As we all know that Server Side Includes (SSI) is a simple interpreted server-side scripting language used almost exclusively for the Web. The most frequent use of SSI is to include the contents of one or more files into a web page on a web server.
SSI, SHTML is a HTML file that includes server instructions or server side includes, and is similar to an ASP file. This file is commonly used as a method of identifying files that include server instructions and what ones do not, to help load each page as fast as possible. Nowadays web hosting companies are also using this language because it’s very good in terms of security.
When an SHTML webpage is sent to the web browser window, it gets assembled on the server and then sent to be viewed. The normal HTML tags all still work the same; the SHTML simply lets you INCLUDE other pieces into the HTML page. Web hosting companies are using SHTML as a basic language for creating web pages also.
Hypertext Transfer Protocol facility is referred to as a server-side include. (Although rarely done, the server administrator can identify some other file name suffix than “.shtml” as a server-side include file.) You can think of a server-side include as a limited form of common gateway interface application. In fact, the CGI is not used. The server simply searches the server-side include file for CGI environment variables, and inserts the variable information in the places in the file where the “include” statements have been inserted.
Server-side includes are snippets of code that not only simplify Web site maintenance but can also make Web site pages interactive. This and their simplicity to implement make them attractive to Web programmers, but the risks of using them must be understood and avoided. Using server-side includes to display environment variables and file statistics (“#echo var=”) poses no security risk; likewise, using the “#include” function, provided that the directory containing the included file is not Web-accessible.
In situations where there is no Web server root directory access, the “#exec” directive can be disabled or enabled in specified directories by means of appropriate statements in an ‘.htaccess' file located in each directory. The ‘.htaccess' file is the directory-level equivalent of the root-level configuration file. If the Web site is hosted by an external hosting company or Internet Service Provider, access to the Web server root directory is very unlikely, and ‘.htaccess' files can be used.
As a simple programming language, SSI supports only one type: text. Its control flow is rather simple, choice is supported, but loops are not natively supported and can only be done by recursion using include or using HTTP redirect. The simple design of the language makes it easier to learn and use than most server-side scripting languages, while complicated server-side processing is often done with one of the more feature-rich programming languages. Apache, nginx, lighttpd and IIS are the four major web servers that support this language.
The following is a list of the currently supported SSI+ tags:
- Echo tag provides for inserting the data of certain variables into an HTML page.
- Include tag provides for inserting the contents of a file into the HTML page at the location of the include token.
- Fsize tag provides for inserting the size of a given file into the HTML page at the location of the fsize token.
- Flastmod tag provides for inserting the last modification date of a given file into the HTML page at the location of the flastmod token.
- Exec tag provides for executing an external executable.
- Config tag provides for setting certain HTML output options.
- Odbc tag provides for querying and updating ODBC databases.
- Email tag provides for sending an email whenever an HTML page is accessed or an HTML form is submitted.
- If tag provides for conditional execution of SSI operations and conditional printing of HTML text based on logical comparisons.
- Goto tag provides for jumping to a label token without executing any SSI code or printing any HTML text between the goto token and label token.
- Label tag provides a place for a goto or if goto token to jump to.
- Break tag provides for termination of HTML documents at any point.