What is CGI?

- Common Gateway Interface -

CGI is a lightweight mechanism for communication between the web server and other programs (CGI scripts) that can be run on the server.

Plenty of web resources to guide both learner and developer

cgi-bin

Instead of pointing to an HTML file a URL may request that a CGI program is run on the server. CGI programs (or scripts) are commonly written in:

Unix - Shell, Perl, Tcl, C,C++, Python, Ruby
Windoze - Visual Basic, Perl
Mac - Applescript, C,C++, Perl

CGI scripts are usually kept in a special directory, named cgi-bin, to provide security and ease of server management. System security is ensured by restricting access to cgi-bin and/or restricting the script languages that the server may execute. Handled through the server configuration. e.g. Apache httpd.conf ScriptAlias directive identifies which directory is available to run cgi scripts:

ScriptAlias /cgi-bin/ "/home/gonzo/public_html/cgi-bin/"

Visibility of the cgi-bin can be controlled. The following only allows the cgi scripts to execute within the domain gre.ac.uk

<Directory "/home/gonzo/public_html/cgi-bin">
    AllowOverride None
    Options None
    Order deny,allow
    Deny from all
    Allow from .gre.ac.uk
</Directory>

Although CGI scripts do not need to be in cgi-bin...

AddHandler cgi-script .pl

... allows perl files with the extension .pl execute outside cgi-bin.

The cgi files need to be made globally executable

-> chmod 755 somefile.pl
-> ls -l somefile.pl
-rwxr-xr-x   1 gonzo   users      645 Oct 28 10:58 somefile.pl

CGI scripts can be used to perform a diversity of functions such as:

Searching
Imagemap handling
Database access
Form handling

Alternatives to CGI include Microsoft's Active Server Pages (ASP.NET) and the increasingly popular PHP.

CGI remains widely used because:

it is well understood technology
it is essentially browser independant
it is relatively standard across servers
CGI programs can be written in a variety of languages
some languages, notably Perl, offer remarkable power

CGI Sequence of actions

CGI figure

The client browser sends a request (HTTP message) to the server
- may be triggered in several ways - e.g. form submit
- names the URL of the CGI program
- data can be sent with the message - get/post
Server software on the server machine receives the message
Server calls the CGI program
- information passed to the CGI program
  - get/post data
  - cookies
  - client environment data
  - server environment data
CGI program runs
- has access to server resources - e.g. filesystems, databases
- outputs a response - e.g. an HTML document
Server software routes stdout from the CGI program back to the client
Client browser receives the HTTP response

Simple "Hello" Example

A Perl CGI program "hello.pl" can be run by clicking this anchor

Forms (oh no! not again)

The HTML <form> tag has three attributes that control the interaction of the form with the CGI program on the server:

action provides the URL of the program that is to process the form data.
method specifies how the name=value pairs are transmitted
- get - data is transferred as part of the URL
- post - data is transferred after the URL in the same http data stream
enctype specifies the data encoding used in transmission
- default is Internet Media Type (application/x-www-form-urlencoded)

<form action="../../cgi-bin/form.pl" method="get"
enctype="application/x-www-form-urlencoded">

Various types of input allowed in forms:

A single line of text input:

Name: <input type="text" size="20" maxlength="80" name="custName"/>

Name:

Suppress the display of the data as it's typed:

Password: <input type="password" maxlength="8" name="passwd"/>

Password:

Checkboxes allow multiple selections from a range of options:

<input type="checkbox" name="mags" value="Byte"/>Byte<br />
<input type="checkbox" name="mags" value="Dr Dobbs"/>Dr Dobbs<br />
<input type="checkbox" name="mags" value="Internet"/>Internet

Byte
Dr Dobbs
Internet

One of a group of radio buttons with the same name can be selected:

<input type="radio" name="age" value="under_18"/>Under 18<br />
<input type="radio" name="age" value="range18_30"/>18 to 30<br />
<input type="radio" name="age" value="over_30"/>Over 30<br />

Under 18
18 to 30
Over 30

A textarea can be used for multiline input:

<textarea rows="7" cols="40" name="address">
Some text</textarea>

Some text

The select and option tags can provide a scrolling list:

<select multiple="multiple" name="languages" size="3">
<option>C</option>
<option>C++</option>
<option>Java</option>
<option>Pascal</option>
<option>Perl</option>
<option>Visual Basic</option></select>

Or a pulldown menu:

<select name="experience">
<option value="newbie">Novice</option>
<option value="ok">Intermediate</option>
<option value="good">Expert</option>
<option value="showoff">Wizard</option></select>

Types of form buttons:

Input type submit buttons cause the data to be transmitted to the server and then to the CGI program. Multiple submit buttons can be included - the name and value are transmitted so the application can do something different depending on which was clicked:

<input type="submit" value="Add" name="Button"/>
<input type="submit" value="Change" name="Button"/>

Or you can use an image as a submit button. The x, y coordinates get sent to the server as well as the rest of the form data:

<input type="image" src="bobpush.gif" name="Bob"/>

An input type button does not send the form but can be used to trigger some JavaScript:

<input value="Choc Chip Cookie" type="button"
onclick="document.cookie='crumble=' + this.form.custName.value + 
';path=/~k.mcmanus'"/>

A reset button will restore the form to default data:

<input type="reset" value="Clean Me!"/>

Hidden fields can be included with input type hidden. Can be used to give the CGI application information about the form - or can be generated by the CGI script to pass context information in multi-form interactions (state preservation):

<input type="hidden" name="form_id" value="form123"/>

< Index - Next >