|
CGI Ron Graham |
||||||||||||||||||||||||
|
Common Gateway Interface (CGI) is the methodology used to process
forms on the Web. Any HTML form involves an action, and that
action is taken by a CGI script or program, manipulating data
a visitor to your Web site enters on the form.
CGI is used by many Webmasters to produce the following popular effects:
There are two methods that the HTML form can use in processing information: GET and POST. A very rough summary of these methods: both will manipulate the data entered by the user onto the form and present some result in the user's browser; POST will create or modify some file as part of the action. The CGI program will read form input, which has been organized into "name-value pairs," where "name" is the name of a field in the form, and "value" is whatever the site visitor has entered in that field. The program will separate the pairs from one another, then separate individual name from associated value, then perform operations on the values and display the results of those operations on the visitor's browser. Special characters entered into form fields will be converted to hex code, and you may need to have your CGI programs parse the hex code and convert back. Here are examples of common characters that need parsing in CGI:
There are two types of CGI: scripts and programs. Scripts are interpreted by the hosting server "at runtime," or when the HTML form is submitted by the user. Programs are compiled into executable files and run. Though there are many considerations involved in choosing whether to use scripts or programs, these are generally fundamental:
What a service provider allows can be critical. Many system administrators recognize that "a rogue CGI program can take down the entire Web site," as put by the administrators at TCNJ. Some service providers won't allow user-supplied scripts at all; others only allow their own. America Online, for instance, has two CGI scripts: one for a guestbook and the other for sending template e-mail; those scripts can't be modified by any AOL subscriber -- and even those can be victimized by malicious spammers. There are at least two ways that CGI can compromise site security:
Even more important than security considerations, however, is the knowledge that many of the most popular effects for the average user already exist, are available as freeware or shareware, and require only modest customization to be ready to use. If you create your own CGI, you should test it thoroughly before releasing it to the public. Even having done so, someone will always find a creative way to make the script fail; and CGI will not usually be very good at telling users why it fails, unless you've included some exhaustive error handling in your code. This can be another good reason to put limitations on what data users can enter on your forms. Since your CGI runs on your own server, you must either know exactly where your service provider carries Perl, or compile your C program on that server. Other CGI programming methods require similar precautions. References I'm having a hard time finding a good book on CGI programming with C or C++. And I'm ignoring programs other than Perl and C/C++ on the basis of programmer popularity for the time being -- though I hear good things particularly about Tcl.
Guelich, et. al.
CGI
Programming with Perl. O'Reilly & Associates, 2000. ISBN 1-56292-419-3
POSSIBLE FREE CGI HOSTING SITES
www.cgi-free.com What you can do
|
||||||||||||||||||||||||