTP_ACCEPT, etc.). The following is a list of some additional SSI variables.

As an example, here is an SSI you could put at the bottom of an HTML file.

<p>Document: <!--#echo var="DOCUMENT_NAME"--> 
Last Modified On: <!--#echo var="LAST_MODIFIED"-->
Current Time: <!--#echo var="DATE_LOCAL"-->


Allows you to include the contents of another file inside your HTML file.

The most common use for this is to include a standard "header" (i.e. logo, navigation bar, etc.) and "footer" (i.e. copyright notice, page decorations, etc.)

The include directive takes one of two parameters.


 <!--#include file="header.html"--> 


A quick and dirty way to get the size of the specified file.


 <!--#fsize file="index.html"--> 


A quick and dirty way to get the last modification date of a specified file.


 <!--#flastmod file="index.html"--> 

Note: If you use the name of the current file as the parameter to the file= attribute, it is exactly the same as saying:

 <!--#echo var="LAST_MODIFIED"-->. 


Allows you to execute either a native executable or CGI program on the server.

The following two attributes are allowed.

Because the exec directive can present a large security risk, it is possible to enable all SSI directives except exec.


This directive modifies how SSI directives are processed. It takes the following parameters:


For an example of SSI in action, click here. This page is on Zonker so you can feel free to go nuts experimenting with this on your own.

Additional Documentation:

If you want to find out more about SSI, take a look at the W3C's Jigsaw Documentation on SSIs. (Jigsaw is the name of the open-source Web server that the W3C has developed as a reference implementation of the standards they write.)

Other Scripting Techniques

Building on the idea of SSI, a number of other embedded Web-programming languages have surfaced. By embedded, I mean the ability to put code inside an HTML file and have that code executed by the server before it reaches the client's browser.

In addition to scripting languages on the server-side, there are some scripting languages that are embedded in HTML and run on the client-side. These tend to be a little more graceful than Java applets because they are transferred as plain text--which is the medium that the Internet understands best.


4/20/99 - Initial Revision
4/22/99 - Added SSI Example.