MIT

Web Guide is no longer being maintained and the information on this page may be out of date. For assistance with managing course materials, please visit MIT's Stellar course management system.

Academic Web Page Creation Guide


Building Your Pages > Making Your Pages Interactive > Databases and the Web

Databases and the Web

Tying a database to a Web page provides a way to deliver interactive, dynamic, customized pages. Web interfaces to databases are, however, an advanced application and generally require good programming skill to create. Several approaches to creating database-driven Web pages are summarized below. If you decide this is definitely what you need, which approach is best will depend on the nature of the customization, the size of the database, the degree of interaction, and how dynamic the data needs to be. Each of these approaches require you to run your own Web server; you may also need to purchase commercial software.

FileMaker Pro

FileMaker Pro is a commercial database program which runs on Windows and Macintosh systems. It includes an integrated Web sever, and can be used to provide a Web interface to the database. One problem with Macintosh or Windows-based servers is their limitation on performance and disk space. Another problem with the Windows version is the instability of the underlying operating system. The computer should be on an uninterruptable power supply, and should be backed-up daily.

Perl

CGI scripts written in the Perl programming language can provide some database functionality using built-in Perl functions. If you want to hide the fact that you're using CGI scripts for your pages, you can configure an Apache Web server to run scripts in directories other than the usual "cgi-bin" and to use any file extension you want for your CGI scripts. The script can generate HTML dynamically, accessing specified files for the data that will be presented to the reader of the Web page.

PHP

PHP: Hypertext Preprocessor is a server-side, cross-platform scripting language for creating dynamic Web pages. PHP commands are embedded in the page's HTML (with a CGI script the HTML is embedded in the script commands). While PHP is not as general as Perl, it includes a wide range of function libraries, and is suitable for a wide range of tasks.

Perl or PHP and SQL Databases

Perl or PHP can be used with SQL database programs, such as the free mSQL or MySQL, or the commercial Oracle database. Both Perl and PHP provide basic database functionality which can be used to produce customized information for the user. When the database is large, or the database is also used for other applications, Perl or PHP functions may be used as the interface to the database. Such an interface can generate HTML and process form submissions, while the database program manages the data and provides quick access to it. When the data becomes extensive and the database files become very large, however, Perl and PHP programs may become too slow and difficult to manage.

Lotus

Lotus Notes and its Domino server can be used for dynamic content, but require a great deal of expertise to program and maintain.

WebObjects

WebObjects from Apple provides dynamic data access and content-generation for those willing to invest the time in learning and development.

Cautions About Databases and Web Pages

Database-driven Web pages provide flexiblity, but require work to create and manage -- and they involve great risks.

Be sure to backup data. Ideally, you would be able store the data on several separate disks and controllers, possibly on a RAID system (Redundant Arrays of Independent Drives — for more info, see a product brochure called Introduction to RAID). Anything less than this introduces the possibility of a failure and loss of data back to the last good backup. Backing up a database is not always simple, since the file on the disk may not be in a consistant state and could change during the transfer to the backup medium. The database programs have various approaches to solving this problem.

A large risk comes from those who access a database, either out of ignorance or maliciousness. Beware of denial of service, inaccurate or fake data, and captured passwords. Passwords for access should always be encrypted with SSL. Users may provide inaccurate information on the input form: think about how this could affect the usability of your database, and about how to remove bad data. Users may, accidentally or intentionally, fill in form fields with longer character or number strings than you intended: Can your software handle this gracefully? Denial of service is a difficult attack to prevent: Can a user request so much data or make so many requests in a short period of time that your server will fail to serve anyone else?

A good, detailed explanation of why you might want to build your web site is found in the book Philip and Alex's Guide to Web Publishing, the contents of which is available on the web at http://www.arsdigita.com/books/panda/.