Coding 101 26 (Transcript)

Shannon Morse:  Today on Coding 101, oh my glob, we are talking about some Perl GET form.

Netcasts you love.  From people you trust.  This is TWiT!  Bandwidth for Coding 101 is provided by Cachefly at c-a-c-h-e-f-l-y.com.  

Father Robert Ballecer, SJ:  Coding 101 is brought to you by hover.com.  Hover is the best way to buy and manage domain names.  It's simple, honest, and easy to use.  For 10% off of your first purchase go to hover.com and enter the promo code C1017. 

Fr. Robert:  Welcome to Coding 101.  It's the TWiT show where we let you into the world of the code monkey.  I'm Father Robert Ballecer.

Shannon:  And I am Shannon Morse.  And for the next 30 minutes we are going to get you all learneded up and everything that you need to know to be a Perl code warrior.

Fr. Robert:  That's right.  We, thankfully, got past RedJacks.  We put regular expressions in the back, people were figuring it out, and we got to something really, really practical and really, really useful.  That is how do you dynamically generate webpages with Perl; very useful.

Shannon:  So there is a lot more advanced information about this other than just knowing Perl code.  You also have to know how to set up your own web hosting.  You have to make sure that it accepts Perl code and that it translates correctly to the client whenever they open up the webpage.  It's tough.

Fr. Robert:  One of the things that people were asking was well how come we didn't show people what CGI was and how do you set up your webpage.  It's going to differ depending on what hosting provider you use.  In fact, we had a very nice demo all set up and our hosting provider took a dump about 20 minutes ago.  Thank you 1and1.  You took a very wonderful demonstration and just kind of ripped it apart.  But yes, you are going to have to do a little bit of extra work to get these scripts running.  I'm sure any hosting provider will have a detailed FAQ on how you get CGI working on your site.

Shannon:  So what do you say we get started with some Snubs Compiled?  Whew!

Fr. Robert:  I like that.  I'm big on Compiled.

Shannon:  So first off I want to show you our Google+ Community Viewer submission.  This one is from Joe.  I pulled it up over here, and this is over in Google+.  It's plus.google.com/twitcoding101 if you want to join.  He just decided to send over a dynamic webpage that uses regular expressions to determine which browser you have.  So he already linked us to his example so we didn't have to put it on our own web hosting service.  It just says "What browser are you using?  Welcome.  Local Server." and then "You appear to be using Chrome."  Now, if I hit view source right here, you will see that all we see is the HTML.  But he has also sent us the code.  So if I open up his code right here, and I will maximize that, there we go.  Okay, so you can see that he has Perl code in here.  He tells it that it's going to be HTML, and then you scroll down and you see that it tries to figure out what kind of browser that you are running.  Now, of course, this is a little bit advanced.  He's using this dollar $agent thing right here.

Fr. Robert:  Right, right.

Shannon:  And then he closes it out with </BODY></HTML>.

Fr. Robert:  Right, but this is actually a really good example of server side scripting versus client side scripting because if it was client side scripted you would actually see the code in the page displayed in your browser.  Instead you see what runs on the server not the final product that gets delivered to your browser.

Shannon:  And it works yay!

Fr. Robert:  It works.

Shannon:  So thank you Joe for sending that over.  I also had an example for you as well.  Let me go find this real quick.  Here's my code, and where did I put it?  I think it's over here.  Ah ha, here we go.  So in my example all it says is "Welcome to Coding 101!  Watch our show at this page!"  You can click on the page and it goes to our TWiT Coding 101 website.  Now, if I view source for this all you see again is just the HTML, so I wrote out "Welcome to Coding 101!" and I made a little href link right here for Coding 101, this page, and a couple of different font types.  I guess I could have added a little bracket right here to make it enter onto a new line.

Fr. Robert:  If you wanted to.

Shannon:  BR, yay, and then /body /html.  Now if I go into my code as well, and I think I pull it up right here.  So very, very simple code, Perl code, content-type is text/html, and then we have down here the actual html.

Fr. Robert:  Right, and again a really good description, and a really good example of server side versus client side scripting.  This is one of the things that we tried to drill in to the audience in the last episode.  That is if it is going to be client side more likely than not you will actually see the actual scripting code inside the browser.  That means it's executing on your computer.  In your example we needed to have server that was set up properly, which is why it was horrible that 1on1 decided to die before the show.

Shannon:  We ended up putting it on one of Patrick's servers instead.

Fr. Robert:  Yeah, we had to drop it on Patrick's.  But it gets executed on the remote side and all you get is the finished product and, of course, you should be able to see the pros and the cons of doing it either way.  If it's on the client computer you have access to more things than you would if it was server side, but if its server side it also means you typically have a bit more security because they don't have to see any of the scripting code.  They just see the finished product.  

Shannon:  If you guys are confused about this watch last week's episode of Coding 101.  Patrick showed us examples of both with html as well as just with Perl code so that you can see the differences in the sources.

Fr. Robert:  Absolutely, yeah.  Now we are going to be getting into forms.  Forms in html have been around since html has been around.  Normally they are kind of ugly, right?  

Shannon:  That's true.

Fr. Robert:  Type this and hit this.  But forms are one of those basic ways to get information from the user.  Just like we would have user input inside of an actual compiled program on your computer.

Shannon:  You see forms on any site you go to these days.

Fr. Robert:  Right, exactly, exactly.  It's a basic part of coding for the web.  However, we can combine forms from html with a few things in Perl to give us dynamically generated pages depending on what a user has inputted.

Shannon:  Oh, really?

Fr. Robert:  We are going to show you how to do that, but first let’s take a break.  I want to talk a little about, oh, I don't know, domain hosting.

Shannon:  Well, I think we have a pretty good one that you could check out.

Fr. Robert:  We do.  We've got a vendor here.  We've got a sponsor of Coding 101 that has been around for years.  In fact, their name is almost synonymous with the early web, and that's Hover.  You may say, well Padre, I don't remember Hover.  But you do remember Tucows.  Tucows was one of those repositories, one of those sources of data, of information, that grew up with the web.  When you have a great idea you want to secure a domain name for it.  You want something catchy and something memorable to represent your online identity.  Well Hover gives you exactly what you need to get the job done.  You will find the perfect domain for your idea so that you can get started working on it right away.  Right now Hover is having a sale on all new domain extensions through September 1st.  The sale is for new and existing customers.  Summer is the perfect time to start a new project, and every single new domain is deeply discounted with Hover so you can chose whatever you like, .club, .ninja, .guru, .just about anything.  Now people love Hover; geeks, designers, developers, and programmers because they know that they will have the best tools and support for their domains.  You don't have to be an expert to get a domain.  The service is really simple enough.  Now Hover takes all of the hassle and the friction out of registering your domain.  It gives you an easy to use powerful interface to manage your domain so that anyone can do it.  You can get the perfect domain name and start building your web presence right away.  All you have to do is search for a few keywords, and Hover will show you the best available options and suggestions.  In fact, right now Hover is a clean and simple website, and what you can see Brian doing is scanning through some domains that he may want for his nom de plume as the Cranky Hippo.  Now, in less than 5 minutes you can find the domain that you want and get it up and running.  That's what they are all about.  They also offer a valet transfer service to make the process painless.  For free Hover will take care of the entire process of transferring your domain and let you know when your domains are settled in your Hover account.  They will transfer all of those DNF settings.  No matter how many domain names you have it's no additional cost.  So if you are just fed up with your domain host, right now your domain registrar, use Hover.  They will take care of all of that back stuff and get you to your domain bliss.  Now here's the big thing for me.  Hover is honest.  They don't believe in heavy handed upselling.  They include everything you need with your domain, no more and no less.  They also include a custom email.  You will get a smart control panel so that you can do what you want with your domains plus OS privacy is included free on every domain that supports it.  Now if you ever need it Hover has the best customer support around.  It's known for its no wait, no hold, and no transfer phone service.  When you call a real person is ready to help.   Right now they are offering volume discounts.  They will give you a discount on your domain renewals starting at just 10 domains and then going up in value from there.  The idea is the more domains you have in your account, the less you have to pay to renew them.  So here is what we want you to do.  We want you to visit Hover today to register your domain.  For 10% off your first purchase take advantage of their summer sale by going to hover.com and using their promo code C1017.  We thank Hover for their support of Coding 101.

Now, Shannon, I want to talk a little bit about GET.

Shannon:  GET.  

Fr. Robert:  GET.

Shannon:   I know some GET.  Well, mine is more Linux.

Fr. Robert:  GOT.  It's a little Linuxy GET.  So when we talk about forms we are basically talking about stuff like this, so if you go ahead and switch over to my computer.  In fact let me change the format here so that it's not so small because I know that people have really bad eyes.  So this is the simplest form of what a form looks like in html.

Shannon:  I remember doing this in the 90's.

Padre:  Right, you are opening and closing html and body tags, and then form.  So it's just another html command.  Form method=GET action= and then you have the input name and the input type.  That gives you a button, right?  We are going to show you exactly what goes into that.  Brian if you come back to me.  When we talk about html forms we really are talking about 2 different possibilities of getting information from the user.  One is called a GET.

Shannon:  GET.  And the second one is POST?

Fr. Robert:  POST, exactly.  We are only going to be talking about GET today.  So we are going to limit it to GET.  Next week we will talk a little bit about post because they are different.  They kind of interchange a lot of the characteristics.  The main thing to remember about GET is all it does is it takes whatever the user has entered and appends it to the URL.  

Shannon:  Oh, that sounds pretty simple.

Fr. Robert:  Fairly simple.  For example if you are using GET on a form and inside of its little action URL you have the techstop.net it is going to add to the end of the techstop.net whatever the user has entered and that gives you a new URL.  

Shannon:  Easy.

Fr. Robert:  Really easy.  We will show you why you would want to do that, but it's a very specific type.  It's very useful.  Now what we want to do is we want to use GET to somehow get data from the user from a form and then push it through Perl so that Perl can do whatever you want Perl to do with it.

Shannon:  So this is where Perl comes into play.

Fr. Robert:  This is where Perl comes into play.  This is where Perl can do some dynamically generated webpage magic.

Shannon:  Okay, how does it do that?

Fr. Robert:  Let me show you how this works.  So, for example, we are going to go back to my computer.  This right here, this webpage is actually a result of this code.  So this code has generated that.  Very simple, all it does is that I've got "Name?" and I've got a button below it.  And if I go to the browser I've got "Name?" and the button below it.  This is the name of the bunny, so I'm going to put Roger.  Roger is the name of my bunny.  And I click "Submit".  Watch the address bar right here.  It's giving me an error because the page doesn't exist.

Shannon:  Bunny name.

Fr. Robert:  But, see, it just appended "Bunny Name=Roger".  

Shannon:  Right.

Fr. Robert:  Now, think back.  I know you are on the web a lot.  You've probably seen addresses like this.  

Shannon:  I have, yeah.

Fr. Robert:  Anytime you do like a search it just appends it to the end of the URL, right?

Shannon:  And I've noticed if you just delete that ending after the ? you can just get back to whatever it is you were at.

Fr. Robert:  It just goes right back to Bing, right.  That's a GET.  That's what it's done.  I think YouTube does that.  Not really, let's do Google.  So Google does that.  So if I'm searching for something, and let’s say I'm searching for "snubs".  See, it did something.  It appended to the end of that URL my search term, right?

Shannon:  Cool.  

Fr. Robert:  This is just a version of that.   All it means is that I'm going to take whatever the user is and I'm going to drop it on to the end of the URL.  

Shannon:  Exactly.

Fr. Robert:  You will probably ask yourself Padre, what use is that?

Shannon:  What are you going to do with it?

Fr. Robert:  It's kind of stupid.

Shannon:  You are going to make your own search site?

Fr. Robert:  Well, maybe you are.  That's going to be what we are trying to do.  We are going to show you how you could take that new URL that you have used GET on a form in order to create, run it through Perl, and then make it do something magical.  

Shannon:  Okay, I want to see some magic.

Fr. Robert:  I do too.  But in order for use to this magic I think we need to bring in our code warrior.

Shannon:  Oh boy.  I'm ready.

Fr. Robert:  So if you could hook up that satellite Brian, I think that we are going to bring in Mr. Patrick Delahanty from TWiT TV, our code warrior.  Patrick, thank you for coming back.

Patrick Delahanty:  Oh, my pleasure, coming here from the starship orbiting the earth using the TWiT friendship satellite.  

Fr. Robert:  It's been a very, very long journey.

Patrick:  I will put the warp drive back there.

Fr. Robert:  Let’s put the warp drive.  Now, Patrick, GET and POST on forms in html.  It's not exactly advanced.  You could look at a form primer and you will know how to make a form in like 5 minutes.

Patrick:  Yeah.

Fr. Robert:  But...

Patrick:  Whoa.

Shannon:  That was kind of cool.

Brian:  That was part of the satellite beam.

Patrick:  Okay.

Fr. Robert:  That was different.

Shannon:  Apologies from the desk, the operators.

Fr. Robert:  That was technical difficulties.  Patrick, now that we've got this really weird looking URL what do we do with it?

Patrick:  Well, now that you can pass data from an html form to a script, the script is able to use that input.  Just like we were able to do back in the first couple of episodes of this module where we used standard input.  Except now we are submitting the data through a form instead of just typing it.

Fr. Robert:  Hard coding it in, right?

Shannon:  So, similarly it's still treating it as an input just from a form instead of a form instead of standard input from the user?

Patrick:  Yeah, yeah, it's coming from a different source.  That's the only difference.

Shannon:  Cool.

Patrick:  And then we are outputting it to a webpage instead of just the command line.

Shannon:  Yay.

Fr. Robert:  But this is what you have to do, right?  Because people running your Perl script aren't going to have your command line in front of them on the computer.

Shannon:  Yes, exactly.

Fr. Robert:  They are going to have that form.  So the form is like the standard input.   So when we start playing with Perl this is standard input but over the web.  It's going to add it to the end of the URL so that when it runs the Perl script the Perl script goes, oh, there's my input.  Take my input, run it through my code or through my script.

Shannon:  Got it.  That's cool.

Fr. Robert:  Alright Patrick, show us how it works.

Patrick:  Alright, now remember we are not here to tell you how to do html.  That's not even programming really. 

Fr. Robert:  Careful.

Shannon:  Oh come on.

Fr. Robert:  You are going to piss off a lot of people Patrick.

Patrick:  It's markup.  So we are here to look at the Perl part of this.  So I've just kept a very simple form.  It's asking "What is your favorite animal?"  I think I did this in week 2 when we had the command line.

Shannon:  Yes you did.

Patrick:  So here is the html code for this form.  It's just one input and then the submit button.  You can see I'm submitting the form element here, the input type is text, and the name is "animal".

Fr. Robert:  Patrick, one of the important parts if you go ahead and blow up that screen a little bit, Brian, we want to see his code, the action part; that's what the form is going to do when you push that button.  The action is to call the URL "cgi-bin/c101/ep26a.pl.  

Shannon:  So it's calling that Perl code.

Fr. Robert:  It's calling that, exactly.  That particular script, ep26a.pl, but it's going to append after that ? everything that the user put in to the form.

Patrick:  Yeah, and it ends in .pl, that's what we use to refer to Perl.  You can also do .cgi.  Different hosts have different requirements.  Some want it to be certain ways.  You may have to make it to be executable.  

Fr. Robert:  Which again is why we didn't show you how to do that because it's probably going to be wrong.  You have to find out how your provider does it.

Patrick:  Yeah, but there are just a few common things that you might have to check out so I thought I would mention them.  So anyway, we've got this form, and here's what it looks like.  "What's your favorite animal?", and of course we would enter "bunny".  You see I've typed that before.  Submit, and "This is Example A result..."  "You said bunny!  Yes, bunnies are the best!"  This is the same program we had before.  I just made it work on the web.

Fr. Robert:  Exactly, exactly.

Patrick:  Brian, if you would go up a little higher here we would see the URL which I am running my local main server again.  But we've got cgi-bin/c101/ep26a.pl.  This is exactly where I told it to go.  Then it's got animal=bunny.

Fr. Robert:  It's got the name of the input and then it's got the input itself.

Patrick:  So if I look at the code for this, we will go over here, I've got...

Shannon:  So this is the example 26a code?

Patrick:  Yes.

Shannon:  Okay.

Patrick:  So it starts off, it's got Perl.  We've set the content type to html and then I just threw in an html head.  This is doing nothing but setting the title of the page and the big Coding 101 text and the header text.  Here is the meat of the program. 

Shannon:  Wow, there is a lot in there.

Patrick:  Yeah.  We've got the query, and this is just saying query string is equal to this variable so that I don't have to type out query string every time because it's long.  Then I just print it out so that I can show what that value it.  Printed out your query string says, and it says animal=bunny.

Shannon:  So query is the input from the user?

Patrick:  Yes, for what I entered it says animal=bunny.

Shannon:  Okay.

Patrick:  So what I did here is I looked at the length of the query string to make sure it's larger than 0 to make sure that something is entered.  If it is I do this split on an ampersand and what I am doing is I'm splitting it so that every variable becomes a different entry into this array.  Then for each item in the array I assign the name, which would be animal, and the value, bunny, and it splits on the equals.

Shannon:  Oh, that's cool.

Patrick:  And then here I just kind of normalize the value.

Fr. Robert:  Right, so just for the folks at home what Patrick has done is, remember when a pensive to that URL it's calling that particular script, so ep26a, that script, then it's handing it that entire chunk.  So the name of the action and what it was.

Shannon:  Animal.

Fr. Robert:  In this case it was animal=bunny.

Shannon:  Animal=bunny.

Fr. Robert:  But that is just coming in as a single string.

Shannon:  Right.

Fr. Robert:  It's not like it’s got 2 pieces of data.  It's got 1 piece of data.

Shannon:  But you have to split that up because if you didn't the entire value would be animal=horse, or animal=bunny, or whatever.

Fr. Robert:  Exactly, which is what his code does.  So that first part of the code, the first thing he does is assign everything to that variable called query.

Shannon:  Rave for a raise.

Fr. Robert:  And then he breaks it apart.  He wants to break it apart so that he can manipulate it better.  He can manipulate the name apart from the value.

Shannon:  That makes sense.

Patrick:  Yeah, and so I did this.  This will be apparent in my next example; why I went through all of this.  But then it just says, okay, if this in animal, which is the value I set, if it exists then just set animal=then this value just because I don't want to type all of those brackets over and over.  But if it's not there then I tell animal=0 so I haven't entered anything, its 0.  So then it's the same script we had back in I think the 3rd episode where if animal contains bunny or animal contains rabbit, then print out "You said animal!  Yes, bunnies are the best!"

Shannon:  So you basically just took your code and copy /pasted it in here.

Patrick:  Exactly, so this is nothing new in here.  Once I've got the input I can do whatever I want with it.  So what I'm showing here is how to get the input.  Then this just ends with end of the html, and I have a convenient link back so that I can resubmit again and again.

Fr. Robert:  We've got Dr. Morbeous in the chat room who is saying that she is having difficulty figuring out where is the print statement.  How does it know how to print?  All that it's doing is printing an html file.  That's what the script will do.  It's printing an html file that will go to your browser so it's just html.  If you know how to do html you know how to do the print statement out of Perl for dynamically generated webpages.  The other interesting thing about Patrick's code here is that, if you remember from our lessons from C Sharp and from Python, there is always a way to call a function or to call a method and you passed at a couple of variables, right, because otherwise it would just do the same thing over and over.  That's essentially what we are doing.  This is a way to pass the script, a piece of data from the user that can be anything that the user wants it to be and have it process that particular piece of data.  

Shannon:  It makes sense.

Fr. Robert:  Yeah, this is one of the things that we wanted people to start doing after a couple of modules, which is that you can overlay the languages over the top of each other.  Even though the syntax may look different, the ideas are going to be the same.

Shannon:  That's crazy.  I've seen a lot of my coding friends be able to do that.  Put different languages all in the same line of code.  It totally confused me; I figured it would give you all sorts of errors.  But it works in some cases.

Fr. Robert:  Pretty much once you get a grasp of how programming languages work all you need are a couple of reference sheets so that you go, oh, that's how I write it in C, this is how I write it in Python, this is how I write it in Perl, and boom, you are golden.  Alright, Patrick, you have got more for us.

Patrick:  Yes.  No keep in mind there is a million different ways to do things in Perl so the way that I'm doing it here I'm not using a Perl module because we will talk about that later.  I wanted to show exactly how this works.  In my second example I've got 2 input fields; favorite animal and you get to name this animal which I know everybody wants to do.  So we will say it is a cat.

Shannon:  Luna!

Patrick:  Schrodinger.

Fr. Robert:  Oh, that poor cat.

Patrick:  So we will submit that.  I will print the query string and it said, "You said cat...  Okay, whatever.  I hope Schrodinger brings you joy anyway."

Shannon:  Aw, that's cute.

Patrick:  So if we look at my script for that over here...

Fr. Robert:  You wrote this before.  This is just a regular expression exercise.

Patrick:  And so everything up here is exactly the same.  I'm still getting the input from the query string.  I'm still separating it into different values.  Here, you can see I have the same if its animal then set that.  Then I did name, so I have a second field.  If I've entered name, set it to that.  If I haven't then it's unknown.  So if I left that field blank then it would come back unknown.  Then it prints out the values down below.  It's just another field to look for in the URL.  If we look at the URL up in the top of the browser here you can see it has animal=cat and name=Schrodinger.

Shannon:  So it appended both of the form answers at the end.

Patrick:  Yes, and it puts the ampersand between everything.

Fr. Robert:  You can get really, really long.  You've seen those URLs that seem to go on forever.  That's because they are appending all of the data that has to get pushed to the scripting code.

Patrick:  Theoretically I could change the cat's name to Luna right here in the command line without even submitting form.  

Shannon:  Oh, that's awesome.

Patrick:  So it's changed here.  

Shannon:  Oh my gosh, that blows my mind.

Fr. Robert:  Because remember, all of the GET function did was appended the data that the user entered into a URL.  So you can just change the URL and bypass the form altogether.

Shannon:  I think I just figured out how to bypass.  There is a coupon printer thing that only lets you do 2 per user name, yeah.

Fr. Robert:  By the way, what we are going right now is pretty much what people do when they start testing databases for a sequel injection.

Shannon:  Hacks.

Fr. Robert:  If you see a sequel database, it's got a really long URL.  People can just start pushing values into that string to see if the sequel server falls over.

Shannon:  That's awesome.

Patrick:  Yeah, if this form had hidden fields you could change them easily by just changing the URL even if it's not available apparent in the form.  

Fr. Robert:  Which, by the way, we are not doing it right now because we don't have the time, but this would be a really good place to sanitize your inputs because you need to make sure that someone didn't say the name of my bunny is "DROP TABLES" because that would be bad.

Patrick:  I'm trying to provide easy examples that just show the basics.  Really if I was doing this I would have all sorts of error checking like, oh, you didn't actually enter something here, or you entered this invalid value that has +, and ;, and everything which just trying to keep it simple for these examples.

Fr. Robert:  Right, right.  Now, what I really like about this, Patrick; if people are freaking out, if they are looking at your code thinking this is too difficult, go back to Episodes 2-4 because this is just a rehash of code he has already shown you.  If you were able to understand Episodes 2-4 this is just taking that code and wrapping it with a piece of script that allows it to work on the web.  That's all it is.

Shannon:  We've got a pretty interesting one down here from eSoul.  He said, "This is why you want to use POST instead of GET."  A POST isn't safe either.

Fr. Robert:  Stop cheating!  We are not getting to POST until next week.  Yeah, it's not like POST makes all of the problems go away.  No it doesn't.

Patrick:  No, it doesn't.  It's just as vulnerable.  It's just a little harder.

Fr. Robert:  Alright Patrick, what else do you got?

Patrick:  One more example.  In this one I took the same thing.  I've added a few more fields, but we've got checkboxes and radio buttons.

Shannon:  Oh boy.

Fr. Robert:  We love radio buttons.

Patrick:  So if you want to see how this happens.  Favorite animal we are going to say hippo.  Animal's name is Bryan.  What does the animal eat?  Vegetables, meat, no so much seeds, we will say hay.  Is this animal cute?  Sure.

Fr. Robert:  Is there an entry for steam buns?

Patrick:  I could have put steam buns in this form.  This is just the html over here.  We've got just checkbox and radio.  See the value is food for all 4 of these and cute for these 2.  So this could be something interesting that happens here when we submit.  So you can see the query string here has food, food, food, and 1 value of cute.  So it said, "You said Hippo...  It eats hay.  Okay, whatever, I hope Bryan brings you joy anyway.  At least Bryan is cute."

Shannon:  Aw.

Patrick:  And so if you look at the code for this, I kept everything the same.  Going down here I've got animal name, but then I have the if food, it eats, and then print the name but because hay was the last one checked, it's the last one in the order.  The way I've got this set up it's only doing that.  So if I was doing this for legitimate program I would have to go through and make sure that I got every value of hay in the URL.  So that would need a 4 loop and more stuff.

Shannon:  More stuff.

Patrick:  Yeah.  But in this coding I assigned name and animal up above, but down here I'm just calling this these variable directly without reassigning them.  If it's cute, say this, if it's not then say, "What do you mean", and it's doing more down here. 

Shannon:  If they didn't and are lame...

Fr. Robert:  We will have this up on our GitHub so you can go ahead and pull it down.  

Patrick:  So everybody can look at it.

Fr. Robert:  Thank you very much.  Now, Patrick, we've only got 2 episodes left, and I know that next week we are going to be dealing with POST because we have got to figure out the other way to pull data in.

Shannon:  I can't wait for that.

Fr. Robert:  I'm wondering if because we do believe this, we've always said that you should sanitize your input, should we show them at least a rudimentary way that they could sanitize the inputs coming off of forms?

Patrick:  Yeah, I think that we can do that.  Week 8 would be a good time to do that and regular expressions come in really handy for that.

Fr. Robert:  Yeah, yeah.

Shannon:  And then we can show them how to hack the form if it wasn't.

Fr. Robert:  Right now actually, I think that's the homework.  The homework is to figure out what sites are not sanitizing their inputs.  Report back, though, don't do that; if we told you to do that than we would get in trouble.  There are a lot of sites out there that are not sanitizing their inputs.  They have really crappy forms hitting a sequel database and you are like, I could just type anything in here and the sequel database will take it.  That's essentially what is happening, and that is what we are going to try to teach you to not let happen.

Shannon:  I have a form I need to check.

Fr. Robert:  Hacks.

Shannon:  I'm not going to tell you where it is.

Fr. Robert:  Hacks, lots of hacks.

Patrick:  Is it at poops.com?

Fr. Robert:  But Patrick, of course we are going to be covering more forms next week with POST, but I want to thank you very much for being our Code Warrior again.  Can you tell the folks where they can find you?

Patrick:  They can find me on Twitter.  I'm @pdelahanty, and also check out my website, ChibiProject.com, I mentioned it last week.  We have a new episode where we take a dremel to a Game Boy.

Fr. Robert:  Stop that.  You are destroying my childhood.

Patrick:  Man, that's what we do, we destroy stuff.

Shannon:  That's awesome.

Patrick:  That was actually recorded like 2 years ago, but we finally posted it.

Shannon:  Oh my gosh.

Fr. Robert:  Chibi Project destroying everything I loved from my childhood.   Actually, thank you Patrick.

Patrick:  It was my pleasure.

Fr. Robert:  We love you, and thanks for opening our eyes to something that I think a lot of us take for granted.  When we thing about forms we think, oh, just type it in and hit submit.  Once you understand actually what is happening in the background I think you get a bit more respect for what the programmers had to do to make that happen.  Again, that is Patrick Delahanty, our Code Warrior, we salute you sir.  

Shannon:  Oh, Mr. Monday, no; Coding 101 is not cancelled.  Two episodes left for the module.  

Fr. Robert:  We change modules.

Shannon:  We do 8 episodes per module per coding language; so we did 8 of C Sharp, we did 8 of Python, and then 8 of Perl.  In between each of those we have 2 episodes where we do really cool interviews.

Fr. Robert:  Which, by the way, I think we have finally got those lined up.

Shannon:  I think I know one.

Fr. Robert:  Ah, yes, unless we have a fall through, we believe we are getting a representative from Google from Go.  So we will be able to talk about Go and all of the cool things about that language.  The other one, I think you know.

Shannon:  I think I do; Mr. Darren Kitchen maybe?

Fr. Robert:  Darren Kitchen is going to come on and tell us a little something something.

Shannon:  From Hak5.  I don't know, kind of familiar.

Fr. Robert:  Maybe some of the blacker side of programming.  I'm just saying.

Patrick:  I had better sanitize that input right now.

Shannon:  Yeah you had better.

Fr. Robert:  No, seriously; you better.  Now we know that this was a lot of information for you to take in.  You are not going to be able to get it on the first pass, so if you want to find our episodes in any way, shape, or form, any possible format that you want you can always find it on our show notes page, which is twit.tv/code or twit.tv/coding101.  Either one will get you there.

Shannon:  Make sure to check out the GitHub link in each of the episode's show notes.  That is where you can find the code for each and every episode.  Also, make sure to follow us over on iTunes.  You can just search for Coding 101 in the iTunes Podcast area.  You can find us there.  Please subscribe; let all of your friends know about it and tell them to subscribe, too.  Download the show every week.

Fr. Robert:  I know that in the past we have been telling you to go to g+.to/twitcoding101.  That's not working right now.

Shannon:  We do have the new Google+, the legit Google+ link.  It's +.google.com/twitcoding101.  You can go over there and join our awesome community.  We check it out every single week to see what you guys are up to.  Thank you so much for sharing your coding examples with us, too.  We love showing those off on the show.

Fr. Robert:  Don't forget to push them in there because Shannon pulls from that community to find examples for each and every episode.  

Shannon:  They are also really helpful for me, too, whenever I am learning about this stuff.

Fr. Robert:  Well, that's the other thing.  It doesn't matter what level you are, you can be beginning, advanced, or expert.  That's a great community to be a part of because if you are an expert you can impart your knowledge on the people that are growing in the coding world.  If you are a newbie you get to reach out to people who have been doing this for years, and years, and years.  It's a win.  It's a win win for everyone.

Shannon:  That's true, very true.  Also, we are on YouTube, aren't we?

Fr. Robert:  Yeah, you can find us at youtube.com/twitcoding101.  We understand that most of the people actually watch the show on the download from the RSS feeds.  That's cool, but if you want to catch it on YouTube we offer it because, hey, we loves ya.  Now, Google properties aren't the only place that you can find us.  You can also find us on Twitter, at least I'm on Twitter, I'm @padresj.

Shannon:  And I'm @snubs.

Fr. Robert:  And don't forget that if you are going to be joining us, why not join us live?  This is like real.

Shannon:  We are doing live!

Fr. Robert:  We are doing live, yeah.  Every Thursday at 1:30 Pacific Time you can find us at live.twit.tv.  As long as you are watching us jump into the chat room.  You see us grabbing questions from the chat room because our chat room is filled with some really, really bright people, including Tjoecodeforsalellc.  He's been a long time member of the community since day 1 actually.  In fact, he was one of the people who were asking Leo for a coding show.  We are trying to set up something with him where we are going to have him come in and do 2 guest coding episodes.  It's awesome; make sure you join us at irc.twit.tv.  Until next time I think we are about done, right?

Shannon:  I think we are.  I'm Shannon Morse.

Fr. Robert:  I'm Father Robert Ballecer.

Shannon:  End of line!