CGI Common Gateway Interface
What is CGI? • CGI is an acronym that stands for Common Gateway Interface is a standard for interfacing external applications with information servers, such as HTTP or Web servers • This interface provides a means for browsers and the server where document resides to communicate and pass information back and forth • Primarily, this is done through the <FORM> tag, but there can be other ways to use CGI effectively, like through Server Side Includes (SSI)
What is CGI? • CGI, permits interactivity between a client and a host operating system through the World Wide Web via the Hyper Text Transfer Protocol (HTTP) • CGI program can be written in C or C++, Perl, ASP, PHP, Python, TCL, shells, and many others languages and scripts
Examples of uses for CGI • Forms • forms on web sites allow the user to enter information which is processed by CGI and mailed to an administrator or logged • On-the-Fly Pages • web pages can be created dynamically (as needed) with up-to-date information. • Database Interaction • an application of on-the-fly page creation. Web pages can be created using information read from a database, or a web site form can allow a user to update database entries
Examples of uses for CGI • Logging / Counters • a log file can record traffic data updated with information on each visitor. A counter can be included on the web page to advertise traffic. • Animation • "server-push" programs can be used to feed the client successive images in an animated sequence. • Catalogs, Search engines
Requirements • Web server (NCSA, Apache, IIS, Microsoft Personal Web server etc.) • Compiler (C/C++) or Interpreter (Perl), PHP, ASP • Web browser (NN, IE etc.)
Writing CGI programs involves • Obtaining input from a user or from a data file. • Storing that input in program variables. • Manipulating those variables to achieve some desired purpose, and • Sending the results to a file or video display.
More about FORM tag • <form action=”url" method=”get" > ... Form Element tags ... </form> • <form action=“http://www.ncsi.iisc.ernet.in/cgi-bin/test.pl” method =”post"> Form Elements </form> • action attribute tells where the information in the form is to be sent • Default method is get • Examples of Forms
Form Tag Description <FORM ACTION="/cgi-bin/prog.pl" METHOD="POST"> Form Start <INPUT TYPE="text" NAME="name" VALUE="value" SIZE="size"> Text Field <INPUT TYPE="password" NAME="name" VALUE="value" SIZE="size"> Password Field <INPUT TYPE="hidden" NAME="name" VALUE="value"> Hidden Field <INPUT TYPE="checkbox" NAME="name" VALUE="value"> Checkbox <INPUT TYPE="radio" NAME="name" VALUE="value"> Radio Button <SELECT NAME="name" SZE=1> <OPTION SELECTED> One <OPTION>Two … </SELECT> Dropdown List <INPUT TYPE="submit" VALUE="Message!" > Submit Button <INPUT TYPE="reset" VALUE="Message!"> Reset Button </FORM> Form Ends
Browser Request • For the simple hypertext link in an HTML document: • test.html • Browser will send a request of the following type: GET /test.html HTTP/1.0 Accept: text/plain Accept: text/html Two blank lines
Server Response HTTP /1.0 200 OK Date: Monday, 24-Dec-2000 11:09:05 GMT Server: NCSA/1.3 MIME-version 1.0 Content-type: text/html Content-length: 231 <HTML><HEAD><TITLE>Test Page</TITLE></HEAD> <BODY> This is a simple HTML page. </BODY> </HTML>
Environment Variables(What are they used for?) • In order to pass data from the server to the script, the server uses command line arguments along with environment variables. • The Environment Variables are set when the server executes a CGI Script. • Environment Variables allow the CGI Script to reference variables that might be wanted for the Script output. • There are two types of environment variables: • Non-Request specific variables - those set for every request • Request specific variables - those that are dependent on the request being fulfilled by the CGI Script
Environment Variables • SERVER_NAME • The server's Host name or IP address • SERVER_SOFTWARE • The name and version of the server-software that is answering the client requests • SERVER_PROTOCOL • The name and revision of the information protocol the request came in with. • REQUEST_METHOD • The method with which the information request was issued.
Environment Variables Cont... • QUERY_STRING • The query information passed to the program. It is appended to the URL with a "?” • CONTENT_TYPE • The MIME type of the query data, such as "text/html” • CONTENT_LENGTH • The length of the data in bytes, passed to the CGI program through standard input. • HTTP_USER_AGENT • The browser the clients is using to issue the request. • DOCUMENT_ROOT • It displays the server document root directory
Typical Environment Variables • SERVER_SOFTWARE = Apache/1.3.14 • SERVER_NAME = www.ncsi.iisc.ernet.in • GATEWAY_INTERFACE = CGI/1.1 • SERVER_PROTOCOL = HTTP/1.0 • SERVER_PORT = 80 • REQUEST_METHOD = GET • HTTP_ACCEPT = 'image/gif, image/x-xbitmap, image/jpeg, */*' • SCRIPT_NAME = /cgi-bin/environment-example • QUERY_STRING = • REMOTE_HOST = ece.iisc.ernet.in • REMOTE_ADDR = 220.127.116.11
Where does the data for the CGI Script come from? • The most common way for data to be sent to CGI Scripts is through HTML forms. HTML forms use a multitude of input methods to get data to a CGI Script. Some of these input types are radio buttons, check boxes, text input and pull-down menus. • After the input necessary for the Script is determined and what type of input are going to be used, there are two main ways to receive information using the form. The methods are Get and Post. The information will be encoded differently depending on on which method is used.
GET Method • The form data is encoded and then appended to the URL after ? mark • The information contained in the part of the URL after the ? mark is called the QUERY_STRING, which consists of a string of name=value pairs separated by ampersands (&) • GET http://www.ncsi.iisc.ernet.in/cgi-bin/example/simple.pl?first=Jason&last=Nugent • Example 3
POST Method • Difference between Get and Post method is primarily defined in terms of form data encoding • The information is sent after all request headers have been sent to the server • With the post method, the server passes the information contained in the submitted form as standard input (STDIN) to the CGI program
POST Method ... • The length of the information (in bytes) is also sent to the server, to let the CGI script know how much information it has to read • The environment variable CONTENT_LENGTH contains information about how much amount of data being transferred from html form. • Examples 4
Examples • Counter (Counter) • Database Search • Create MS Access Database • Create data source (ODBC) • Write scripts to access database from the browser • Example 5
What are the Drawbacks of using CGI? • CGI applications can be slowed down considerably if network is slow • If your script is long or has to do a lot of processing, your visitor will have to wait a bit until your script is finished running • Biggest concern with CGI programs is security
Server Side Include • Server-side include (SSI) files add text, graphic, or application information to an HTML document just before sending the HTML file to a user • Make adding dynamic content to your documents easy
SSI directives • #INCLUDE • Includes the text • #FLASTMOD • Retrieves the last modification time of a file. • #FSIZE • Retrieves the size of a file. • #ECHO • Inserts the value of various Common Gateway Interface (CGI)-system environment variables. • #CONFIG • Configures how variables and commands are displayed. • #EXEC • Executes CGI-system command scripts and inserts output into an HTML document.
SSI in PWS • To make SSI work, the Web server must parse the HTML document and process any directives before sending the final HTML file to the client • General Form • <!-- #<PREPROCESSING_DIRECTIVE>--> • E.g. • <!-- #exec cgi=“/php/test.php”--> • <!-- #echo “QUERY_STRING--> • <!-- #include file=“myfile.txt” -->
SSI in Apache • Add the two lines below in the main configuration file httpd.conf • AddHandler server-parsed .shtml • AddType text/html .shtml • Restart the Apache server
Client Side Scripting • Client-side programming is based on the idea that the computer which the client is using to browse the web has quite a bit of CPU power sitting there doing nothing. • Meanwhile, web servers are being tasked to death handling hundreds of CGI requests above and beyond their regular duties. • Thus, it makes sense to share some of that burden between the client and server by taking some of the processing load off the server and giving it to the client.
What Client side scripts can do? • Scripts can be used to add interesting (Interactive Web Pages) and useful effects to Web pages (Dynamic pages) • Validations and error checking • Maintaining state • Creating Dynamic Forms with Client-Side Scripting.
What Client side scripts can do? Cont… • Instant Feedback to Users • Client-Side Scripts Move Processing Tasks back to the Client
Examples • Event Handling Example 6 • Menu Example 7 • Animation (Scrolling) Example 8
Disadvantages of Client Side Scripting • Browser-Dependent Client-Side Scripts • Different set of codes for both the browsers • Secure Source Code of Client-Side Scripts. • Pages Take Longer to Download • Program Scope Is Limited to a Single HTML Page • No Direct Access to System Objects
Which Should I Use? Client- or Server-Side? • If you want to have dynamic client forms with client-side validation, you must use client-side scripting. • If you want your site to have highly interactive pages, you should use client-side scripting. • If you need to provide your client with advanced functionality that can be created only using ActiveX controls, you must use client-side scripting.
Which Should I Use? Client- or Server-Side? Cont… • If you want to control the user's browser (that is, you want to turn off the menus and place the browser in kiosk mode), you must use client-side scripting • If your Web site must work with every browser on the market, and you do not want to create several different versions for different browsers, you should avoid client-side scripting • If you want to protect your source code, you must use only server-side scripting. All client-side source code is transferred to the browser.
Which Should I Use? Client- or Server-Side? Cont… • If you need to track user information across several Web pages to create a "Web application," you must use server-side scripting • If you need to interact with server-side databases, you must use server-side scripting. • If you need to use HTTP server variables or check the capabilities of the user's browser, you must use server-side scripting