Linux CGI programming Basics

Source: Internet
Author: User

1. Why CGI?

As we have seen above, any HTML is a static webpage, and it cannot implement some complex functions, while CGI can be implemented for us. For example,. list files in a directory on the server and operate on the files in the directory. B. implement serial communication through CGI; C. implement database interfaces. D. to read an image from the camera and display it on the webpage... And so on.

2. What is CGI?

CGI stands for Common Gate intergace. Physically, CGI is a program that runs on the server and provides interfaces on HTML pages of the same client.

3. cgi Programming Language

You can use any advanced language that you are familiar with, C, C ++, C shell, Perl, and VB.

4. cgi security

In fact, CGI is safer, at least more secure than ActiveX controls without digital signatures. Unless you intentionally add commands that destroy the server to your program, there are generally no serious consequences.

To put it simply, CGI is used to communicate interfaces between HTML forms and server programs ). It is an interface, that is, CGI is not a language, but a set of specifications that can be applied by other languages. In theory, you can use any programming language to compile CGI programs, as long as the programs comply with the CGI specifications defined in some of them. C language performs well in terms of platform independence (almost any system platform has its corresponding compiler) and is quite familiar to most programmers (unlike Perl ), therefore, C is one of the preferred languages for CGI programming. Here we will introduce how to use C to write CGI programs.

The simplest example of CGI programming is form processing. Therefore, in this article, we mainly introduce how to use C to write CGI programs for table processing.

 

5. Transfer Method:

The so-called method refers to the way to call the CGI program. In fact, when you want to execute a program, you use a method to make a request to the server, which defines how the program accepts data. The following describes two common methods: Get and post 1.get. When this method is used, the CGI program obtains data from the environment variable QUERY_STRING.

QUERY_STRING is called an environment variable, which transmits client data to the server. To interpret and execute programs, CGI must analyze (process) this string.

When the POST method is used, the web server transmits data to the CGI program through stdin (standard input. The server does not use the EOF character mark at the end of the data. Therefore, the program must use content_length to correctly read stdin. The data you send will change

The data on the Web server or the data you want To transmit to the CGI program exceeds 1024 bytes,

This is the maximum URL length. You should use the POST method. Implementation Method:

Get Implementation Method

<Form name = "guyI's form" ActIon = "http://www.yourname.com/cgi/your.cgi” method = get>

Post Implementation Method:

<Form method = post>

6. Form encoding:

The enctype attribute of form is encoded in two ways: Application/X-WWW-form-urlencoded and multipart/form-da.The default value is application/X-WWW-form-urlencoded.

When ActWhen ion is get, the browser uses the X-WWW-form-urlencoded encoding method to convert form data into a string (name1 = value1 & name2 = value2 ...), then append the string to the end of the URL, using? Load the new URL.

When ActWhen ion is post, the browser encapsulates form data into the HTTP body and sends it to the server.

If there is no type = file control, use the default application/X-WWW-form-urlencoded.

However, if type = file exists, you must use multipart/form-da.Ta. The browser splits the entire form into controls and adds content-disposition (Form-da) to each part.Ta or file), Content-Type (text/plain by default), name (Control name) and other information, plus the delimiter (Boundary ).

Get Form Processing

For forms that use the "method = get" attribute (or do not have the method attribute, get is the default value), CGI defines that when a form is sent to the server for disconnection, the data in the form is stored in an environment variable called QUERY_STRING on the server. The processing of such forms is relatively simple. You only need to read the environment variables. This is different for different languages. In the C language, you can use the library function getenv (defined in the standard library function stdlib) to access the environment variable value as a string. After obtaining the data in the string, you can use some tips to convert the type. This is relatively simple. The standard output in the CGI program (such as the stdout file stream in C) is also redefined. It does not generate any output content on the server, but is redirected to the client browser. In this way, if you write a c cgi program, output an HTML document to its
On stdout, this HTML document will be displayed in the browser of the client. This is also a basic principle of CGI programs.

Let's take a look at the specific program implementation. The following is an HTML form:

<Form ActIon = "/cgi-bin/mult. cgi">

<P> enter the multiplier and the multiplier below. Click OK to see the result.

<Input name = "M" size = "5">

<Input name = "N" size = "5"> <br>

<Input type = "Submit" value = "OK">

</Form>

The function we need to implement is very simple, that is, to multiply the input values in the form and then output the results. In fact, this function can fully use javasTo make the program as easy as possible, I chose this small multiplication method as an example.

The following is the CGI program that processes the form, which corresponds to the Act in the form tag.Ion attribute value.

# Include <stdio. h>

# Include <stdlib. h>

Int main (void)

{

Char * daTa;

Long M, N;

Printf ("% S % C", "Content-Type: text/html; charset = gb2312", 13, 10 );

Printf ("<title> multiplication result </title> ");

Printf ("

DaTa = getenv ("QUERY_STRING ");

If (DATa = NULL)

Printf ("<p> error! Data is not input or there is a problem with data transmission ");

Else if (sscanf (DATa, "m = % LD & n = % lD", & M, & N )! = 2)

Printf ("<p> error! The input data is invalid. The number must be entered in the form. ");

Else

Printf ("<p> % LD and % ld: % lD. ", M, n, m * n );

Return 0;

}

The specific c syntax will not be discussed much. Let's look at it as a special place for CGI programs.

As mentioned above, the standard output content is to be displayed in the browser. The output content of the first line is required and unique to a CGI program: printf ("% S % C", "Content-Type: text/html ", 13, 10). The output is used as the HTML file header. CGI not only outputs HTML text like a browser, but also outputs images, sounds, and other things. This line tells the browser how to handle the received content. There are two blank rows after the definition of Content-Type, which is also indispensable. Because the head output of all CGI programs is similar, you can define a function for it to save programming time. This is a common technique in CGI programming.

The program then calls the library function getevn to obtain the QUERY_STRING content, and then uses the sscanf function to obtain each parameter value. Note the usage of the sscanf function. Nothing else. It is no different from general C Programs.

After the program is compiled, it is renamed mult. cgi and placed under the/cgi-bin/directory to be called by the form. In this way, a CGI program that processes the get form will be finished.

Post Form Processing

Next we will consider another form transfer method: Post. Assume that the task we want to implement is as follows: add the text entered by the customer in the form to the end of a text file on the server. This can be seen as the prototype of a message board program. Obviously, javas cannot be used for this job.The implementation of the ghost client script is also a real CGI program.

It seems that this question is very similar to the content mentioned above, just using different forms and different scripts (programs. But in fact, there are some differences between them. In the above example, the get processing method can be considered as a "Pure query" type, that is, it has nothing to do with the status. The same data can be submitted at any number of times without causing any problems (except for some small overhead of the server ). But now the task is different, at least it needs to change the content of a file. Therefore, it can be said that it is related to the status. This is also one of the differences between post and get. Besides, get imposes restrictions on the form length, whereas post does not. This is also the main reason for choosing the POST method in this task. However, the get processing speed is faster than that of post.

In the definition of CGI, the content of a post-type form is sent to the standard input (stdin in C) of the CGI program ), the transmitted length is placed in the environment variable content_length. Therefore, we need to read the content_length string in the standard input. Reading data from the standard output seems easier than reading data from the environment variables. In fact, it is not. Pay attention to some details, this can be seen in the following program. Note that the CGI program is different from the general program. The general program will get an EOF mark after reading the content of a file stream. However, in the form processing process of CGI programs, EOF will never appear, so do not read more
Content_length characters. no, what are the consequences? No one knows. (The CGI specification is not defined. Generally, there are different solutions based on different servers ).

Let's take a look at how to collect data from the post form to the CGI program. Below is a simple C source code:

# Include <stdio. h>

# Include <stdlib. h>

# Define maxlen 80

# Define extra 5

/* Four bytes are left with the field name "da"Ta ", 1 byte left to" = "*/

# Define maxinput maxlen + extra + 2

/* Leave one byte to the line break, and another null to the end */

# Define datafile "../DATa/DATa.txt"

/* File for which data is to be added */

Void unencode (char * SRC, char * Last, char * DEST)

{

For (; SRC! = Last; SRC ++, DEST ++)

If (* src = "+ ")

* DEST = "";

Else if (* src = "% "){

Int CoDe;

If (sscanf (SRC + 1, "% 2x", & CoDe )! = 1) CoDe = "? ";

* DEST = CoDe;

SRC + = 2 ;}

Else

* DEST = * SRC;

* DEST = "";

* ++ DEST = "";

}

Int main (void)

{

Char * lenstr;

Char input [maxinput], daTa [maxinput];

Long Len;

Printf ("% S % C ",

"Content-Type: text/html; charset = gb2312", 13, 10 );

Printf ("<title> response </title> ");

Lenstr = getenv ("content_length ");

If (lenstr = NULL | sscanf (lenstr, "% lD", & Len )! = 1 | Len> maxlen)

Printf ("<p> incorrect form submission ");

Else {

File * F;

Fgets (input, Len + 1, stdin );

Unencode (input + extra, input + Len, daTa );

F = fopen (datafile, "");

If (F = NULL)

Printf ("<p> sorry, unexpected error, cannot save your data ");

Else

Fputs (DATa, F );

Fclose (f );

Printf ("<p> Thank you very much. Your data has been saved <br> % s", daTa );

}

Return 0;

}

In essence, the program first obtains the data length from the content_length environment variable, and then reads the corresponding length string. Because the data content is encoded during transmission, it must be decoded accordingly. The encoding rules are very simple, mainly including the following:

1. Each field in the form is represented by a field name followed by an equal sign, followed by the value of this field, and the content of each field is connected;

2. All space characters are replaced by the plus sign, so spaces in the encoding code segment are invalid;

3. Special characters, such as punctuation marks, and special characters such as "+", are expressed by the percentage sign followed by the corresponding acsii value.

For example, if the user inputs:

Hello there!

When the data is transmitted to the server, it is encoded and changed to DA.The unencode () function above TA = Hello + there % 21 is used to decode the encoded data. After decoding, the data is added to DA.The tail of the ta.txt file is displayed in the browser.

After the file is compiled, change it to collect. cgi and put it in the CGI directory to be called by the form. The corresponding form is given below:

<Form ActIon = "/cgi-bin/collect. cgi" method = "Post">

<P> enter your message (up to 80 characters): <br> <input name = "daTa "size =" 60 "maxlength =" 80 "> <br>

<Input type = "Submit" value = "OK">

</Form>

In fact, this program can only be used as an example and cannot be officially used. It misses a key issue: when multiple users write data like a file at the same time, there will certainly be errors. For such a program, the probability of simultaneous file writing is very high. Therefore, more considerations need to be made in the more formal messaging program, such as adding a semaphore or using a key file. This is just a matter of programming skills.

Finally, let's write a browsing daThe CGI program of the ta.txt file, which only needs to output the content to stdout:

# Include <stdio. h>

# Include <stdlib. h>

# Define datafile "../DATa/DATa.txt"

Int main (void)

{

File * f = fopen (datafile, "R ");

Int ch;

If (F = NULL ){

Printf ("% S % C ",

"Content-Type: text/html; charset = gb2312", 13, 10 );

Printf ("<title> error </title> ");

Printf ("<p> <em> Unexpected error, file cannot be opened </em> ");}

Else {

Printf ("% S % C ",

"Content-Type: text/plain", 13, 10 );

While (CH = GETC (F ))! = EOF)

Putchar (CH );

Fclose (f );}

Return 0;

}

The only thing to note about this program is that it does notTa.txt is packaged into HTML format and then output. Instead, it is directly output as a simple text (plain text), as long as the text/plain type is used in the output header instead of text/html, the browser automatically selects the corresponding processing method based on the Content-Type type.

It is easy to trigger this program. Because there is no data to input, you only need one button to do it:

<Form ActIon = "/cgi-bin/viewdata. cgi">

<P> <input type = "Submit" value = "">

</Form>

Here, some basic principles of writing CGI programs in C will be completed. Of course, it is difficult to compile a good CGI program based on the above content. This requires further study of the CGI standard definition and some other unique CGI programming skills.

The purpose of this article is to understand the concept of CGI programming. In fact, some mainstream server-side scripting languages, such as ASP, PHP, and JSP, basically have most of the functions of CGI programming, but they are in use, it is indeed much easier than CGI programming in whatever language. Therefore, when programming on the server side, these Script Programming Languages are generally considered first. CGI is used only when they cannot solve the problem, for example, when some underlying programming is required.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.