What is CGI? - Personal Site of Idris Winarno

Download Report

Transcript What is CGI? - Personal Site of Idris Winarno 

CGI
Common Gateway Interface
What is CGI?
 CGI is an acronym that stands for Common
Gateway Interface is a standard for interfacing
external applications with information servers,
such as HTTP or Web servers
 This interface provides a means for browsers and
the server where document resides to
communicate and pass information back and forth
 Primarily, this is done through the <FORM> tag,
but there can be other ways to use CGI effectively,
like through Server Side Includes (SSI)
What is CGI?
CGI, permits interactivity between a client
and a host operating system through the
World Wide Web via the Hyper Text
Transfer Protocol (HTTP)
CGI program can be written in C or C++,
Perl, ASP, PHP, Python, TCL, shells, and
many others languages and scripts
Examples of uses for CGI
 Forms
– forms on web sites allow the user to enter information
which is processed by CGI and mailed to an
administrator or logged
 On-the-Fly Pages
– web pages can be created dynamically (as needed) with
up-to-date information.
 Database Interaction
– an application of on-the-fly page creation. Web pages
can be created using information read from a database,
or a web site form can allow a user to update database
entries
Examples of uses for CGI
 Logging / Counters
– a log file can record traffic data updated with
information on each visitor. A counter can be included
on the web page to advertise traffic.
 Animation
– "server-push" programs can be used to feed the client
successive images in an animated sequence.
 Catalogs, Search engines
Requirements
Web server (NCSA, Apache, IIS, Microsoft
Personal Web server etc.)
Compiler (C/C++) or Interpreter (Perl),
PHP, ASP
Web browser (NN, IE etc.)
Writing CGI programs involves
Obtaining input from a user or from a data
file.
Storing that input in program variables.
 Manipulating those variables to achieve
some desired purpose, and
Sending the results to a file or video
display.
More about FORM tag
 <form action=”url" method=”get" >
... Form Element tags ...
</form>
 <form action=“http://www.ncsi.iisc.ernet.in/cgibin/test.pl” method =”post"> Form Elements
</form>
 action attribute tells where the information in the
form is to be sent
 Default method is get
 Examples of Forms
Form Tag
Description
<FORM ACTION="/cgi-bin/prog.pl" METHOD="POST">
Form Start
<INPUT TYPE="text" NAME="name"
VALUE="value" SIZE="size">
Text Field
<INPUT TYPE="password" NAME="name"
VALUE="value" SIZE="size">
Password Field
<INPUT TYPE="hidden" NAME="name" VALUE="value">
Hidden Field
<INPUT TYPE="checkbox" NAME="name"
VALUE="value">
Checkbox
<INPUT TYPE="radio" NAME="name" VALUE="value">
Radio Button
<SELECT NAME="name" SZE=1>
<OPTION SELECTED> One <OPTION>Two
… </SELECT>
Dropdown List
<INPUT TYPE="submit" VALUE="Message!" >
Submit Button
<INPUT TYPE="reset" VALUE="Message!">
Reset Button
</FORM>
Form Ends
Browser Request
 For the simple hypertext link in an HTML
document:
 test.html
 Browser will send a request of the following type:
GET /test.html HTTP/1.0
Accept: text/plain
Accept: text/html
Two blank lines
Server Response
HTTP /1.0 200 OK
Date: Monday, 24-Dec-2000
11:09:05 GMT
Server: NCSA/1.3
MIME-version 1.0
Content-type: text/html
Content-length: 231
<HTML><HEAD><TITLE>Test Page</TITLE></HEAD>
<BODY>
This is a simple HTML page.
</BODY>
</HTML>
Environment Variables
(What are they used for?)
 In order to pass data from the server to the script, the
server uses command line arguments along with
environment variables.
 The Environment Variables are set when the server
executes a CGI Script.
 Environment Variables allow the CGI Script to reference
variables that might be wanted for the Script output.
 There are two types of environment variables:
Non-Request specific variables - those set for every
request
Request specific variables - those that are dependent on
the request being fulfilled by the CGI Script
Environment Variables
 SERVER_NAME
– The server's Host name or IP address
 SERVER_SOFTWARE
– The name and version of the server-software that is answering the
client requests
 SERVER_PROTOCOL
– The name and revision of the information protocol the request
came in with.
 REQUEST_METHOD
– The method with which the information request was issued.
Environment Variables Cont...
 QUERY_STRING
– The query information passed to the program. It is appended to the
URL with a "?”
 CONTENT_TYPE
– The MIME type of the query data, such as "text/html”
 CONTENT_LENGTH
– The length of the data in bytes, passed to the CGI program through
standard input.
 HTTP_USER_AGENT
– The browser the clients is using to issue the request.
 DOCUMENT_ROOT
– It displays the server document root directory
Typical Environment Variables











SERVER_SOFTWARE = Apache/1.3.14
SERVER_NAME = www.ncsi.iisc.ernet.in
GATEWAY_INTERFACE = CGI/1.1
SERVER_PROTOCOL = HTTP/1.0
SERVER_PORT = 80
REQUEST_METHOD = GET
HTTP_ACCEPT = 'image/gif, image/x-xbitmap, image/jpeg, */*'
SCRIPT_NAME = /cgi-bin/environment-example
QUERY_STRING =
REMOTE_HOST = ece.iisc.ernet.in
REMOTE_ADDR = 144.16.64.3
Where does the data for the
CGI Script come from?
 The most common way for data to be sent to CGI Scripts is
through HTML forms. HTML forms use a multitude of
input methods to get data to a CGI Script. Some of these
input types are radio buttons, check boxes, text input and
pull-down menus.
 After the input necessary for the Script is determined and
what type of input are going to be used, there are two main
ways to receive information using the form. The methods
are Get and Post. The information will be encoded
differently depending on on which method is used.
GET Method
 The form data is encoded and then appended to
the URL after ? mark
 The information contained in the part of the URL
after the ? mark is called the QUERY_STRING,
which consists of a string of name=value pairs
separated by ampersands (&)
 GET http://www.ncsi.iisc.ernet.in/cgibin/example/simple.pl?first=Jason&last=Nugent
 Example 3
POST Method
 Difference between Get and Post method is
primarily defined in terms of form data encoding
 The information is sent after all request headers
have been sent to the server
 With the post method, the server passes the
information contained in the submitted form as
standard input (STDIN) to the CGI program
POST Method ...
The length of the information (in bytes) is
also sent to the server, to let the CGI script
know how much information it has to read
The environment variable
CONTENT_LENGTH contains information
about how much amount of data being
transferred from html form.
Examples 4
Examples
Counter (Counter)
Database Search
– Create MS Access Database
– Create data source (ODBC)
– Write scripts to access database from the
browser
Example 5
What are the Drawbacks of using
CGI?
CGI applications can be slowed down
considerably if network is slow
If your script is long or has to do a lot of
processing, your visitor will have to wait a
bit until your script is finished running
Biggest concern with CGI programs is
security
Server Side Include
Server-side include (SSI) files add text,
graphic, or application information to an
HTML document just before sending the
HTML file to a user
Make adding dynamic content to your
documents easy
SSI directives
 #INCLUDE
– Includes the text
 #FLASTMOD
– Retrieves the last modification time of a file.
 #FSIZE
– Retrieves the size of a file.
 #ECHO
– Inserts the value of various Common Gateway Interface
(CGI)-system environment variables.
 #CONFIG
– Configures how variables and commands are displayed.
 #EXEC
– Executes CGI-system command scripts and inserts
output into an HTML document.
SSI in PWS
 To make SSI work, the Web server must parse the
HTML document and process any directives
before sending the final HTML file to the client
 General Form
– <!-- #<PREPROCESSING_DIRECTIVE>-->
 E.g.
– <!-- #exec cgi=“/php/test.php”-->
– <!-- #echo “QUERY_STRING-->
– <!-- #include file=“myfile.txt” -->
SSI in Apache
Add the two lines below in the main
configuration file httpd.conf
– AddHandler server-parsed .shtml
– AddType text/html .shtml
Restart the Apache server
Client Side Scripting
 Client-side programming is based on the idea that
the computer which the client is using to browse
the web has quite a bit of CPU power sitting there
doing nothing.
 Meanwhile, web servers are being tasked to death
handling hundreds of CGI requests above and
beyond their regular duties.
 Thus, it makes sense to share some of that burden
between the client and server by taking some of
the processing load off the server and giving it to
the client.
What Client side scripts can do?
Scripts can be used to add interesting
(Interactive Web Pages) and useful effects
to Web pages (Dynamic pages)
Validations and error checking
Maintaining state
Creating Dynamic Forms with Client-Side
Scripting.
What Client side scripts can do?
Cont…
Instant Feedback to Users
Client-Side Scripts Move Processing Tasks
back to the Client
Examples
Event Handling Example 6
Menu Example 7
Animation (Scrolling) Example 8
Disadvantages of Client Side
Scripting
Browser-Dependent Client-Side Scripts
– Different set of codes for both the browsers
Secure Source Code of Client-Side Scripts.
Pages Take Longer to Download
Program Scope Is Limited to a Single
HTML Page
No Direct Access to System Objects
Which Should I Use? Client- or
Server-Side?
 If you want to have dynamic client forms with
client-side validation, you must use client-side
scripting.
 If you want your site to have highly interactive
pages, you should use client-side scripting.
 If you need to provide your client with advanced
functionality that can be created only using
ActiveX controls, you must use client-side
scripting.
Which Should I Use? Client- or
Server-Side? Cont…
 If you want to control the user's browser (that is,
you want to turn off the menus and place the
browser in kiosk mode), you must use client-side
scripting
 If your Web site must work with every browser on
the market, and you do not want to create several
different versions for different browsers, you
should avoid client-side scripting
 If you want to protect your source code, you must
use only server-side scripting. All client-side
source code is transferred to the browser.
Which Should I Use? Client- or
Server-Side? Cont…
 If you need to track user information across
several Web pages to create a "Web application,"
you must use server-side scripting
 If you need to interact with server-side databases,
you must use server-side scripting.
 If you need to use HTTP server variables or check
the capabilities of the user's browser, you must use
server-side scripting