using cgi

how is cgi different from html?
Making CGI functions is fundamentally different from making HTML pages. Instead of telling what you want the browser to do, you are telling what you want the server to do. CGI functions are commonly called "scripts", because they are kind of like movie scripts: you are telling what you want the server (the actor) to say and do in front of the audience (the users).

To the server computer, CGI scripts are just like programs. When the server receives the CGI request, it executes the script. No, it doesn't strap it in an electric chair; It does what the script tells it to do, as if the script were a program. With an HTML file, it simply reads it from the disk and sends it to the client.

The problem with CGI scripts is that, while they can enrich a web site's content immensely, they can also pose a security problem. Because CGI scripts are actually programs, they have access to all the server computer's functions just like a regular program. So, if a malicious person had the ability to make CGI scripts on the server, he or she could make a script that says "erase C:\", which would obviously not be good. Because of this, most ISPs that let you put a web page on their server do not allow you to use CGI. However, some do allow you to run scripts on a separate server, or provide a number of scripts which they have authorized to be 'safe' for users to access.

CGI is just the interface, not the language; CGI is kind of like a person's vocal cords, but CGI doesn't give that person language so it doesn't help him or her much. Just like this, CGI is the means by which CGI scripts can be executed, but isn't the actual CGI scripts.

This is where a programmer comes in. If CGI scripts are programs that run on the server, then they are created like any other program - with a programming language. Almost any major programming language can create CGI scripts - C++, Visual Basic, Perl, etc.

To illustrate exactly how a CGI script works, think about when you pay for your items at the supermarket: You draw up to the cashier. You show him or her the items you wish to purchase. He or she checks them and gets their prices. The cashier punches the prices into the cash register, which adds it and finds the price. The cashier tells you what the price is, and you give him or her the money.

Now let's say that the supermarket has an Internet store. The cashier is a CGI script. You draw up (go to the "purchase" page). You show him or her the items you wish to purchase (you fill in the form and submit it). The cashier punches the prices into the cash register (the CGI script is on a computer already, so it can just add them up). The cashier tells you what the price is (the CGI script prints out some HTML code specifying the price that is sent to the browser), and you give him or her the money (fill out another form with your name and address, credit card number, etc.).

So, there are three major steps that every CGI script performs: it receives data from the user, does the requested operation (in the above case, adds the prices), and then returns data to the user (in the above case, the total price).

Take the search function as an example again: it receives the search terms from the user. It performs the search, and then returns the results to the user.

the technicalities
So, now that we have a pretty good understanding of what CGI is, let's learn the finer points of how it works.

The most common method of sending input to a CGI script is, of course, a form. You can read about forms in detail in the Advanced HTML section in Webworks, but let's have a quick review.

• Forms contain input fields where the user can input data, a submit button through which the user can submit that data, and (usually) a reset button to reset the fields in case the user messes up.
• In HTML, forms consist of an enclosing <form> tag, and then any number of <input> tags, at least one of which is a submit button.

Here's an example of a <form> tag:

<form action="/cgi-bin/store.cgi" method="post">

The 'action' element of the form tag specifies the path to the CGI script that will process the data from this form. Most servers that allow the use of CGI scripts have a directory called cgi-bin which is specially configured so that scripts in it can be executed by outside users. You simply put the script in this directory, and it will then be accessible to anyone on the web.

The 'method' element of the form tag specifies the method (thus the name) by which the form's data will be sent to the CGI script. There are two options:

• GET - the browser appends the data onto the end of the URL itself, and the CGI script retrieves this. I'm sure you've seen those forms where the URL ends up a mile long; these are generally utilizing the GET method.
• POST - the browser sends the data to the CGI script in a more direct fashion. This fashion is a bit difficult to understand without programming knowledge, but it is explained in the cgi & c++ section. This method is recommended because (a) it is easier for the CGI script on the other end to retrieve & parse the data, and (b) the user doesn't end up with a mile-long URL.

Note that the method used is dependent on the script on the other end: a script that was programmed to use the GET method will not work if you use the POST method, and vice versa.

Click here to go back to the table of contents.

Copyright © 1998 Webworks Team. All rights reserved. Email with questions or comments about this web site.