Encyclopedia of Social Network Analysis and Mining

Living Edition
| Editors: Reda Alhajj, Jon Rokne

Server-Side Scripting Languages

  • Ludger MartinEmail author
Living reference work entry
DOI: https://doi.org/10.1007/978-1-4614-7163-9_363-1




Asynchronous JavaScript and XML


Common Gateway Interface


Hypertext Markup Language


Java Server Faces


Java Script Object Notation


Java Server Pages


Server-side scripting languages are programming languages developed especially for creating HTML pages (or Web pages) on the server side. These languages usually provide special libraries that facilitate creating HTML pages. In times of Web 2.0 and AJAX, these scripting languages can also serve as data sources (services) for AJAX.

There are two different types of scripting languages. The first variant can be embedded in HTML. The language can be embedded, for example, in places where a particular functionality is needed. The second variant is languages which can be used to create HTML tags. They provide an interface for creating HTML tags.

On the server side, a special interpreter is necessary for each scripting language. This interpreter is introduced to the Web server so that the server will be able to use it for the script execution, when required.


There is a large number of server-side scripting languages. It is their task to dynamically build HTML pages (Web pages) on the server side. To achieve this, a Web server that is to distribute the HTML pages must be told where to find an interpreter for a particular script. Most of the server-side scripts are interpreted. A small number can also be compiled.

Without server-side scripting languages, you can only create static Web pages. Then it is not possible to customize anything for single users. A customization can be something as simple as the display of search results. Because of these languages, HTML pages can be created dynamically, i.e., on request.

If we look at today’s Web sites, we will find that most of them were created using server-side scripting languages, among them Web sites which are run by a content management system. The content management system itself has been developed using a server-side scripting language. There will be very few exceptions which do not use such a language.

Web 2.0 pages that use JavaScript for controlling their content also need a server-side scripting language, e.g., AJAX was used to send requests for database access to a server. This can only be done using a server-side scripting language.

Key Points

There is a large number of server-side scripting languages. It is their task to dynamically build Web pages on the server side. A Web server needs an interpreter for a particular scripting language. A small number can also be compiled. Despite the development of Web 2.0 and the relocation of functionality to the client side, i.e., the browser, server-side scripting languages will still remain beneficial. Using AJAX, for example, a data source must be provided on the server side.

Historical Background

It is hard to say which server-side scripting language was first. It is a fact though that Perl was one of the first languages. The first version of Perl as a universal scripting language was presented in 1987 by Larry Wall. Only later, in the 1990s, did it become useful for Web pages because CGI was introduced.

In 1995, Rasmus Lerdorf developed PHP. At the beginning, PHP was based on Perl. In 1997, with version 2, the first parser for PHP was delivered. From then on PHP has been particularly suited for Web pages. PHP is a scripting language embedded in HTML. From the very start the evaluation of form variables has been important. By now, PHP has become one of the most widely used scripting languages for Web pages. But PHP has also become a universal scripting language which can be used anywhere.

Python is another universal scripting language, which was developed by Guido van Rossum in 1991. Today it is also commonly used for Web applications.

At the end of the 1990s, Sun Microsystems presented the language JavaServer Pages (JSP). JSP is based on the language Java, but it is embedded in HTML. Just as with Java, the JSP pages must be compiled before the byte-code that was created can be executed in a virtual machine. Nowadays, JSP is considered outdated. It was superseded by JavaServer Faces (JSF) in 2004. Particularly for Web pages, JSF, as opposed to JSP, is component oriented. JSF consequently focuses on the model–view–controller pattern.

Microsoft developed the Active Server Pages (ASP) particularly for the Internet Information Service (IIS). The technology, which was presented in 1998, can be programmed among others with VBScript or JScript. The relevant programming language is also embedded in HTML. In 2002 it was superseded by ASP.NET. That is the Web-based technology which is embedded in the .NET framework. Programming languages for ASP.NET are VBScript and C#.

Another popular language for Web pages is Ruby on Rails. The programming language Ruby was presented by Yukihiro Matsumoto in 1995. At the beginning it was only known in Japan. Ruby on Rails, which was developed in 2005, is a specific library for Web applications.

A more recent language is node.js. It is introduced in 2009 by Ryan Dahl. It is a server-side system with a special event-based implementation. The programming language for node.js is JavaScript.

Server-Side Scripting Languages

In the following, a sample server-side scripting language will be described. We chose PHP because it is one of the most widely used languages. After that, we will take a glance at Perl, which is unlike PHP a language that is not embedded in HTML.


From version 2 on, PHP has been developed for the dynamic creation and evaluation of Web pages. At first it was a procedural programming language. Version 4.0 (2000) introduced objects, which were revised in version 5.0 (2004). PHP provides a comprehensive procedural and object-oriented library.

PHP (Lerdorf et al. 2006) is a programming language that is embedded in HTML (Kessin 2011). It is always interpreted on the server. Output of a PHP script is usually an HTML page. But it is also possible to create different text formats and binary formats such as JSON, PDF, or PNG. Because the scripts are executed on the server, the user cannot see the source code. Users only get to see the output. This way, stealing the source code is not possible. If a Web server is very busy, the PHP scripts can be compiled beforehand, and then only the byte-code can be executed. Without parsing and compiling, execution performance is strongly improved.

Figure 1 shows a very small PHP file whose browser output is hello world. It shows clearly that the file begins with HTML source code. PHP is embedded in HTML; the actual PHP part starts only in line eight. This is marked by the string <?php. The command echo makes the browser display <p>Hello World!</p>. HTML tags can also be output using echo. The PHP part ends in line ten with the string?>. You can include PHP parts anywhere and any number of times. It is not necessary to include HTML source code in a PHP file, which is often the case with classes. In this scenario, the PHP file starts directly with <?php. If the file ends with a PHP source text, you can leave out the closing? >. Formerly, <? and ?> were used, but they had caused problems with XHTML. A PHP filename must always finish with .php for the Web server to know that it is a PHP file.
Fig. 1

Hello World PHP page

You can also include comments in the PHP sections. Introduce single-line comments using // or #. Multiline comments should be enclosed in /* and */.

Variables and Operators

Variables are a central feature in a programming language. PHP is an untyped programming language. This means that usually you do not need to specify types. There are two exceptions, which will be explained later. As a result, you do not need to define variables; you can simply use them.

Variables always begin with $. Then, an arbitrary sequence of characters and numbers may follow; the first character after $ must be a letter. PHP distinguishes between capital letters and small letters. As it is not necessary to define the variables, there is a certain danger. If you access an undefined variable, in the best case you will receive a warning. In the worst case you will only notice that the program does not work as expected.

You can assign a type to a variable by giving it a value. Figure 2 shows several examples of this. In lines 1–4, numbers are assigned. The lines five and six treat booleans, where true is the same as 1 and false equals an empty string. Lines seven and eight demonstrate how character strings are assigned. It is important to realize that there is a great difference between the opening and closing “and.”
Fig. 2


Only if " is specified, variables and escape sequences (e.g., \t for tabulator) in character strings are resolved. That means that as the lines nine and ten show $x is replaced by the numeric value 17. if ′ is used, $x will remain a character string.

You can also create arrays. Line 11 shows an array with three elements. Line 12, however, shows an associative array. Using = > you can separate the keys from the values. Because PHP is an untyped language, the values and the keys of the types may vary within an array.

PHP changes the variable type according to the situation, if necessary. If, for example, two variables are added as numbers and one of them is a character string, then this string will automatically be changed to a number. Sometimes, not often, an explicit-type conversion may be necessary. This can be done placing the required type in round brackets in front of the variable: (int)$x.

You can check variables using the functions in Fig. 3. In the following, functions and methods will always be specified including the expected and returned types. Because PHP is an untyped language, the types will only be checked at runtime, and only afterward an error message will be displayed if the types do not match. Specification of mixed means that different types may be used. isset() checks if a variable has been specified. With lines two and three you can specify a variable as undefined. gettype() determines the current type of a variable value. This value may change during the execution of a program. The type itself will be returned as a string.
Fig. 3

Checking of variables

There are very few specifics for operators. As we have already seen, = is an assignment. +, −, *, /, and % are mathematical operators, whereby division and multiplication come before addition and subtraction. To concatenate character strings, use .. For comparisons, ==,! =, <>, <, >, <=, and >.= are available. Variable types can be compared using === and! ==. For grouping operators you can use round brackets. You can use AND, &&, OR, ||, XOR and ! as logical operators, e.g., for conditions. AND and && are equivalent and so are OR and ||.

Program Control

PHP offers the usual options for program control. Figure 4 shows an if condition. After the keyword if, you must specify a condition in round brackets. Unlike in other languages, in addition to the else branch, there are one or more alternative conditions elseif. Besides the if condition there is additionally a switch statement.
Fig. 4

If condition

Loops are also an option. A do while (…) {…} loop checks the condition after every loop run, while the (…){…} loop checks the condition prior to every loop run.

The for loop corresponds to the C syntax in that you can specify separately first an initialization statement, followed by a condition and then an incrementation using. Additionally, there is a foreach loop which has been developed specially for arrays. This loop executes the following statements once for each value in the array. Figure 5 gives an example. Inside the brackets the array is specified first and then follows the keyword. After that, one or two variables are specified, which will be used to store the value and, optionally, the key of the array. The variable for the key and the characters = > can be left out if only the values are of interest.
Fig. 5

Foreach loop

Classes, Objects, Error Handling

PHP too allows you to define custom functions and objects. With version 5, object orientation has been thoroughly revised.

Using the keyword class you can define classes. Classes’ attributes and methods can be defined as public, protected, and private to ensure access protection. PHP supports only single-class inheritance, which can be specified using the keyword extends. Alternatively, there are interfaces, which a new class can implement. Classes can also be abstract. This is the case as soon as at least one method of a class has been marked as abstract. These methods are not yet implemented. The class which inherits must, similar to the interfaces, implement the abstract methods.

Constructors must be named __construct (with two _). For downward compatibility with PHP 4, the constructor may have the same name as the class. A destructor must be named __destruct (with two _).

As Fig. 6 shows, you can create instances of classes using the keyword new. An object of the class DateTime is instantiated. You can access the methods or attributes of objects using the –> operator, as demonstrated by the method format().
Fig. 6

Instantiate a class

PHP also allows creating static attributes and methods. Polymorphic methods are not supported, as PHP is an untyped language. It is only possible to specify default values for single parameters, so that the values can be omitted.

Error handling is also possible. Figure 7 shows how a try-catch is specified. After try you specify all the statements which might cause errors. One or more catch statements control the error handling. Only in the catch statement, it is necessary to specify a type within the brackets. This type determines the class of the exception that is to be treated. This enables you to react appropriately to different exceptions. Using the keyword throw, you can throw a new exception.
Fig. 7

Error handling

Interaction with HTML Forms

The interaction with HTML forms is a central point with server-side scripting languages. Here, you need to be particularly careful because these places are popular goals for attacks on a Web page or an application. For this very reason, PHP as well has undergone a variety of improvements in the course of time.

In Fig. 8 you can see a small HTML form which consists of two input fields for the username and the password and a send button. In the form, the send method post has been specified. You have two options. get is the simplest method. Here, data is coded and committed with the URL. An advantage is that the data is visible in the URL. The disadvantages are that the URL and with it the data amount is limited in size and anyone can see and modify the committed data. Especially for passwords, this method is not recommended. Here, the post method can help. Data is sent to the URL separately, and there is no limit in the amount of data. If you want to transfer entire files with a form, the method post is obligatory. It is more difficult to modify this data but not impossible.
Fig. 8

Small HTML-form

As destination for the form, the PHP file form.php is specified. The <input> tags each have an attribute name, which determines the name of the variable as it shall be available in the destination script. In the past, these names could be used in PHP directly. Today, for security reasons they are stored in the two arrays $_GET and $_POST. The name of each <input> tag is its array index. Line one in Fig. 9 shows how to check whether the button submit was pressed. Because the method post was used, in the array $_POST the index “submit” will be searched for, and a check will be done to see if the array contains the value submit. If so, a similar procedure can check the username and password.
Fig. 9

Evaluate form

You can use cookies if a Web application is to store data on a client (or browser) permanently. Cookies may contain any data, but they have a maximum length of 4 KB. But a Web application can send up to 20 cookies to the browser. If you want to define how long data shall be kept, you can specify an individual expiry date for a cookie. Cookies can only be placed in a Web page’s header. This is possible only if no character of the actual Web page has been output. It is recommended to specify a cookie for a script as early as possible. As soon as a cookie was set, the browser will send it automatically to the server with every query. In PHP cookies can be read using the array $_COOKIE. The problem with cookies is that users can decide whether or not their browser shall accept cookies. A Web application can only find out about this decision if it checks whether cookies are transferred back.

Web pages are generally independent of a context. When developing Web applications, this can be annoying. You can solve this problem by using sessions. Sessions provide a separate storage area on the server for each user. A session is assigned to a user through a unique identifier. This ID must always be transferred between the browser and the server. To achieve this, three variants are available, which have been presented earlier: get, post, cookie. Cookie is the most popular variant because it causes the least work. It is, however, the most problematic as the developer does not know whether the browser accepts cookies. If cookies are used, again the cookie must be transferred in the header.

To use a session in PHP, each file which uses the session must call the command session_start() (see Fig. 10). This command checks the session ID if one was transferred. If the ID is correct, an existing session will continue to be used. If it is not correct or not available, a new session will be created. The array $_SESSION is available for storing data (lines two and three). The data remains stored on the server for some time, and the various PHP scripts can access it. This time limit is important because sometimes it may not be clear whether a user is still active. If a user is inactive over a longer period of time, the session will be deleted. Sessions can also be deleted by PHP.
Fig. 10


Any kind of data can be stored in a session. You can also store objects. But there is one condition: the object’s class must be known in each PHP file before the session can be started. With respect to security (Hope and Walther 2008), sessions must be particularly protected. The usual attacks are session hijacking and session riding.

Other Data Formats

Besides HTML, PHP (Loudon 2010) allows you to create any other data format. These formats could be XML, JSON, or images. JSON, for example, is often used if it is a Web 2.0 application and you want to send back queries to a server using AJAX. For the browser to be able to recognize what kind of data it is, the HTTP header that specifies the data format must be modified. Figure 11 shows how to set the type for JSON data. For the function header(), it is important that in the body no data has yet been sent. It is the same as for cookies.
Fig. 11

Modify header

JSON is a frequently used data format. Therefore, special functions are available for creating JSON automatically from PHP objects. In line two a sample object is instantiated. Using the function json_decode(), it can be changed to a JSON character string, which can then be output with echo. Analogously, the function json_decode() can change a JSON character string into a PHP object.

Embedded Files and Debugging

If you develop classes, usually each class is stored in a separate file. Then it is also necessary that these files can be embedded in PHP scripts. To do so, in PHP two functions are available. require() embeds the specified file and displays an error message if this was not successful. Processing is stopped. include(), however, will only output a warning and continue the script. For each one there is an alternative method require_once() and include_once(). These functions ensure that a script will be embedded only once, even if it was specified more often. This is particularly useful for, e.g., classes.

Troubleshooting is also very important for server-side applications. To enable debugging of an application, there are currently two modules for the Web server Apache, Xdebug and Zend Debugger, which allow remote debugging. Using these modules in a compatible development environment, you can execute the PHP source code step by step and examine the variables as well.


Perl (Guelich et al. 1999; Wall et al. 2000) is a universal programming language that can be used for developing server-side applications, too. The module CGI provides an interface that can be used to create HTML elements very easily. Figure 12 shows an example of the hello world program in Perl.
Fig. 12

Hello World Perl page

Line two provides the CGI module. Then, an object whose class is CGI is instantiated. Then some methods are used to create the individual HTML elements. The methods header and start_html create the entire header. For each HTML element in the body, there is one method for creating that particular element. You can see this in line six for the <p> —tag. Each method returns a string, which is output using print.

Key Applications

A large area of application for server-side scripting languages is a content management system. An e-commerce platform is another common application. The development of Web 2.0 applications needs server-side scripting languages for data sources, those must be provided on the server side. Single-page applications are not able to access data bases from the client side.

Future Directions

Despite the development of Web 2.0 and the relocation of functionality to the client side, i.e., the browser, server-side scripting languages will still remain beneficial. Using AJAX, for example, a data source must be provided on the server side. Concerning the various libraries, a trend can be seen that the server-side scripting languages are more and more used for the automatic creation of JavaScript source code. So it will remain exciting to watch how the fast-moving world of the Web will develop.



  1. Guelich S, Gundavaram S, Birznieks G (1999) CGI programming with Perl. O’Reilly Media, SebastopolGoogle Scholar
  2. Hope P, Walther B (2008) Web security testing cookbook: systematic techniques to find problems fast. O’Reilly Media, SebastopolGoogle Scholar
  3. Kessin Z (2011) Programming HTML5 applications: building powerful cross-platform environments in javascript. O’Reilly Media, SebastopolGoogle Scholar
  4. Lerdorf R, Tatroe K, MacIntyre P (2006) Programming PHP, 2nd edn. O’Reilly Media, SebastopolGoogle Scholar
  5. Loudon K (2010) Developing large web applications. O’Reilly Media, SebastopolGoogle Scholar
  6. Wall L, Christiansen T, Orwant J (2000) Programming Perl: there’s more than one way to do it. O’Reilly Media, SebastopolGoogle Scholar

Copyright information

© Springer Science+Business Media LLC 2017

Authors and Affiliations

  1. 1.Faculty of Design – Computer Science – MediaHochschule RheinMainWiesbadenGermany

Section editors and affiliations

  • Thomas Gottron
    • 1
  • Stefan Schlobach
    • 2
  • Steffen Staab
    • 3
  1. 1.Institute for Web Science and TechnologiesUniversität Koblenz-LandauKoblenzGermany
  2. 2.YUAmsterdamThe Netherlands
  3. 3.Institute for Web Science and TechnologiesUniversität Koblenz-LandauKoblenzGermany