How do I create Web Pages?
XHTML
Although the internet can be used to transfer virtually any type of file, most websites that you come across are actually a collection of (X)HTML documents. The (eXtensible) HyperText Markup Language, as the name suggests, is a language that is used to describe the structure of text-based information in a document — by denoting certain text as links, headings, paragraphs, lists, and so on — and to supplement that text with interactive forms, embedded images, and other objects.
The main difference HTML and XHTML is that XHTML conforms to XML syntax. This means that XHTML code is stricter and cleaner. It is much easier to learn because there are strict rules to follow and lesser ambiguity. Also, it concentrates on the semantics of the document so you can cleanly separate the content of the document from its presentation, which makes creating and maintaining the code much simpler. As XHTML is XML, it can also be easily parsed by standard XML parsers which is really useful when your web page is used by other applications, search engines, etc. As such, if you are new to web design, start learning XHTML and forget the old HTML even existed. (Note: The remainder of this article will only refer to XHTML)
You do not need to install anything to create or view XHTML files. You simply create a file with the markup and save it with a .html extension, and open it in a web browser like Firefox or Konqueror to view it.
Resources
W3Schools - Although it is a good tutorial, it requires you to first read the HTML tutorial, and then understand the transition of HTML to XHTML.
TopXML - Good site. It has a nice reference section so you can keep coming back to it to lookup something you might have forgotten while creating web pages in the future.
XHTML Validator
CSS
Cascading Style Sheets is a language that is used to describe the presentation of web documents. It is most used with XHTML documents to tell the web browser how to render elements of the document (such as the font, colors, layout, etc). CSS can also describe the presentation of the document on different devices such as the screen, a projector, the printer, a speech device or a Braille-based device. It is used to separate presentation from the structure of a document.
CSS, like XHTML, is directly supported by web browsers. CSS files have a .css extension.
Resources
W3Schools - The only good one I could find.
CSS Validator
If you want to create static web documents only, then XHTML + CSS is ideal and it is all that is required. All further languages described here are used to either enhance user experience or to dynamically generate XHTML/CSS on a web server.
JavaScript
JavaScript is the most common implementation of the ECMAScript standard for client-side scripting of web pages (The other popular implementation is JScript, although most of the API is the same). JavaScript affects the behaviour of the web document once it is loaded. For example, handling events and responding to them such as popping up an alert box if you click a link, or hiding an element on pushing a button. In short, it is a scripting language with a C-style syntax that gives you access to the Document Object Model (DOM), and lets you make changes to it on-the-fly, in response to events. Scripting can make web pages interactive and lively, and more responsive to the user's actions.
As with XHTML and CSS, you don't need to install anything to be able to use client side scripting. Either embed the script in your XHTML page or save it as a .js file and let your XHTML link to it. The end-user will need a browser that supports scripting though. Although most modern browsers have script support, some devices such as handhelds may not. Further, a user can easily disable scripting in the browser or edit the script itself. Therefore, don't count on it to do responsible tasks. Use it only as an optional experience-enhancing feature that your web pages can very well do without.
Resources
W3Schools Again
JavaScriptKit
ECMAScript? JavaScript? JScript? I'm Confused
Techincally speaking, the language specification is called ECMAScript, which standardizes the language. This scripting language can be used for any purpose, however it is more popular for use on web pages. The most common dialect of ECMAScript is JavaScript. This implementation is used by the Firefox (and other Mozilla products), Opera, Konqueror, Safari, etc. Microsoft's Internet Explorer and the .NET framework use the JScript dialect. In web browsers, these implementations come with the Document Object Model (DOM) which is an API to access and modify elements in the web page. Generally, all Javascript code should work with IE's JScript implementation (with minor exceptions).
What are cookies?
HTTP Cookies are pieces of information that web sites can store on the user's web browser. Sites use these cookies to remember things about the user from the last time(s) he/she visited the site. Cookies can help in tracking information about a user, or letting the server know of some persistent information about the user or the session over multiple page requests.
Cookies can be created on-the-fly by scripting languages such as ECMAScript, or they can be sent in the HTTP Headers by a web server. However, browsers are implemented in such a way that pages or servers can only read the cookie that has been created in the same domain, to avoid security risks. However, security issues relating to cookies are still prominent (see section of security below).
What is a web server?
When you etner a URL in your browser, the browser sends an HTTP request to a remote machine (your ISP contacts a DNS to resolve the domain name into an IP address which locates the machine). If the machine has a web server (a kind of computer program) installed on it that listens for requests, then the server will process that request and send the response, which is a bunch of HTTP Headers (meta-information about the file) and the file itself (such as an XHTML page), which is what you see in your browser. The most common web servers are Apache and Microsoft Internet Information Services.
How Web Servers Work
How do I install Apache on Ubuntu?
You can install Apache the standard way and configure it yourself, and install PHP, MySQL, mod_perl, mod_python, etc. manually: ApacheMySQLPHP - Ubuntu Community Documentation
Alternatively, you can Install XAMPP, which gives you Apache, MySQL, PHP and Perl all in one neat package. This is a very easy to install package for new users, but it should be used as a development environment only and should not be used as a public webserver.
What is Server Side Scripting?
As described above, web servers accept requests for pages and send responses with the data. Server Side Scripting is a technology by which web servers use other programs such as a PHP interpreter or a Python interpreter to evaluate PHP or Python code and send the output as the response. If the PHP/Python code is made in such a way that it generates XHTML documents as the output, then it is possible to create dynamic XHTML pages. Server Side Scripts can also generate other dynamic data not limited to XHTML/CSS.
PHP
PHP is a programming language that uses somewhat a C style syntax which is used for server side scripting. It is one of the most popular server side languages out there. The massive library of functions that comes with PHP gives it it's main feature.
Installing PHP locally
PHP as a server side language is popularly used alongside the Apache Web Server.
Manually: ApacheMySQLPHP - Ubuntu Community Documentation
or Install XAMPP (Development only)
Resources
Practical PHP Programming - PHP Tutorial (Personal Favourite)
PHP on W3Schools
PHP.net - Best reference to lookup predefined functions and modules
Python
The Python interpreter is installed on Ubuntu by default. However, in order for it to be used as a server side language, you need a web server.
For Apache: You need mod_python. Maybe this thread has some answers for you. However, if you don't want all the hassle of configuring Apache, and you only need a web server for local development rather than production, then there are easier alternatives:
You can set up very simple web server, and write simple web applications in plain CGI without mod_python. Also, there are two excellent web app frameworks for Python, Django and Turbogears. Both come with a simple web development server.
Databases
Once you start to use server side scripting for dynamic page generation you will soon find the need to store data on the server for later use. For example information about a user account, user generated posts/comments, etc. have to be stored somewhere.
SQL
Structured Query Language is a database language used to store data in tables of information and retrieve it. There are many implementations of SQL (such as MySQL or SQLLite). All of these implementations support Scripting languages may provide an inbuilt interface to communicate with certain types of databases or there may be additional modules that may do so. For example, PHP provides predefined functions to access MySQL databases wheras Python comes with a module for SQLite.
Resources
SQL on W3Schools - Straightforward Tutorial to SQL in general
MySQL
MySQL is a multithreaded, multi-user SQL database management system (DBMS) which has more than 11 million installations. The program runs as a server providing multi-user access to a number of databases.
It is a popular choice for PHP users, and it is a rather powerful choice for production, but the advanced features and multi-user environment can get overwhelming for new users.
Resources
Manual Install: ApacheMySQLPHP - Ubuntu Community Documentation
or Install XAMPP (Development only). An advantage here is that it comes with phpMyAdmin, a simple graphical administration tool, which often suffices for new users.
Databases in PHP (Includes a basic MySQL Tutorial within the topics)
SQLite
SQLite is a software library that implements a self-contained, serverless, zero-configuration, transactional SQL database engine. It is actually a small C library that is internally linked within programs that use it, but it uses the SQL API to give it the feel of a full fledged SQL server. It is widely used in desktop applications (such as Firefox 3) and for simple web development.
SQLite has bindings for a large number of programming languages, including BASIC, C, C++, Common Lisp, Java, Delphi, Lua, Tcl, R, PHP, Perl, Ruby, Python, newLisp and Smalltalk.
Python 2.5 comes with the SQLite preloaded. For PHP, in order to have the SQLite functions available, you must compile PHP with SQLite support, or load the SQLite extension dynamically from your php.ini.
Resources
PHP with SQLite
Python with SQLite
PostgreSQL
PostgreSQL is a powerful object-relational database management system, provided under a flexible BSD-style license. PostgreSQL contains many advanced features, is very fast and standards compliant.
PostgreSQL has bindings for many programming languages such as C, C++, Python, Java, PHP, Ruby... It can be used to power anything from simple web applications to massive databases with millions of records.
Resources
Ubuntu Community Documentation
PostgreSQL Wiki
What are the security risks involved when deploying web pages?
Security vulnerabilities in web applications generally occurs as a form of a code injection, that is, when a malicious user is able to exploit the application such that his harmful piece of code is executed to generate destructive results.
Cross Site Scripting
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in web applications which allow code injection by malicious web users into the web pages viewed by other users. Examples of such code include XHTML code and client-side scripts.
For example, if a forum user posts a XHTML message with an embedded script that reads cookies stored in the browser and emails the data to him, then every user who reads this post has his/her cookies (which may contain information such as session IDs or passwords) sent to the attacker who can then use it to login under the victim's account. This is why sites like forums and wikis don't generally allow XHTML to be posted. XSS attacks are even possible via injecting CSS.
XSS on Wikipedia
Server Side Code Injection
Be very careful when using your server side code to perform actions based on user input. Never use functions such as PHP's eval(), which executes a string as PHP code on any variable string, especially one that is user-generated. Evaluating untrusted code can result in your entire system being compromised, everything from exposing stored passwords to deleting important data to tricking your system into logging in as a different user (this is very hard to detect).
Also, never load other files to be executed (such as includes) with a variable filename, if the variable contains user supplied data. A malicious user may supply wrong data that allows sensitive files to get included (such as those that have your password stored in them). You may think you have validated your code, but attackers can find ways through many layers to get their harmful code into your innocent variable.
As a rule of thumb, the only things you should do with variable data that comes from the user is either match it with expected values and perform your own static operations, use it in a mathematical context, or echo it back to the user. You might store this data in a database for further use, but when you retrieve this data later, make sure to follow the same rules again, or else you are vulnerable to second order attacks.
SQL Injection
Exploting usage of unescaped strings in a SQL query is one of the most common ways of exploiting a web application and it is something that most beginner applications are vulnerable to.
SQL Injection on Wikipedia
Other Stuff
This is a list of links to stuff that is not described in this article. If anybody is willing to contribute some introductory writeup for these then please edit this post (or ask a moderator to do so)
Ruby
Beginner's Guide to CGI Scripting with Perl
Perl CGI Programming FAQ
Java Applets
Java Servlets
JavaServer Pages (JSP)
Bookmarks