What is CGI? CGI is an acronym that stands for Common Gateway Interface is a standard for interfacing external applications with information servers, such as HTTP or Web servers This interface provides a means for browsers and the server where document resides to communicate and pass information back and forth Primarily, this is done through the <FORM> tag, but there can be other ways to use CGI effectively, like through Server Side Includes (SSI)
What is CGI? CGI, permits interactivity between a client and a host operating system through the World Wide Web via the Hyper Text Transfer Protocol (HTTP) CGI program can be written in C or C++, Perl, ASP, PHP, Python, TCL, shells, and many others languages and scripts
Examples of uses for CGI Forms – forms on web sites allow the user to enter information which is processed by CGI and mailed to an administrator or logged On-the-Fly Pages – web pages can be created dynamically (as needed) with up-to-date information. Database Interaction – an application of on-the-fly page creation. Web pages can be created using information read from a database, or a web site form can allow a user to update database entries
Examples of uses for CGI Logging / Counters – a log file can record traffic data updated with information on each visitor. A counter can be included on the web page to advertise traffic. Animation – "server-push" programs can be used to feed the client successive images in an animated sequence. Catalogs, Search engines
Requirements Web server (NCSA, Apache, IIS, Microsoft Personal Web server etc.) Compiler (C/C++) or Interpreter (Perl), PHP, ASP Web browser (NN, IE etc.)
Writing CGI programs involves Obtaining input from a user or from a data file. Storing that input in program variables. Manipulating those variables to achieve some desired purpose, and Sending the results to a file or video display.
More about FORM tag <form action=”url" method=”get" > ... Form Element tags ... </form> <form action=“http://www.ncsi.iisc.ernet.in/cgi- bin/test.pl” method =”post"> Form Elements </form> action attribute tells where the information in the form is to be sent Default method is get Examples of Forms
Form Tag Description<FORM ACTION="/cgi-bin/prog.pl" METHOD="POST"> Form Start<INPUT TYPE="text" NAME="name" VALUE="value" Text FieldSIZE="size"><INPUT TYPE="password" NAME="name" VALUE="value" Password FieldSIZE="size"><INPUT TYPE="hidden" NAME="name" VALUE="value"> Hidden Field<INPUT TYPE="checkbox" NAME="name" CheckboxVALUE="value"><INPUT TYPE="radio" NAME="name" VALUE="value"> Radio Button<SELECT NAME="name" SZE=1> Dropdown List<OPTION SELECTED> One <OPTION>Two… </SELECT><INPUT TYPE="submit" VALUE="Message!" > Submit Button<INPUT TYPE="reset" VALUE="Message!"> Reset Button</FORM> Form Ends
Browser Request For the simple hypertext link in an HTML document: test.html Browser will send a request of the following type: GET /test.html HTTP/1.0 Accept: text/plain Accept: text/html Two blank lines
Server ResponseHTTP /1.0 200 OKDate: Monday, 24-Dec-200011:09:05 GMTServer: NCSA/1.3MIME-version 1.0Content-type: text/htmlContent-length: 231<HTML><HEAD><TITLE>Test Page</TITLE></HEAD><BODY>This is a simple HTML page.</BODY></HTML>
Environment Variables (What are they used for?) In order to pass data from the server to the script, the server uses command line arguments along with environment variables. The Environment Variables are set when the server executes a CGI Script. Environment Variables allow the CGI Script to reference variables that might be wanted for the Script output. There are two types of environment variables: Non-Request specific variables - those set for every request Request specific variables - those that are dependent on the request being fulfilled by the CGI Script
Environment Variables SERVER_NAME – The servers Host name or IP address SERVER_SOFTWARE – The name and version of the server-software that is answering the client requests SERVER_PROTOCOL – The name and revision of the information protocol the request came in with. REQUEST_METHOD – The method with which the information request was issued.
Environment Variables Cont... QUERY_STRING – The query information passed to the program. It is appended to the URL with a "?” CONTENT_TYPE – The MIME type of the query data, such as "text/html” CONTENT_LENGTH – The length of the data in bytes, passed to the CGI program through standard input. HTTP_USER_AGENT – The browser the clients is using to issue the request. DOCUMENT_ROOT – It displays the server document root directory
Where does the data for the CGI Script come from? The most common way for data to be sent to CGI Scripts is through HTML forms. HTML forms use a multitude of input methods to get data to a CGI Script. Some of these input types are radio buttons, check boxes, text input and pull-down menus. After the input necessary for the Script is determined and what type of input are going to be used, there are two main ways to receive information using the form. The methods are Get and Post. The information will be encoded differently depending on on which method is used.
GET Method The form data is encoded and then appended to the URL after ? mark The information contained in the part of the URL after the ? mark is called the QUERY_STRING, which consists of a string of name=value pairs separated by ampersands (&) GET http://www.ncsi.iisc.ernet.in/cgi- bin/example/simple.pl?first=Jason&last=Nugent Example 3
POST Method Difference between Get and Post method is primarily defined in terms of form data encoding The information is sent after all request headers have been sent to the server With the post method, the server passes the information contained in the submitted form as standard input (STDIN) to the CGI program
POST Method ... The length of the information (in bytes) is also sent to the server, to let the CGI script know how much information it has to read The environment variable CONTENT_LENGTH contains information about how much amount of data being transferred from html form. Examples 4
Examples Counter (Counter) Database Search – Create MS Access Database – Create data source (ODBC) – Write scripts to access database from the browser Example 5
What are the Drawbacks of using CGI? CGI applications can be slowed down considerably if network is slow If your script is long or has to do a lot of processing, your visitor will have to wait a bit until your script is finished running Biggest concern with CGI programs is security
Server Side Include Server-side include (SSI) files add text, graphic, or application information to an HTML document just before sending the HTML file to a user Make adding dynamic content to your documents easy
SSI directives #INCLUDE – Includes the text #FLASTMOD – Retrieves the last modification time of a file. #FSIZE – Retrieves the size of a file. #ECHO – Inserts the value of various Common Gateway Interface (CGI)-system environment variables. #CONFIG – Configures how variables and commands are displayed. #EXEC – Executes CGI-system command scripts and inserts
SSI in PWS To make SSI work, the Web server must parse the HTML document and process any directives before sending the final HTML file to the client General Form – <!-- #<PREPROCESSING_DIRECTIVE>--> E.g. – <!-- #exec cgi=“/php/test.php”--> – <!-- #echo “QUERY_STRING--> – <!-- #include file=“myfile.txt” -->
SSI in Apache Add the two lines below in the main configuration file httpd.conf – AddHandler server-parsed .shtml – AddType text/html .shtml Restart the Apache server
Client Side Scripting Client-side programming is based on the idea that the computer which the client is using to browse the web has quite a bit of CPU power sitting there doing nothing. Meanwhile, web servers are being tasked to death handling hundreds of CGI requests above and beyond their regular duties. Thus, it makes sense to share some of that burden between the client and server by taking some of the processing load off the server and giving it to the client.
What Client side scripts can do? Scripts can be used to add interesting (Interactive Web Pages) and useful effects to Web pages (Dynamic pages) Validations and error checking Maintaining state Creating Dynamic Forms with Client-Side Scripting.
What Client side scripts can do? Cont… Instant Feedback to Users Client-Side Scripts Move Processing Tasks back to the Client
Examples Event Handling Example 6 Menu Example 7 Animation (Scrolling) Example 8
Disadvantages of Client Side Scripting Browser-Dependent Client-Side Scripts – Different set of codes for both the browsers Secure Source Code of Client-Side Scripts. Pages Take Longer to Download Program Scope Is Limited to a Single HTML Page No Direct Access to System Objects
Which Should I Use? Client- or Server-Side? If you want to have dynamic client forms with client-side validation, you must use client-side scripting. If you want your site to have highly interactive pages, you should use client-side scripting. If you need to provide your client with advanced functionality that can be created only using ActiveX controls, you must use client-side scripting.
Which Should I Use? Client- or Server-Side? Cont… If you want to control the users browser (that is, you want to turn off the menus and place the browser in kiosk mode), you must use client-side scripting If your Web site must work with every browser on the market, and you do not want to create several different versions for different browsers, you should avoid client-side scripting If you want to protect your source code, you must use only server-side scripting. All client-side source code is transferred to the browser.
Which Should I Use? Client- or Server-Side? Cont… If you need to track user information across several Web pages to create a "Web application," you must use server-side scripting If you need to interact with server-side databases, you must use server-side scripting. If you need to use HTTP server variables or check the capabilities of the users browser, you must use server-side scripting