FIT5900 : FORMS & CGI

In the previous lecture:

• Javascript Object Model

In this lecture:

• Working with server scripts
  
  
• Using forms to supply data

Reference:

• Stein, L.D.: How To Set Up and Maintain a Web Site, 2nd edn, Addison Wesley 1997, Chpter 8.

What are scripts?

• Scripts are external programs run by a server in response to a request from a web browser.
  
  
• Scripts may accept input parameters from a web browser along with the request to be executed.
  
  
• Scripts may return output to be displayed in the browser.
  
  
• Scripts running on a web server add to the WWW the ability to synthesize responses to changing conditions... they add a dynamic aspect to the web.
  
  
• Scripts can be written in any langauge, interpretted (eg. PERL) or compiled (eg. C).

Common Gateway Interface (CGI)

• CGI is an interface or gateway between server and script.
  
  
• A gateway may link between the web server and a database search engine for example.
  
  
• CGI compliant scripts will run on CGI compliant servers.
  
  
• Servers running on Unix, VMS, OS / 2, Windows NT / 95 are CGI compliant.
  
  
• Macintosh servers are not CGI compliant but simple measures allow scripts to run on the (very simple to configure and maintain) Mac web servers.
  
  
• Many scripts are front ends to UNIX programs (such as emailers and text search engines) and so, even though the script itself may run on a non-Unix machine, the back end program doing the work may not run (or even exist)!
  
  

A Few Examples

• A counter telling me that I have re-loaded this page times since 14 Sept 98.
  
  
• The interface on an ugly Yellow Pages website.
  
  
• The php web site.
  
  

• When a user requests a URL pointing to a script, the server executes the script.
  
  
• The server can identify the URL as a script rather than a document to be retrieved by
  
  
  • the directory the URL indicates (frequently .../cgi-bin or a subdirectory)
    
    James, how long until the <A HREF="/cgi-bin/bombTimer"> bomb detonates? </A>
    
    
  • a unique file extension (frequently .cgi)
    
    James, how long until the <A HREF="blah/bombTimer.cgi"> bomb detonates? </A>
    
    
  
  
• Frequently, scripts are authorized and installed by the system administrator to prevent malicious, careless or ignorant folk from installing programs which may breach security.
  
  
• Scripts may be run under a special username (eg. www) with no special priveleges. This may help prevent inadvertent or malicious damage.
  
  
• Scripts may be run within a wrapper as the user who owns the script. Special security checks ensure the server's security is not compromised (cgiwrap and cgiwrapd).

• Parameters may be passed to a script directly through the URL.
  
  <A HREF="/cgi-bin/search?James%20Bond">Where is 007?</A>
  
  
• The ? is appended to the URL and precedes the query string which constitutes the argument list passed to the script.
  
  
• The %20 escapes the space character in the search string.
  
  
• Query strings usually (not necessarily) fall into one of two formats:
  
  
  • Keyword list in the form:
    
    value1+value2+value3+...
    
    <A HREF="/cgi-bin/search?Secret+Agent+James+Bond">
    Where is 007?
    </A>
    
    This format is often used for scripts which do word searches.
    
    
  • Named parameter list in the form:
    
    name1=value1&name2=value2&name3=value3...
    
    <A HREF = "/cgi-bin/search?job=Secret%20Agent&name1=James&name2=Bond">
    Where is 007?
    </A>
    
    This format is useful for complex data where various options may or may not be specified depending on conditions and a name must be associated with each datum to determine its meaning.
    
    
• Path information (such as the path to a file to be searched by a script) may be incorporated into the URL of a script by appending it to the URL.
  
  .../cgi-bin/bombTimer/james0/bombFiles/bomb.txt
  
  After the server has decoded the URL of the script, the additional path information is passed to the script. (The ? and a query string may be appended following the additional path information as usual.)

• User input may be gathered using fill-out forms containing text entry boxes, radio buttons etc.
  
  
• Scripts may create their own fill out forms...
  
  
  1. Script is called without parameters
  2. Script requires parameters so it creates an input document which is despatched to the browser.
  3. User enters required data to input document and submits it.
  4. Browser calls the script, passing it the contents of the input document as parameters.
  5. Script processes data and returns result.
  
  
  
• A custom interface may be written to such scripts by creating a fill out form which collects the necessary data and sends it to the script as parameters directly.

Front End to Keyword List Scripts

• The HTML looks like this:
  
  <ISINDEX ACTION="http://archie.au/cgi-bin/archie.cgi">
  
  
• The contents of the ACTION attribute instruct the browser where to send the keywords entered by the user into the text entry box. (If ACTION is omitted, the keywords are sent to the current URL.)
  
  

Front End to Named Parameter List Scripts

<FORM ACTION="/cgi-bin/order_toys" METHOD=POST >

<P>Secret Agent Name:
< INPUT TYPE="text" NAME="name">

...

<INPUT TYPE="submit" VALUE="Transmit Order to HQ">
< INPUT TYPE="reset" VALUE="Eat Order">

< /FORM>

• The form is marked by <FORM> tags...
  
  
• The ACTION attribute tells the browser where to send the submitted parameters.
  
  
• The METHOD attribute specifies the means by which the browser submits information to the script. This can be one of two request methods implemented in HTTP (see Stein p47 for further details):
  
  
  1. The GET command
     
     tells the server to return an entire document to the browser. This is the command most commonly used when retrieving data from the web. A script call using GET is made by appending the query string to the script's URL.
     
     
  2. The POST command
     
     tells the server to treat a document as an executable and pass it some information. Using this method the query string is transmitted between server and client along a communications channel opened especially.
  
  
  The POST method is preferred as some servers may truncate long URL's losing essential data.
  
  A well written script should handle both POST and GET submissions.
  
  
• The INPUT tags denote form elements (text entry boxes, push buttons etc)
  
  
• The INPUT tag of type="submit" is a button which places the form data into a named parameter list. The parameter names are the names of the form elements, their values are the values of the respective input elements.
  
  
• The INPUT tag of type="reset" is a button which... I wonder!?
  
  
• Check out the document source to see how some of the other elements are described. There are more besides! (Refer to an HTML guide)
  
  
• Netscape recognizes an ACTION attribute:
  
  <FORM ACTION = "mailto:fox.mulder@fbi.org" METHOD = POST>
  
  No prizes for guessing that on submission, this mails the contents of the form to the address given.

Remember Clickable Image Maps?

• Originally clickable image maps were implemented using CGI scripts.
  
  
• The user clicked on an image, the x,y coordinates of the click were sent to a script which read them and returned a URL which was then sent to the web browser which sent the URL back to the server which returned the requested document.
  
  
• No wonder servers began incorporating the functionality of these scripts!
  
  
• ... a scheme which was further accelerated by the client side image map!

CGI Magic

So you see how simple all this CGI script stuff is... here's a really simple CGI script written in C...

main(int argc, char **argv)
{
    printf("Content-type: text/html\n"); // tell server MIME type of returned doc.
    printf("\n");                        // blank line
	
    printf("<HEAD><TITLE><BR>\n');       // output HTML header info.
    printf("Echo Script Response<BR>\n");
    printf("</TITLE></HEAD><BR>\n");
	
    printf("<BODY>\n<P>\n");             // output HTML body echoing the
    printf("%s", getenv("QUERY_STRING"));// environment variable QUERY_STRING
    printf("</BODY>\n");
}

• The above script echoes the input sent to it.
  
  
• The script receives its input in the environment variable QUERY_STRING after submission from a form using METHOD=GET.
  
  
• The PATH_INFO environment variable contains any path information appended to the the URL.


Let's call the script using this fill out form...



Your favourite film or TV show: Your favourite Sci-Fi film or TV show? 2001 2010 X-Files Star Trek Star Wars Buck Rogers Battle Star Galacticca Gattacca Do you watch Xena? Yes No Do you watch South Park? Yes No What is you bank account PIN number?




---

• CGI defines a standard way to transfer information from the client-side (Browser) to the server.
• Forms provide standard data entry and selection widgets for users to submit data.
• CGI scripts can generate dynamic or query specific web pages 'on the fly'

FIT5900 courseware | FIT5900 lecture notes

©Copyright Alan Dorin & Jon McCormack 1999,2000