Home |  White Papers |  Message Board |  Search |  Products |  Purchase |  News | 

Building distributed Web Applications with Visual FoxPro

by Rick Strahl, West Wind Technologies

Download wwIPStuff from:

ActiveDoc Sample (requires VFP 7.0)

last updated: September 7, 2000

The Web has opened a whole new area of development for building truly distributed applications that can run over widely distributed networks and has made it possible to build public access applications at relatively minor cost compared to the infrastructure that was previously required to build this type of distributed application.

Unfortunately, this new medium requires an entirely new approach to application development that focuses heavily on a very limited user interface that is presented in HTML. HTML is a text based markup language that is essentially line based producing output much in the way that ancient word processors like WordStar and WordPerfect of the DOS days produced. Compared to typical rich Windows UI applications even the new 4.0 versions of browsers have a lot of catching up to do in ease of use and usability of the form user interface used for data entry, which is typical for database applications. A lot of things can be done with HTML if you're imaginative, but the end result still leaves a lot to be desired in usability.

But what if you could build an application using Visual FoxPro on the client side talking to a Web server on the other end of the connection that is also a Visual FoxPro application? Rather than using clumsy HTML you could take advantage of the power of VFP's User Interface and ease of data access to build a truly user friendly application and still get the distributability that HTML based Web applications promise.

In this document I'll discuss how to do just by demonstrating some free tools that are available on this site and outlining an example application that uses this technology. You can take a look at the results on the message board of this site - the message board also features an offline reader, which uses a Visual FoxPro client application to communicate with the Web server to retrieve and post messages to and from the server.

HTTP -  More than a protocol for transmitting HTML

The good news is that you don't have to build distributed Web applications with HTML. It is absolutely possible to build an application using a rich UI and use the Web simply as a database interface to communicate. The key to make this work is HTTP - the HyperText Transfer Protocol.

The HyperText Transfer protocol is the underlying messaging protocol that is used for all transactions on the World Wide Web. Although the primary use of the protocol is to power the World Wide Web and HTML based applications, it really can do a lot more than plain HTML. Essentially, you can use HTTP to transport any kind of data over the Web including binary data and even database files!

HTTP is based on a client/server model. Typically, the Web browser is the client that requests data from the Web server. The browser is the display mechanism that shows the content that was served up by the Web server. The server is nothing more than a way station that figures out what type of content to provide to the client. To think of a Web server and HTTP as only providing HTML is a mistake – any kind of data, including files can be passed back and forth over this protocol as long as you follow the rules of the protocol. I’ll show an example of this shortly.

In the latest versions of Windows (Windows 95, Windows NT 4.0), Microsoft has provided high-level support for various Internet protocols in a system library called WinInet. This library supports relatively simple API interfaces for accessing FTP, HTTP and WinSock. Microsoft endowed it with a familiar file based architecture where you can open a connection and then read and write to it directly. This wrapper on top of the WinSock API makes it possible for high level languages such as Visual FoxPro to access the functionality in this system interface directly.

Before I jump in and show you how to create a class that can access the HTTP functionality in WinInet, let’s take a look at the implications of direct access to HTTP. The ability to send and receive data in any format you choose gives you the capability to implement your own client/server architecture that can communicate over any Internet connection.

Here are some useful applications that jump out:

  • Any real time data connection that updates a form from data found on the Web – stock charts or weather information for example – can simply access an HTTP link and download the data. If you provide timely data to your clients (whether it's financial data or an image captured from your backyard), you can make the data available directly from within a VFP application. The data can either be HTML (which you’d have to parse or display via the Web browser control) or data that was formatted a specific way so that it’s easy to get into a VFP table (a comma delimited string for example) and then into a listbox or grid or so forth.
  • Software or data updates lend themselves immediately to this technology. Subscription based services might provide dataupdates over the Internet using HTTP to download files. The same mechanism can be used to update your actual application files, downloading the update and then running an update program.
  • Another good example is an offline reader for an online message board. You might have seen various versions of HTML based newsgroup type applications, such as the Visual FoxPro Universal Thread (www.universalthread.com) or my own message board at www.west-wind.com/wwthreads/. With the ability to read and write data to and from an HTTP link you can use the same existing Web server interface to send down all the data since your last visit, update an existing FoxPro table with the data, then use the Visual FoxPro GUI application to browse the messages. When you need to post a message, all messages are stored in a temporary table, which can then be posted to the Web site the next time you are online or you decide to click upload messages.

One thing to keep in mind, though: Although you are not using HTML to display the output, you still need a backend Web application as discussed in previous Web articles. You still need to run a Web server and some backend software such as Web Connection, Active Server Pages, FoxISAPI or FoxWeb to provide the server portion of your application. The difference is that I won't send back HTML in any of the examples here, but rather data that is shared by the client and server.

WinInet with Visual FoxPro

In order to make life easier in using the WinInet functions I built a class called wwIPStuff which you can download from http://www.west-wind.com/webtools.htm. In addition to the actual HTTP samples I’ll describe below, the class also contains support for sending SMTP mail sending FTP file uploads and downloads, as well as some utility functions to dial and hang up Remote Access (RAS) connections, resolve IP Addresses and Domains using an external DLL. The HTTP functions I’ll discuss here are all implemented in pure Visual FoxPro code using DECLARE –API calls while most of the other methods of the class are wrappers around the calls in the wwIPStuff DLL that makes the more WinAPI and Winsock calls in C++ code.

In order to use WinInet you need the WinInet.dll in your Windows System directory. This DLL installs with most of Microsoft’s latest Internet tools – if you have Internet Explorer 3.0 or later installed you will have it. If you don’t have WinInet on your system you can download it from http://www.west-wind.com/files/wininet.zip. If the examples fail with 'Cannot find entry point to <DLLfunction>' you're likely missing WinInet.dll.

All of the HTTP functions in wwIPStuff are implemented with pure Visual FoxPro code that accesses the WinInet functions directly. You can review the code in the class library on your own to see how it's done - we'll just look at some examples of how to put these tools to work.

Let's start with the simplest way to get data of the Web: The wwIPStuff::HTTPGet method. This method simply retrieves a URL from the Web and stores is to a string. Figure 1.1 shows an example of a simple form that uses this class method. Add an edit box to show the result, a textbox for the URL to retrieve and a button that will perform the actual task of retrieving the data.


Figure 1.1The HTTPGet method allows retrieval of HTTP requests into a string which is displayed in the edit box. Content can be HTML code as shown here or any type of data you choose to send.

In the button code add the following code:

o = CREATE("wwIPStuff")
THISFORM.edtHTML.Value = o.HTTPGet(TRIM(THISFORM.txtUrl.Value),100000)

Note that HTTPGet() expects a full URL that contains the protocol, server and optionally a file to display. The leading http:// is required!

The previous links will retrieve an HTML string as text into the editbox of the form. Retrieving HTML in this manner can be very useful for things such as monitoring sites, or verifying links in directory, or even for building a Web spider that crawls the Web looking for links in pages.

However, if the server were to return plain data as text in result you could do something more useful with the data. Take a look at Figure 1.3, which retrieves data in a comma delimited string over the Web and fills a listbox from the returned result.


 Figure 1.3 Retrieving data over the Web. In this example a comma delimited string is pulled down over the wire and turned into a cursor that can be displayed in a listbox.

The relevant code that goes into the Reload button of the form looks like this:


*** Retrieve all companies starting with "A"
lcText = o.HTTPGet("http://www.west-wind.com/wconnect/wc.dll?http~CustList1~"+;
TRIM(THISFORM.txtQueryCompany.value) )

if EMPTY(lcText) OR lcText="FAILED"
wait window "Invalid HTTP Response..." nowait


( CUSTNO C (8),;
COMPANY C (30),;
CAREOF C (30) )

ERASE (tcFileName)

THISFORM.lstCustList.RowSourceType = 2
THISFORM.lstCustList.RowSource = "tCustList.company, careof"

You have just run a query over the Web and displayed the data in a listbox with 15 lines of code! The server request sends down a comma delimited string that you can import into a table and use as you see as you see fit in your code. I pass the query parameter specified in the listbox as part of the URL Query string (this would be the Address/Location line if run from a browser). This works well for simple parameters, but is rather limiting if you need to pass more information. We'll look at another approach later.

As previously stated you need to have a server in place that can actually service the request made. In this case the Visual FoxPro Web Connection server code is very short as well:

* HTTPDemo :: CustList1
***  Function: Returns a customer list based on the URL 
***            'parameter' passed. Delimited returned.
***    Assume: wc.dll?http~CustList1~CompanySearchString

lcCustToFind = THIS.oCGI.GetCGIParameter(3)


SELECT custno,Company, Careof ; 
   FROM (DATAPATH + "TT_Cust") ;
   WHERE Company = lcCustToFind ;
   ORDER BY Company ;


*** Send the Delimited string over the wire

ERASE (lcFile)


* CustList1
***    Author: Rick Strahl
***            (c) West Wind Technologies, 1995
***  Modified: 01/28/95
***  Function: Takes a file and returns the contents as a string or
***            Takes a string and stores it in a file if a second
***            string parameter is specified.
***      Pass: tcFilename  -  Name of the file
***            tcString    -  If specified the string is stored
***                           in the file specified in tcFileName
***    Return: file contents as a string
LPARAMETERS tcFileName, tcString
LOCAL lcRetVal, lcOldAlias, lnHandle, lcOldSafety



IF EMPTY(tcString)
   *** File to Text
   *** Make sure file exists and can be opened for READ operation
   IF lnHandle#-1
     DO WHILE !FEOF(lnHandle)

     =FCLOSE(lnHandle)   && Close the file
   *** Text to File
   IF lnHandle=-1
      RETURN .F.

*EOP File2Var

Note that the server is sending the text down without any decorations: No HTTP Header, which is required only for display in a browser. This is raw data containing only the comma delimited list of records downloaded.

 Let's take this a step further. A comma delimited list is cool, but it won't work for complex data or data containing memos. Wouldn't it be nice to have an automated mechanism for sending database files? To do so I created a couple of high-level methods that wrap encoding and decoding of DBF files sent over HTTP into single method calls that encode a DBF file and possible memo. There are two reasons for this: The header identifies the result as a file and provides a minimal check to make sure the file(s) made it, and second it automates the process of reading the file into a string in a single method call. wwIPStuff implements EncodeDBF() and DecodeDBF() methods to do just this.

With these methods in place you can now send files even more easily – the logistics of converting the file are handled by the single method calls to DecodeDBF and EncodeDBF. In the following example, the client code uses DecodeDBF() to decode the file that was sent down from the Web server:

*** Retrieve all companies starting with "A"
lcText = o.HTTPGet("http://localhost/wconnect/wc.dll?http~CustList2~A")
*** Creates the file including Memo
IF !o.DecodeDBF(lcText,"TCustList.dbf")
   RETURN && DecodeDBF will display nowait WAIT win
USE TCustList
ERASE TCustList.dbf

On the server the code uses EncodeDBF() to encode a query that was run and sends it out through the Web server:

* HTTPDemo :: CustList2
***  Function: Returns a customer list based on the URL 
***            'parameter' passed. This time as file!
***    Assume: wc.dll?http~CustList1~CompanySearchString

lcCustToFind = THIS.oCGI.GetCGIParameter(3)


*** This query includes Memos
SELECT custno,Company, Careof, Address, phone ; 
   FROM (DATAPATH + "TT_Cust") ;
   WHERE UPPER(Company) = UPPER(lcCustToFind) ;
   ORDER BY Company ;
   INTO DBF (lcFile)


*** Encode with Memo File

*** Send the Delimited string over the wire

ERASE (lcFile)


* CustList1

Cool, isn't it? Less than 20 lines of code for both the client and server! With this basic technology you can very easily update data over the Web. To make this even more efficient you could add third party ZIP control to the Encode and Decode functions and ZIP the data on the fly once it gets over a certain size cutting down on the size of the text travelling over the wire.

You can use a standard GUI VFP application to access information that is retrieved on a remote server. This can be a polling type link that might use a timer to occasionally update data you see in a form, or a by-request operation where the user requests the update from a button click.

But wait, there's more – Sending data to the server

Up to now we've only requested data from the server, but your application might need to update data directly on the server. For example, you might have a salesperson log on to the Web and dump the sales data she collected over the course of the day back to the homebase. In order to do this you'll need a mechanism to send data to the Web server from your VFP application.

HTTP has a built-in mechanism for sending data to the server called a POST request (actually there are several ways, but the POST is the one most commonly used). The most common use of POST requests occur when you submit an HTML input form on a Web page. The data is encoded (URLEncoded format and sent up to the server via the HTTP request initiated by the browser. A typical Web backend application can then query the posted data to retrieve the form variables as part of the server data sent to the backend. You've seen examples of this with Web Connection (loCGI.GetFormVar()), Active Server (Request.Form()) or FoxWeb (FormVar()). Typically, only small amounts of data are sent via POST fields, but here again you can really send any kind and size of data.

When I showed the HTTPGet() method I used the simplified WinInet function InternetOpenUrl() which handles most of the transaction of opening, loading and retrieving the result. When using POST you need to use the low level functions to add the additional settings required to send a buffer. This means calling three separate methods: HTTPConnect() to connect to a server, HTTPGetEx() to actually retrieve or send the data and HTTPClose() to shut down the connection. The actual code also has to take a few extra steps, making a few additional low level connections through WinInet – in all it's quite a jumble of DECLARE – API definitions. But the low level mechanism pays off by providing many other options such as allowing access to Authentication of username and password, secure connections via SSL, the HTTP headers and most importantly the POST buffer.

In order to send data to the server you need to POST the data. The wwIPStuff class implements this functionality via a cursor with a memo field and the AddPostKey() method shown below. Why a cursor? Originally I intended to use a string property of the class, but unfortunately the code would blow up when I tried to assign a huge string (1 meg and over) containing an URLencoded file to the property. Apparently, string properties cannot be of unlimited size. The memo field solved this problem, but required some logic to create and clean up the file (the cleanup occurs in the form's Destroy which is not shown here).

AddPostKey() properly encodes the variable data and formats it to simulate an HTML form submission. POSTed data must be in URLEncoded format, which strips out all 'unsafe' characters and converts the input into a plain ASCII string that. Safe in this context are only A-Z, a-z and 0-9 – all other characters are converted into their hex ASCII codes: %0D for a carriage return (CHR(13)) for example. This process can be very slow, especially if you do it with Visual FoxPro code on a very large binary file(remember our goal is to send binary file images of DBF files). The URLEncode function handles the conversion of the string. To make this slow process a lot faster on large files, the wwIPStuff.dll file contains a routine that does it with C code when the buffer is greater than a couple of thousand bytes.

The example in Figure 1.3 is a form that contains a grid into which you can type a company, name and message. The idea is that you can dynamically create the table that is to be sent to the server. Type some data into the grid then click the 'Send File to Server' button to actually POST the data by sending the file as a POST variable called CustFile.

The server receives the data and decodes the file back into its DBF form. The server then inserts a new record into the table ("Hey there from the server") re-encodes the file and sends it back to your VFP form on the client side, which then displays the result in the lower grid.

Figure 1.3  – This form allows entering of data into a grid and then sends the information to the Web server.
In this example, the server responds by appending a record to the data and then retunring it back to the client which is then displayed in the lower grid.

Here's the relevant code that goes into the 'Send' button Click event:


wait window nowait "Selecting data to send..." 

*** Clear the result file and the result grid
SELE TGetDownload

*** Select all items from the input cursor
SELECT Company, Name, Message FROM TPostTest ;
    ORDER BY Company, Name ;
USE  && Must close before reading

wait window nowait "Encoding data..."

*** Encode the file and memo

*** Create the Post Buffer

*** Init vars that need to be passed by reference

wait window nowait "Connecting to site..."

lnResult = o.HTTPConnect("www.west-wind.com")  
IF lnResult # 0
   wait window "HTTPConnect error: "+o.cErrorMsg

wait window nowait "Sending data and retrieving result file..."
IF lnResult # 0
   wait window "HTTPGetEx error: "+o.cErrorMsg


*** Decoding result file from server
lcFileText = o.DecodeDBF(lcBuffer,"TempFile.dbf")


SELE TGetDownload


wait clear


On the Web Connection backend server, only a few more lines of code are required. The server code retrieves the "CustFile" form variable and decodes the string into tTempfile.dbf. At this point your code could do whatever it needs with the file retrieved from the client. In this sample I'll just add another record to this file to indicate that this file actually reached the server by embedding the server name, my name and a message that contains the date and time so you can see it change when you run this request multiple times. The updated file is then sent back to the client side.

* HTTPDemo :: SendCustList3
***  Function: Sends a customer list that's encoded 
***            in CustFile and displays result as HTML
FUNCTION SendCustList3

lcFileBuffer = THIS.oCGI.GetFormVar("CustFile")

IF !o.DecodeDBF(lcFileBuffer,"TTempFile.dbf") 
   THIS.ErrorMsg("Invalid File info")

USE TTempFile

INSERT INTO TTempFile(Company, Name, Message) ;
    VALUES (THIS.oCGI.GetServerName(),"Rick Strahl",;
     "Hey there from the server at: "+TIME())

*** Close the file and delete it!
USE In TTempFile





Putting it all together

You now have all the pieces to build an application that can run over the Internet as a Client Server application using a totally open, non-propriatary protocol that can access your remote server from anywhere there's an Internet connection available. Whether you want to build offline applications like a message reader, or whether you just want to build applications that have a more sophisticated front end than what HTML can provide, this simple client/server architecture makes it possible to build distributed applications with the tools you already know.

In review a typical application that runs over HTTP should take advantage of the HTTP connections in the following ways:

  • Sending 'Command' via the URL's command line. For example, wc.dll?http~ShowCustData~DA1111.
  • Retrieving data from an HTTP link via HTTPGet
  • Sending data to the server via POSTing data using HTTPGetEx

Let's come back to the message board example on my Web site I mentioned in the first article. My site hosts a message board that is used to post messages for support of Web Connection and general Web programming issues. People access the Web site to view information online. I now want to build an offline reader that allows these same visitors to use a VFP application to view that same data. Rather than browsing the Web site the users will download messages via HTTP and merge them into an existing file. At the same time any messages that users want to post can be sent up to the server and merged into the online file for updating. The motivation for this operation is pretty clear: You can build a vastly more efficient UI with a VFP application than on the Web and the access to the data is much faster. A one time download which usually takes less than a minute can bring down the data for the day immediately.The reader application is available for download at http://www.west-wind.com/wwReader.asp.

http4.gif (40260 bytes)

Figure 1.4 - Which application do you think is faster and easier to use? The VFP application (top) has a rich UI using a Treeview to display data that is running against local data downloaded from the Web. The Web application doesn't allow the same type of flexibility like determining unread messages (the red marks top), since that information cannot be stored on the server.

Let's take a look at some of the key code elements of this application. The following code demonstrates a real world example including error checking on how you can put this technology to work:

* Form method that handles file downloads
* Pass qualified WHERE clause for the SELECT statement
* Filter must be timezone adjusted (in Download form)
Function DownLoadMessages
LPARAMETER lcDownLoadFilter
*** Add the Download Filter as a POST key
THISFORM.StatusMessage("Downloading Messages...",,1)
lnResult = loIP.HTTPConnect(wwt_cfg.server)
IF lnResult # 0
   THISFORM.StatusMessageWAIT WINDOW NOWAIT ("Error: "+loIP.cErrorMsg)
   RETURN -1
*** Presize the result buffer
lcBUffer = SPACE(500000)
lnSize = LEN(lcBUffer)
lnStartTime = SECONDS()
lnResult = loIP.HTTPGetEx(;
IF lnResult # 0
   THISFORM.StatusMessageWAIT WINDOW NOWAIT ("Error: "+loIP.cErrorMsg)
   RETURN -1
IF lcBUffer = "ERROR - No Records"
   THISFORM.StatusMessage("No messages to download")
   RETURN -1
IF EMPTY(lcBUffer)
     "Error: No data was returned by the server...")
   RETURN -1
IF !loIP.DecodeDbf(lcBUffer, "TImport.dbf")
   THIS.StatusMessage("Error: File Import failed. "+;
                      "Too many messages!")
   RETURN -1
*** All went well - Now import the messages
lnReccount = 0
USE TImport
   SELE wwThreads
   LOCATE FOR Msgid = TImport.Msgid
   IF !FOUND()
      SELE TImport
      SELE wwThreads
      lnReccount = lnReccount + 1
USE IN TImport
ERASE TImport.fpt
*** Refresh the form with the new data
THISFORM.StatusMessage("Downloaded "+LTRIM(STR(lnReccount))+" message(s) in " +;
                               STR(SECONDS() - lnStartTime,2) + " seconds")
RETURN lnReccount

There are a couple of notable issues here. This code works by sending a request to the server with a POST variable called FILTER, which is a complete WHERE clause to a SELECT statement. Typically the filter contains a date range that is adjusted for timezones, but this code can also be used from a search dialog simply by passing the appropriate search parameters in the filter expression to provide a Web based search. This makes this method reusable for all download operations that are required by the application.

Note that the HTTP download buffer is allocated to a whopping 500k bytes in order to make sure that I can capture a reasonably large file. Even so, 500k will only allow retrieval of approximately 3 weeks' worth of data – anything more and the download will fail. Since I have a rough idea of traffic I give the user a warning dialog if he's trying to download more than 3 weeks data at once.

Next notice all the error handling. With these file downloads it's extremely important to check every call that is returned from Wininet. If an error occurs, back out gracefully with a message to the user. One of the things you need to decide on the server end is what to return in case of an error. I tend to use a simple command language to describe operations. For example, if I run a request that asks the server to perform a task and return no data, I return 'OK' for success and 'ERROR – Error Message' for any error. In this case the request is returning a file so a check for an empty string and then for proper size as specified by the encoding header (this happens in DecodeDBF()) is performed on the result.

On the Web Connection server end the code looks like this:

* HTTPProcess :: DownloadMessages
FUNCTION DownLoadMessages
LOCAL lcFilter, lcToDate, lcFromDate, lcForum
lcFilter = THIS.oCGI.GetFormVar("Filter")
IF EMPTY(lcFilter)
   lcForum = THIS.oCGI.GetFormVar("Forum")
   lcFromDate = THIS.oCGI.GetFormVar("FromDate")
   lcToDate = THIS.oCGI.GetFormVar("ToDate")
   lcFilter="Forum='"+PADR(lcForum,30) +"' AND " +;
            "timestamp >= {" + lcFromDate +"} AND "+;
            "timestamp <= {" + lcToDate + "} + 1"         
lcFile = SYS(3)
SELECT ThreadId, Msgid, Subject, Message, FromName, FromEmail, To,Forum,;
       TimeStamp ;
       FROM (DATAPATH + "wwThreads") ;
       WHERE &lcFilter ;
       INTO DBF (lcFile)
IF _TALLY < 1 
   THIS.oHTML.Send("ERROR - No Records")
   ERASE (lcFile + ".*")
IF EMPTY(lcFileText)
   THIS.oHTML.Send("ERROR - File not encoded.")
   ERASE (lcFile + ".*")
IF LEN(lcFileText) >= 500000
   THIS.oHTML.Send("ERROR - File is too large to send.")
   ERASE (lcFile + ".*")
*** This is the actual FILE Send operation!
ERASE (lcFile + ".*")

Note the sending of the error messages in the appropriate places. The error messages can be retrieved on the client side and can provide meaningful display on in the status bar of the reader. Note in particular the size check for the 500k response size. If the encoded file is greater than 500k a message is sent back rather than attempting (and failing) to send a file that's too large to send to the client. The client and server sides obviously need to agree on these sizes for this to work properly.

For good measure here's the client code for uploading messages to the server:

FUNCTION UploadMessages
THISFORM.StatusMessage("Uploading Messages...",,1)
SELECT * FROM wwThreads ;
   INTO DBF TExport
   THISFORM.StatusMessage("No messages to upload...")
THISFORM.StatusMessage("Uploading "+LTRIM(STR(_Tally))+" Messages...",,1)
IF EMPTY(lcFileText)
   THISFORM.StatusMessage("Invalid File Info - not uploaded")


lnResult = loIP.HTTPConnect(wwt_cfg.server)
IF lnResult # 0
   THISFORM.StatusMessage("Error: "+loIP.cErrorMsg)
lcBUffer = SPACE(500000)
lnSize = LEN(lcBuffer)
lnResult = loIP.HTTPGetEx("/wconnect/wc.dll?wwthreads~UploadMessages",;
IF lnResult # 0
   THISFORM.StatusMessage("Error: "+loIP.cErrorMsg)
*** Must check if the Upload went Ok
if lcBuffer # "OK"
   *** No - don't delete messages to post
   THISFORM.StatusMessage("File Upload Failed")
THISFORM.StatusMessage("Deleting Posted Messages...",,1)

Here the result from the POST operation simply returns OK or an error code which is irrelevant – it either worked or didn't.

Don't Forget about Security!

Sending data over the wire, especially over an open Internet connection, can be dangerous of course. Remember that it's possible to intercept the data travelling over the net with a packet analyzer and potentially highjack sensitive information. Your first line of defense is to use HTTPS (Secure HTTP or SSL) to transmit your data to and from the Web server. HTTPS requires a secure certificate on the Web server (see your Web server documentation on how to obtain and install a secure certificate or go to www.verisign.com for signup). Once installed all communication that occurs over HTTPS is encrypted. Unfortunately, the encryption process also slows down communications noticeably. The wwIPStuff class supports HTTPS using the low level HTTP functions by specifying the fourth parameter of .T. for HTTPConnect() to establish a secure link.

LPARAMETER lcServer, lcUsername, lcPassword, llSecure

Another simple way to protect yourself from unauthorized access is to use passwords. WinInet supports security via standard Web-based Basic Authentication or via NT Challenge Response that uses NT domain security for permissions. You can connect to the server using a specific security context which exists only while connected to the server over the HTTP connection. wwIPStuff supports this with the second and third parameter to the call to HTTPConnect(). In Web Connection, you can force a request to password validate a user with the following code:

*** See whether user is already Authenticated
lcUser = THIS.oCGI.GetAuthenticatedUser()
IF EMPTY(lcUser)
   *** Nope  force Login dialog

HTMLAuthenticate() is a method in the Web Connection wwHTML class that requests Authentication from the Web server via an HTTP header that is returned as a result. The HTTP result looks like this:

HTTP/1.0 401 Not Authorized
WWW-Authenticate: basic realm="localhost"
<HTML><h2>Gotta enter your password to get in!</h2></HTML>

WinInet supports navigating this request and sending the username/password to the server and essentially logging the user in. The server request is re-run and this time the Authenticated user is authenticated and the request can proceed. The client end is automatic with the call to HTTPConnect(). On the server you have to implement the code above to enforce the authentication check.

Another security issue to keep in mind is that links that download data typically can also be accessed by a Browser directly. While users will likely never see the actual link that is called, it's possible to access the same data link you might use to retrieve data directly via the Location URL line in the browser if a user can guess the URL. Nothing like somebody figuring out your file upload link, and sending you continuous uploads that will fill up and crash your server's hard disk. Consider your URL names carefully and use Authentication where applicable to avoid these problems.

Note that both Secure HTTP and Authentication don't work with the plain HTTPGet. If you only want to retrieve data securely you have to use HTTPConnect() and HTTPGetEx().

What about other Server Tools

I've used Web Connection as the Web Server backend in the examples above, since that's what I use for most of my development. If you use another tools such as FoxISAPI or Active Server Pages you need to make a few adjustments. I haven't checked out tools like FoxWeb or X-Works – you need to check with the authors whether binary output is supported.

The process for FoxISAPI is identical to the one used by Web Connection and you use the same exact classes to generate your binary data to send over the wire. To send a request back you simply return the string as a result from your FoxISAPI Automation server method. However, the version of FoxISAPI that ships with VFP does not support binary data that contains NULLs (chr(0)) as the Variant conversion function that sends your output back to the Web server truncates any string at the NULL. I've fixed FoxISAPI.dll to work around this problem and the updated, compiled version is included in the wwIPStuff ZIP file.

With Active Server Pages the problem is more complicated. VBScript uses double byte Variants internally which can cause several problems with binary data. Variant strings are null terminated so when you send a binary string to output they terminate at the NULL. You can get around this problem by using the Response object's BinaryWrite method instead of the basic Write. This method directly outputs any text string (or Byte Array as the docs call it) as is without first converting it to VB's double byte wide character formatting.

It's not quite as easy as simply calling BinaryWrite from within a VFP COM server however, because BinaryWrite cannot deal with NULL string ( CHR(0) ) values passed to it as a string over COM interfaces. BinaryWrite can only deal effectively binary data in byte arrays. In VFP you can use the little know  CreateBinary() function to create a byte array from a string. You'd use this with a binary value like an encoded DBF file like this:

Response.BinaryWrite( CreateBinary(lcBinaryData) )

This will send the binary string into the ASP HTTP output stream that allows you to send any type of binary data to the client as shown in the examples above. Most of wwIPStuff's functions can still be utilized in this fashion with ASP.

WinInet Issues

There are a couple of issues related to using WinInet's HTTP functions that you should be aware of in the context of creating HTTP transfer operations.

Although the wwIPStuff class contains support for connection, receive and send timeouts (WinInetSetTimeout()), a request that hangs in the middle of a connection will not timeout according to these values. Instead a Windows system default (typically 30-40) seconds is applied by WinInet. This may be a problem because the WinInet functions don't provide any feedback while in process and the user may think the request hung. Microsoft calls this by design, because that's the way Web servers typically handle timeouts – based on the Web server specified timeout value to actually allow large requests to complete. I suggest you carefully test your requests under various connection environments to see exactly how your application may be affected.

Sending huge files in either direction is probably not a good idea, unless you have a speedy Internet connection. Bandwidth is always critical, but you also need to think of some of the system limitations. The process of URLEncoding a string to be sent to the server is slow especially when using FoxPro code to do the Encoding. This is why the online version switches to .DLL functions for faster encoding operation.

WinInet also requires that all info is passed in character buffers. For example, on my message board I have set up a buffer of 500k bytes to receive messages in. While that seems like a lot, if somebody tries to download all messages since the dawn of time it's not going to fit into 500k! What's worse is that you really have no way of knowing up front how much data comes down unless you run two requests – one to figure out how much data will be returned and the other to actually get it. Once you start downloading there's no feedback on progress and if there's a failure you have to start over. In addition to data size, the URLEncoding process also makes your data much larger - up to three times as big as the original, as a single character can be replaced by three (%OD for example for a Carriage Return (Chr(13)). You can get around the size limitations and feedback issues by 'chunking' your downloads – break them into smaller files and then request the remaining files successively. It requires some logic and statekeeping to make this work efficiently.

Another size saver is to use multi-part form encoding instead of URLEncoding which is standard for Web browsers. Multi-part forms can send data in raw form with only an added text header but no encoding of the actual data. This saves both time and memory since no encoding or bloating of the data occurs. wwIPStuff supports posting data with its nHTTPPostMode property with a value of 2. Support on the server may be another story however - it's directly supported in Web Connection ( using GetMultiPartFormVar() ), but not in FoxISAPI and only in limited form for Active Server Pages

You can also get some size relief by using a third party Zip control like DynaZip. .DBF data is a prime candidate for compression yielding 80% compression or better for typical tables. The message board actually uses DynaZip to perform compression and this simple step has brought tremendous improvements in transfer times bringing down 200+ messages over 28.8k in under a minute.

Unrelated to file transfers, I've had a few problems with WinInet when accessing a lot of different sites in quick succession. For example, using wwIPStuff to build a Web Crawler or to verify site links, you might fire off various requests in quick succession. WinInet handles some operations in the background on separate execution threads and sometimes when quickly connecting and disconnecting from different sites, some of the threads don't clean up properly, leaking handles. Furthermore, accessing a link that redirects to another page causes WinInet to leak 3 handles as the connection is never properly closed regardless of your releasing the IP handles. Make sure you check typical operation with WinInet to see whether your code is affected by these problems. I expect these to get fixed by Microsoft as WinInet use becomes more prevalent. Neither of these issues should be a problem if you're implementing applications that connect to the same server all the time.

Your Turn

Realize that this architecture is not meant to be a replacement for HTML front end applications. By using this approach you are requiring all clients to have Win95/NT and the Visual FoxPro runtime, so all the cross-platform and thin client advantages that HTML brings to the party don't apply. But you do gain the ability to take advantage of the Web's distributed environment to make your application reach out and communicate with users from anywhere.

If you're building corporate or shrink-wrapped applications that need to communicate from widely spread out locations, this is an easy way to link applications to a home site. Whether you're pulling occasional data updates or querying real time data over the Web, you get the distributed aspect of Web applications without having to bite the HTML bullet.

The big benefit is that you can take advantage of VFP's rich UI features to provide a productive work environment and still provide the distributed, plug-in-from-anywhere connectivity. I use this front end for a number of maintainence operations, from downloading orders from my Web site directly into my Point of Sale application to checking my error logs on various sites by downloading them to the local machine. In all of my uses, this VFP front end is only an extension to existing Web applications that are running a full HTML interface. The possibilities are endless and many companies are already taking advantage of this type of interface.

   Home |  White Papers |  Message Board |  Search |  Products |  Purchase |  News |