Database Server Side Includes

AKA: the <ORACLE> tag

Quick Answers

Can I pass inputs into such a page?
Can I have more then one block in a page?
Can I do dynamic sql in my block?
How is Security Affected by this SSI feature?
How does OWASSI find the files?
What files does OWASSI process?

Have you ever had lots of static HTML files that you want to add just a little dynamic stuff to?

Say you wanted to add a hit counter to your page. Using the Oracle tag this is easy. Consider the following example:

	<html><head><title>Example</title></head>
	<body>
	
	<h1>Welcome Visitor
	<oracle>
	begin
   	for x in ( select hit_counter.nextval hitcnt from dual ) loop
   			htp.p( to_char(x.hitcnt,'999,999,999,999') );
   	end loop;
	end;
	</oracle>
	To My Page....</h1>
	
	blah blah blah blah blah.....
	</body>
	</html>

This would generate a page that looked like:

Welcome Visitor 100,021 To My Page.....
blah blah blah blah blah.....

Pretty easy. Now people who know HTML but aren't as adapt at PL/SQL can use our stuff too. Converting web.sql applications should be easier as well.

Can I pass inputs into such a page?

Yes you can. You will access them a little differently then if you were using straight stored procedures though. You will use bind variables insead of just pl/sql variable names. For example:

	<html><head><title>Example</title></head>
	<body>
	
	<h1>You Passed in
	<oracle>
	begin
		htp.bold( nvl(:n,'Nothing') );
	end;
	</oracle>
	To My Page....</h1>
	
	blah blah blah blah blah.....
	</body>
	</html>

In a file, accessed via the URL:

	http://yourHost/ows-bin/owassi/some_page.html?n=Hello+There

Will generate:

You Passed in Hello There To My Page
blah blah blah blah blah.....

Or accessed via the URL:

	http://yourHost/ows-bin/owassi/some_page.html

(note the lack of ?n=Hello+There) Will generate:

You Passed in Nothing To My Page
blah blah blah blah blah.....

So, the database server side include function will bind in a value for N if the URL supplies it, it will bind in NULL otherwise. This differs from the way OWA works in that OWA binds parms based on what is in the URL (eg: the second invocation without N would generate 'no such parameter list' error using OWA unless N was defaulted). Pages using database Server Side Includes will have all of their bind variables defaulted by NULL

Can I have more then one block in a page?

Yes you can. You can have as many blocks as you want. All bind variables are available to all blocks.

Can I do dynamic sql in my block

You you can. See the OWA Extensions found on this site under downloadable utilities for examples. It would look like this though:

<html><head><title>Example</title></head> <body> <th>Username</th><th>User Id</th><th>Created</th> <oracle> begin owa_sql.cells_from_query( :theQuery ); end; </oracle> </table> blah blah blah blah blah..... </body> </html> In a file, accessed with the URL:

	http://yourHost/ows-bin/owassi/some_page.html?theQuery=select+*+from+all_users

Would create an HTML table from the query "select * from all_users". You could of course build a query, pass in a query, get the query however you want.

How is Security Affected by this SSI feature

Positively in my opinion.

Using either OWA or this cartridge, you normally access data via stored procedures. Stored procedures get to data using the priviliges of the CREATOR of the procedure. If I can run the procedure and you can run the procedure, we both see the same outputs, unless the developer procedurally built in some logic that did different things for different users.

Using database server side includes though, we can fall back on normal grant 'select', 'update', 'insert', and 'delete' again. If I execute any of the above examples through a web agent that is using 'authentication' (eg: the authenticate = variable in the DBAUTH section of the svXXXX.app file includes my web agent) then the embedded pl/sql blocks will be compiled for that username, with their roles. It's the same security we are used to in FORMS or any other client/server tool.

How does OWASSI find the files?

The database server side include function will not be able to find a file if the web listener can't find it. We use the same mechanism they use to resolve virtual filenames to physical file names.

If you can access a file via:

	http://yourHost/x/y/z/somefile.sometype

Then you can access it via

	http://yourHost/ows-bin/owa/x/y/z/somefile.sometype

If the first URL fails, the second will as well. If the first one succeeds, the second one will as well.

Basically, you will still need to set up virtual directory mappings so that somefile.sometype may be located. Once yu have done that and restarted the web server, this cartridge will be able to find it as well.

What files does OWASSI process

We use the call "WRBGetReqMimeType()" to determine what mime type the web server thinks the request will be. The web server uses the filetype in the URL to determine the associated mime type. If the mime type of the document being requested is text/html, then OWASSI will open, read, and look for <ORACLE> tags. If the mime type of the requested document is not text/html, OWASSI will open, read and write straight back to the client the contents of the file without looking for any tags.