CGI Programming

What is it?

• CGI– Common Gateway Interface

• Standard way to pass information back to the Web Server– GET

• Query String

– POST• Standard Input

What is CGI?

• CGI is platform independent

• CGI is language independent

• Perl is the most popular development language

CGI Environment

• CGI uses a subset of the OS environment for the application

• Can access native applications on server

• Runs as the server userid (normally)

• See showenv.pl

CGI/HTML

• Data is passed to a CGI program from a HTML file with the Form tag– Method = GET– Method = POST

Parsing Data

• If request is passed via GET, use QUERY_STRING environmental variable

• If request is passed via POST, you must read in the data from STDIN (the CONTENT_LENGTH environmental variable specifies how much data to read)

Parse Some Data

• See advance.htm

• See simple_parse.pl

• See sample_cgipm.pl

Form Verification

• Need to verify data before processing

• Bad data can be a security risk

• Assume all data is initially bad

• see verify.pl

• (In real life also use JavaScript )

Cookies: State Management

• HTTP is stateless

• Cookies are the standard method for state management

• Can use hidden fields, mangled URLs, etc

• see cookie.htm

• see cookie.pl

• Cookies are not evil! :)