CGI

Common Gateway Interface

What is CGI? CGI is an acronym that stands for Common

Gateway Interface is a standard for interfacing external applications with information servers, such as HTTP or Web servers

This interface provides a means for browsers and the server where document resides to communicate and pass information back and forth

Primarily, this is done through the <FORM> tag, but there can be other ways to use CGI effectively, like through Server Side Includes (SSI)

What is CGI?

CGI, permits interactivity between a client and a host operating system through the World Wide Web via the Hyper Text Transfer Protocol (HTTP)

CGI program can be written in C or C++, Perl, ASP, PHP, Python, TCL, shells, and many others languages and scripts

Examples of uses for CGI Forms

– forms on web sites allow the user to enter information which is processed by CGI and mailed to an administrator or logged

On-the-Fly Pages – web pages can be created dynamically (as needed) with

up-to-date information.

Database Interaction – an application of on-the-fly page creation. Web pages

can be created using information read from a database, or a web site form can allow a user to update database entries

Examples of uses for CGI

Logging / Counters – a log file can record traffic data updated with

information on each visitor. A counter can be included on the web page to advertise traffic.

Animation – "server-push" programs can be used to feed the client

successive images in an animated sequence.

Catalogs, Search engines

Requirements

Web server (NCSA, Apache, IIS, Microsoft Personal Web server etc.)

Compiler (C/C++) or Interpreter (Perl), PHP, ASP

Web browser (NN, IE etc.)

Writing CGI programs involves

Obtaining input from a user or from a data file.

Storing that input in program variables. Manipulating those variables to achieve

some desired purpose, andSending the results to a file or video

display.

More about FORM tag

<form  action=”url" method=”get" >  ... Form Element tags ... </form>

<form action=“http://www.ncsi.iisc.ernet.in/cgi-bin/test.pl” method =”post">  Form Elements </form>

action attribute tells where the information in the form is to be sent

Default method is get Examples of Forms

Form Tag Description

<FORM ACTION="/cgi-bin/prog.pl" METHOD="POST">  Form Start

<INPUT TYPE="text"  NAME="name" VALUE="value"  SIZE="size">                               

Text Field

<INPUT TYPE="password"  NAME="name" VALUE="value"  SIZE="size">                      

Password Field

<INPUT TYPE="hidden"  NAME="name" VALUE="value"> Hidden Field

<INPUT TYPE="checkbox"  NAME="name" VALUE="value">     

Checkbox

<INPUT TYPE="radio"  NAME="name" VALUE="value"> Radio Button

<SELECT   NAME="name" SZE=1> <OPTION SELECTED> One <OPTION>Two  …     </SELECT> 

Dropdown List

<INPUT TYPE="submit"   VALUE="Message!" > Submit Button

<INPUT TYPE="reset"   VALUE="Message!">  Reset Button

</FORM> Form Ends

Browser Request

For the simple hypertext link in an HTML document:

test.html Browser will send a request of the following type:

GET /test.html HTTP/1.0 Accept: text/plain Accept: text/html Two blank lines

Server Response

HTTP /1.0 200 OK

Date: Monday, 24-Dec-2000

11:09:05 GMT

Server: NCSA/1.3

MIME-version 1.0

Content-type: text/html

Content-length: 231

<HTML><HEAD><TITLE>Test Page</TITLE></HEAD>

<BODY>

This is a simple HTML page.

</BODY>

</HTML>

Environment Variables (What are they used for?)

In order to pass data from the server to the script, the server uses command line arguments along with environment variables.

The Environment Variables are set when the server executes a CGI Script.

Environment Variables allow the CGI Script to reference variables that might be wanted for the Script output.

There are two types of environment variables:Non-Request specific variables - those set for every

requestRequest specific variables - those that are dependent on

the request being fulfilled by the CGI Script

Environment Variables

SERVER_NAME – The server's Host name or IP address

SERVER_SOFTWARE – The name and version of the server-software that is answering the

client requests

SERVER_PROTOCOL – The name and revision of the information protocol the request

came in with.

REQUEST_METHOD – The method with which the information request was issued.

Environment Variables Cont... QUERY_STRING

– The query information passed to the program. It is appended to the URL with a "?”

CONTENT_TYPE – The MIME type of the query data, such as "text/html”

CONTENT_LENGTH – The length of the data in bytes, passed to the CGI program through

standard input.

HTTP_USER_AGENT – The browser the clients is using to issue the request.

DOCUMENT_ROOT – It displays the server document root directory

Typical Environment Variables

SERVER_SOFTWARE = Apache/1.3.14 SERVER_NAME = www.ncsi.iisc.ernet.in GATEWAY_INTERFACE = CGI/1.1 SERVER_PROTOCOL = HTTP/1.0 SERVER_PORT = 80 REQUEST_METHOD = GET HTTP_ACCEPT = 'image/gif, image/x-xbitmap, image/jpeg, */*' SCRIPT_NAME = /cgi-bin/environment-example QUERY_STRING = REMOTE_HOST = ece.iisc.ernet.in REMOTE_ADDR = 144.16.64.3

Where does the data for the CGI Script come from?

The most common way for data to be sent to CGI Scripts is through HTML forms. HTML forms use a multitude of input methods to get data to a CGI Script. Some of these input types are radio buttons, check boxes, text input and pull-down menus.

After the input necessary for the Script is determined and what type of input are going to be used, there are two main ways to receive information using the form. The methods are Get and Post. The information will be encoded differently depending on on which method is used.

GET Method

The form data is encoded and then appended to the URL after ? mark

The information contained in the part of the URL after the ? mark is called the QUERY_STRING, which consists of a string of name=value pairs separated by ampersands (&)

GET http://www.ncsi.iisc.ernet.in/cgi-bin/example/simple.pl?first=Jason&last=Nugent

Example 3

POST Method

Difference between Get and Post method is primarily defined in terms of form data encoding

The information is sent after all request headers have been sent to the server

With the post method, the server passes the information contained in the submitted form as standard input (STDIN) to the CGI program

POST Method ...

The length of the information (in bytes) is also sent to the server, to let the CGI script know how much information it has to read

The environment variable CONTENT_LENGTH contains information about how much amount of data being transferred from html form.

Examples 4

Examples

Counter (Counter)Database Search

– Create MS Access Database– Create data source (ODBC)– Write scripts to access database from the

browser

Example 5

What are the Drawbacks of using CGI?

CGI applications can be slowed down considerably if network is slow

If your script is long or has to do a lot of processing, your visitor will have to wait a bit until your script is finished running

Biggest concern with CGI programs is security

Server Side Include

Server-side include (SSI) files add text, graphic, or application information to an HTML document just before sending the HTML file to a user

Make adding dynamic content to your documents easy

SSI directives #INCLUDE

– Includes the text #FLASTMOD

– Retrieves the last modification time of a file. #FSIZE

– Retrieves the size of a file. #ECHO

– Inserts the value of various Common Gateway Interface (CGI)-system environment variables.

#CONFIG– Configures how variables and commands are displayed.

#EXEC– Executes CGI-system command scripts and inserts

output into an HTML document.

SSI in PWS

To make SSI work, the Web server must parse the HTML document and process any directives before sending the final HTML file to the client

General Form– <!-- #<PREPROCESSING_DIRECTIVE>-->

E.g.– <!-- #exec cgi=“/php/test.php”-->– <!-- #echo “QUERY_STRING-->– <!-- #include file=“myfile.txt” -->

SSI in Apache

Add the two lines below in the main configuration file httpd.conf – AddHandler server-parsed .shtml– AddType text/html .shtml

Restart the Apache server

Client Side Scripting

Client-side programming is based on the idea that the computer which the client is using to browse the web has quite a bit of CPU power sitting there doing nothing.

Meanwhile, web servers are being tasked to death handling hundreds of CGI requests above and beyond their regular duties.

Thus, it makes sense to share some of that burden between the client and server by taking some of the processing load off the server and giving it to the client.

What Client side scripts can do?

Scripts can be used to add interesting (Interactive Web Pages) and useful effects to Web pages (Dynamic pages)

Validations and error checkingMaintaining stateCreating Dynamic Forms with Client-Side

Scripting.

What Client side scripts can do? Cont…

Instant Feedback to UsersClient-Side Scripts Move Processing Tasks

back to the Client

Examples

Event Handling Example 6Menu Example 7Animation (Scrolling) Example 8

Disadvantages of Client Side Scripting

Browser-Dependent Client-Side Scripts– Different set of codes for both the browsers

Secure Source Code of Client-Side Scripts.Pages Take Longer to DownloadProgram Scope Is Limited to a Single

HTML PageNo Direct Access to System Objects

Which Should I Use? Client- or Server-Side?

If you want to have dynamic client forms with client-side validation, you must use client-side scripting.

If you want your site to have highly interactive pages, you should use client-side scripting.

If you need to provide your client with advanced functionality that can be created only using ActiveX controls, you must use client-side scripting.

Which Should I Use? Client- or Server-Side? Cont…

If you want to control the user's browser (that is, you want to turn off the menus and place the browser in kiosk mode), you must use client-side scripting

If your Web site must work with every browser on the market, and you do not want to create several different versions for different browsers, you should avoid client-side scripting

If you want to protect your source code, you must use only server-side scripting. All client-side source code is transferred to the browser.

Which Should I Use? Client- or Server-Side? Cont…

If you need to track user information across several Web pages to create a "Web application," you must use server-side scripting

If you need to interact with server-side databases, you must use server-side scripting.

If you need to use HTTP server variables or check the capabilities of the user's browser, you must use server-side scripting