Release 3.00
Mar 13, 2005
|
Sybernet / Supplied Software
Release 3.00 Mar 13, 2005 |
|
Sybernet is an application server: a software server that lets thin clients use applications and databases that are managed by the server. The application server handles all the application operations and connections for the clients. Sybernet can be used as a CGI or as an HTTP web server (or both).
The Oracle version of Sybernet uses OCI. The Sybase version uses Client-Library. Supported servers include Oracle9i and ASE 12.5. Supported platforms include Solaris and Mac OS X.
Object security in the database is controlled by the database, not Sybernet. You can execute a stored procedure because the DBA or owner of that object has granted you execute permission on that object. Other application servers log you in with an effective user ID, then log you back in as the owner of this database or schema. Internal tables then determine what applications you are allowed to execute. Sybernet does none of this and relies on the permissions granted to the username that logged into your database.
You can use digital certificates to authenticate users. You do this by placing Sybernet between an SSL web server and the database. The web server will pass either REMOTE_USER or CLIENT_CERT_SUBJECT_E. The former is their authenticated username. The latter represents the user's e-mail address and causes Sybernet to look up their username in your LDAP server.
The following list of reserved words are known internally to Sybernet. Some are read-only (meaning you can interrogate their value, but you can't assign them); some are write-only (meaning you can set their value, but you can't interrogate them); and others are both readable and writeable (meaning you can assign or interrogate their value).
| Name | Description |
|---|---|
PROCEDURE |
The name of the stored procedure to invoke (write-only). |
USERCODE |
The Login Name (read-write). |
PASSWORD |
The password (write-only). |
HOSTNAME |
The hostname of the Sybase dataserver or Oracle instance (read-write). |
FORMAT |
Type of formatting to perform on result set (read-write). |
DIRECT |
The Direct argument in a URL (read-only) |
SEARCH |
Arguments to the URL after a ? (read-only) |
METHOD |
Tells whether GET or POST was specified (read-only). |
ADDRESS |
Name or IP address of the client (read-only). |
| Optional E-Mail address of this document (read-write). | |
SERVERNAME |
Name or IP address of this server (read-only). |
SERVERPORT |
TCP/IP port number being used by this server (read-only). |
SCRIPTNAME |
Optional filename of this document (read-write). |
REFERRER |
The URL of the page referencing this document (read-only). |
CLIENT |
he name and version of the WWW Client software (read-only). |
CONTENTTYPE |
MIME content type (read-write). |
DATABASE |
Performs an implicit USE database statement in Sybase (read-write). |
PROCESSNAME |
The actual process name of the Sybernet CGI (read-only). |
COOKIE |
NetScape Cookies (read-only). |
FILTER |
Sybernet preprocessor option ECHO or CGI (read-write). |
FROM |
Sender of message if EMAIL is specified (read-write). |
SUBJECT |
Subject of message if EMAIL is specified (read-write). |
FILLER |
Filler values are absorbed and do nothing (read-write). |
DISPOSITION |
Allows you to name an attachment. |
Disposition is a new reserved word that now allows you to "name" your attachments, be they sent via e-mail or sent to the browser. Prior to version 2.22, it was not possible to specify a filename for your Excel documents. The Disposition attribute now makes this possible.
You can now title your Excel documents, for example, by including the reserved word DISPOSITION. A typical example might resemble the following:
<INPUT TYPE=HIDDEN NAME=DISPOSITION VALUE='attachment; filename="labor.xls"'>
which causes your document to be titled
labor.xls
or as
<INPUT TYPE=HIDDEN NAME=DISPOSITION VALUE='inline'>
which causes the document to be displayed on your browser, assuming your browser understands how to interpret CONTENTTYPE.
DISPOSITION can also be used to determine whether or not e-mail is sent "inline" or as an attachment. In general, any contenttype that is not "text/html" nor "text/plain" is automatically included as an attachment. You can override this by explicitly specifying a DISPOSITION of inline.
Previous versions of Sybernet would use SCRIPTNAME as the name of your e-mail attachment. This feature is still retained, but using DISPOSITION is now the preferred method.
Sybernet recognizes the following tags. All but SEND_PARTIAL must include a matching end tag.
| Name | Description |
|---|---|
SEND_PARTIAL |
Flushes the output buffer in Sybernet. |
JSEncode |
Encodes a string so that JavaScript characters are escaped. |
URLEncode |
URI encodes a string. |
HTMLEncode |
Encodes a string so that HTML characters are escaped. |
HTTPEncode |
Encodes a string so that HTML characters are escaped. |
HEXEncode |
Translate ASCII characters to Hexadecimal (2 ASCII characters). |
ASCEncode |
Translates ASCII characters (2 ASCII characters representing Hexadecimal values) to Ascii. |
PICTURE |
description |
CLOAK |
Instructs Sybernet to ignore all encoding tags until it sees a terminating CLOAK tag. |
This encoding allows you to translate result set data to hexadecimal. It was added to allow you to build insert statements containing image data. Since text and image data must be the last column of a multi-column select, a cursor would be required to generate the correct insert statements:
declare pictures cursor for
select KEY
from http..HTTP_PICTURES
open pictures
fetch pictures into @KEY
while @@sqlstatus = 0
begin
select char(10) + 'insert HTTP_PICTURES'
, char(10) + '('
, char(10) + ' KEY'
, char(10) + ' PICTURE'
, char(10) + ')'
, char(10) + 'values'
, char(10) + '('
, char(10) + ' "' + @KEY + '"'
, char(10) + ' 0x'
, '<HEXEncode>'
, PICTURE
from HTTP_PICTURES
where KEY = @KEY
select '</HEXEncode>'
, char(10) + ')'
, char(10) + 'go'
fetch pictures into @KEY
end
close pictures
deallocate cursor pictures
This case-insensitive encoding allows you to format numeric or non-numeric data with a facility known as a picture clause. The picture clause consists of well defined picture characters that determine how the source is to be displayed. Characters not recognized in the picture clause are inserted inline without adjustment to the source pointer. The picture clause is part of the beginning picture tag. The source pointer is anything and everything between the beginning and ending picture tags.
The picture characters listed below perform the following action:
| Symbol | Action |
|---|---|
A | Copy next character from source pointer |
Q | Inserts an overpunch sign for the current source pointer. |
S | If a move with float has not ended, a blank is inserted if the number is positive and a dash if negative. |
X | The destination pointer is skipped forward one position. |
Z | A move numeric is performed with leading zeros replaced by blanks. |
9 | A move numeric is performed with leading zeros. |
. | A "." is inserted unconditionally and skip the source pointer if the two are equal. |
, | If a move with float has not ended, a blank is inserted. Otherwise, a comma is inserted. |
$ | Insert symbol at next non-zero. |
< | The source pointer is skipped in reverse (to the left) by one character. |
> | The source pointer is skipped forward (to the right) by one character. |
? | Any other character is copied to the destination pointer. |
Before we explore how the PICTURE tag is used, let us first address a common misconception about how data in Sybase is presented. Columns of type money or numeric values that are converted to type money contain commas at the correct position and two digits passed the decimal point. The question is who actually formats this data?
The answer is 2 and 3.
While it is possible to create a stored procedure that will insert commas at the proper location in a numeric value, the overhead required to do so is usually too limiting.
The PICTURE tag allows you to perform this function on any datatype as well as invent your own formatting without this extra overhead. Let's start with how numeric data can be formatted with this tag.
Money types can be achieved with the following picture clause:
select '<PICTURE ZZZ,ZZZ,ZZZ.ZZ>'
, 1234.5678
, '</PICTURE>'
which produces the following result:
1,234.56
If the number is signed (more precisely, if the number can be negative), you will want to include the sign character when the value is displayed:
select '<PICTURE SZZZ,ZZZ,ZZZ.ZZ>'
, -1234.56
, '</PICTURE>'
which produces
-1,234.56
The "S" picture character is said to "float" until the first non-blank character is inserted. Positive values cause a space to be inserted; negative values cause a minus sign (-) to be inserted. NOTE: If the "S" symbol occurs at the end of the numeric portion, a "+" is inserted if the number if positive and a "-" is inserted if the number if negative.
select '<PICTURE ZZZZZS>'
, 12345
, '<PICTURE>'
unconditionally inserts its sign at the end of the expression:
12345+
The "Z" picture character says to suppress leading zeros. The "9" picture character says to insert leading zeros:
select '<PICTURE 999,999,999.99>'
, 1234.56
, '</PICTURE>'
causes the following to be displayed:
000,001,234.56
The "$" picture character also "floats." Use this picture symbol to insert a dollar sign:
select '<PICTURE $SZZZ,ZZZ,ZZZ.ZZ>'
, 1234.56
, '</PICTURE>'
generate the following:
$1,234.56
As mentioned, Sybernet expects the source pointer (the part between the beginning and ending picture tags) to be either a number or not a number. If you attempt to mix both, the results may not be what you expect.
select '<PICTURE ZZZ,ZZZ,ZZZ.ZZAAAAA>'
, 1234.5678
, 'Hello'
, '</PICTURE>'
correctly suppresses the extra decimal digits and generates the following expression:
1,234.56Hello
Any picture symbol that doesn't have a specific meaning is inserted literally from the picture clause. The following example illustrates how you might format a social security number:
select '<PICTURE AAA-AA-AAAA>'
, 123456789
, '</PICTURE>'
and produces the following:
123-45-6789
A typical form request contains at least one reference to this reserved word. This is the name of your stored procedure. Everything else in your form is passed as a parameter to your stored procedure if it is not a Sybernet reserved word. URL requests work similarly except only one occurrence of PROCEDURE is allowed.
The ability to specify more than one occurrence of PROCEDURE in your form screen means a single form request can call several stored procedures, each with different parameters. Why would you do this? One reason is to allow your form request to handle multiple line items. Consider an HTML table where each row contains input fields. You want to submit the entire table and process each row separately. Without this ability you need a unique parameter name for each field which is not only inconvenient, but also impossible if the number of fields in this table exceed the limit allowed by your RDBMS. There is a pretty good example of Form Input and Line Items for Sybase in the original documentation for Sybernet.
What I like to do when processing line items is to put the entire process inside of <script> and </script> tags. This allows me to trap errors and display an alert if there is something I don't like with this line. But since there can be thousands of errors, we can also allow the user to cancel these alerts if we replace them with calls to confirm() instead. To do this, I need to know when the process has begun (so I can build the <script> tag) and when the process has ended (so I can build the </script> tag). Your form screen might look something like this:
<form method="POST" action="Sybernet.cgi">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROLOGUE">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROCESS">
<input type="TEXT" name="NAME" value="VALUE">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROCESS">
<input type="TEXT" name="NAME" value="VALUE">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROCESS">
<input type="TEXT" name="NAME" value="VALUE">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="EPILOGUE">
</form>
With this form our stored procedure can detect when the procedure is beginning (PROLOGUE), processing a row (PROCESS), or ending (EPILOGUE). Here's a crude example of what that procedure might look like:
create procedure SP_LINE_ITEMS(BUTTON IN VARCHAR2, NAME IN VARCHAR2)
is
begin
if (BUTTON = 'PROLOGUE') then
http.writeln
(
'<script>'
, 'var'
, ' confirmed = true'
, ' ;'
) ;
return;
end if;
if (BUTTON = 'PROCESS') then
begin
insert into LINE_ITEMS values (NAME);
return;
exception when others then
http.writeln
(
' if (confirmed)'
, ' confirmed=confirm("Oops!");'
) ;
return;
end;
end if;
if (BUTTON = 'EPILOGUE') then
http.writeln
(
' alert("Thank you");'
, '</script>'
) ;
return;
end if;
end SP_LINE_ITEMS;
As long as the user keeps clicking OK, the messages will persist. As soon as they click Cancel the messages will stop displaying.
If the above makes sense, you can also use this facility to process text files and images. The difference here is Sybernet takes care of calling your stored procedure for each line in your text file or (in the case of images) inserting this image into a table. This is accomplished by specifying an ENCTYPE of multipart/form-data in your form request. To upload a text file where each line is processed one at a time in your stored procedure, your form screen will resemble this:
<form method="POST" action="Sybernet.cgi" enctype="multipart/form-data">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROLOGUE">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROCESS">
<input type="FILE" name="NAME">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="EPILOGUE">
</form>
Images (or any document type) can be inserted directly into a table when PROCEDURE is not a procedure name, but the beginning of an insert statement. Any input fields between this procedure and the next procedure are also inserted into this table. This might be hidden fields or maybe the name of this image (or document).
<form method="POST" action="Sybernet.cgi" enctype="multipart/form-data">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="PROLOGUE">
<input type="HIDEEN" name="PROCEDURE" value="INSERT INTO HTTP.HTTP_PICTURES">
<input type="FILE" name="NAME">
<input type="HIDEEN" name="PROCEDURE" value="SP_LINE_ITEMS">
<input type="HIDDEN" name="BUTTON" value="EPILOGUE">
</form>
When uploading images, you probably don't need to detect when the process has begun (but you can if you wish), but you probably want to detect when the process has completed if for nothing else than to display a Thank You for submitting this image. If you're feeling bold, you could even display the image that was just submitted.
All form screens submitted to Sybernet limit the size of each post request. This is a configurable option in the Sybernet Utility that can be changed in real time without bringing down Sybernet. But if you exceed this limit, your request will be rejected.