CGI Programming

What is CGI?
CGI = Common Gateway Interface
Provides a standardized way for
web browsers to:
 Call programs on a server.
 Pass data to programs on a server.
 Receive responses from programs on
a server.
What is CGI? (cont)
CGI is the interface between server
programs and other software.
CGI is not a Perl specific concept.
Any language can produce CGI
programs.
Why Perl?
 Perl provides a nice interface for
creating CGI scripts.
How Does CGI Work?
Phase 1: Create.
Phase 2: Request/Execute.
Phase 3: Respond/Display.
Phase 1
A CGI script is created.
 e.g. a Perl program to do your taxes.
The script is placed on a server.
 Made executable.
 Given appropriate permissions.
A webpage is created and linked
to the CGI script.
 Webpage is the script’s interface to
the world.
Phase 2
A person visits the webpage and
submits a request to run the script.
Browser contacts the server with
the CGI script:
 Asks to run the script.
 Passes input parameters to the script.
Server runs the script on the input
parameters.
Phase 3
Script produces output in the form
of HTML.
Server takes the output and
returns it to the web browser.
Browser displays the output as an
HTML page.
 Page may reference other CGI scripts.
An Overview of the
Process

Request

Input/ CGI
Server Output Program

HTML
Calling a CGI Program
CGI programs are called from HTML
files.
A common/simple way is with the HREF
attribute of the anchor (<a>) tag.
For example,
<a href = “http://www.foo.com/cgi-
bin/bar.pl”>
DO IT
</a>
Returning the Output
CGI programs must create HTML
output to return to the client.
 HTML is the common language
between the client and the CGI
program.
Communication with client is
through standard output.
 Output goes to server and then goes
to screen.
Use print function to send HTML
output to client.
HTML OUTPUT
First line of HTML output must
specify the type:
 i.e. type of the content of the output.
The type is usually text/html.
For example,
 print “Content-type: text/html\n\n”;
There must be a blank line after
the first line.
A Simple Example
Form CGI Example
Student enters first name, last
name and social security number
and presses a submit button.
CGI program looks up grades for
the student and returns a list of
grades.
More Powerful Interaction
Many webpages gather
information from their visitors.
A more powerful interaction
between CGI program and browser
is needed.
This interaction is provided by
forms.
Forms
A form is a collection of widgets in
a web page.
Solicit responses from the user.
A form must include a submit
button!
When the submit button is clicked:
 The CGI program specified in the form
is contacted.
 A string representation of the
widgets’ values is sent to the server.
Form Values
Remember a form’s values are
sent to the server as a string.
Represented as a sequence of
name=value pairs:
 name is the widget’s name.
 value is the widget’s value.
Values are textual only!
 Other data types cannot be sent.
Validity of values must be checked
by CGI program.
Get vs. Post
There are two ways to send a form’s
values to a CGI program.
Get is the default method.
 Data string is attached to URL.
 Seen in browser’s address bar.
 Server removes string from URL.
 Stored in environment variable,
QUERY_STRING.
Post is the optional method.
 Data string is sent through standard input.
 CGI program can simply read it.
 Length of string is stored in environment
variable, CONTENT_LENGTH.
Creating a Form
<form> tags are used to create a
form.
For example,
<form method=“post”
action=“file.pl”>
…
<input type = “submit” value =
“submit form”>
</form>
Important CGI
Environment Variables

REQUEST_METHOD

QUERY_STRING

CONTENT_LENGTH
Request Method: Get
GET requests can include a query
string as part of the URL:
Delimiter

GET /cgi-bin/finger?hollingd HTTP/1.0

Request
Resource
Method Query
Name
String
/cgi-bin/finger?hollingd

The web server treats everything

before the ‘?’ delimiter as the
resource name

In this case the resource name is

the name of a program.

Everything after the ‘?’ is a string

that is passed to the CGI program.
Simple GET queries -
ISINDEX
You can put an <ISINDEX> tag
inside an HTML document.
The browser will create a text box
that allows the user to enter a
single string.
If an ACTION is specified in the
ISINDEX tag, when the user
presses Enter, a request will be
sent to the server specified as the
ACTION.
 ISINDEX Example
Enter a string:
<ISINDEX ACTION=http://foo.com/search.cgi>
Press Enter to submit your query.

If you enter the string “blahblah”, the

browser will send a request to the http
server at foo.com that looks like this:

GET /search.cgi?blahblah HTTP/1.1

What the CGI sees
The CGI Program gets
REQUEST_METHOD using getenv:

char *method;
method = getenv(“REQUEST_METHOD”);
if (method==NULL) … /* error! */
Getting the GET
If the request method is GET:
if (strcasecmp(method,”get”)==0)

The next step is to get the query

string from the environment variable
QUERY_STRING

char *query;
query = getenv(“QUERY_STRING”);
Send back http Response
and Headers:

The CGI program can send back a

http status line :
printf(“HTTP/1.1 200 OK\r\n”);

and headers:
printf(“Content-type: text/html\r\n”);
printf(“\r\n”);
CGI Method summary
GET:
 REQUEST_METHOD is “GET”
 QUERY_STRING is the query

POST:
 REQUEST_METHOD is “POST”
 CONTENT_LENGTH is the size of the
query (in bytes)
 query can be read from STDIN