CGI: Dealing With User Inputs

When a CGI program is called, the information that is made available to it, can be roughly broken into three groups:

1. Information about the client, server, and user
2. Form data that the user supplied
3. Additional pathname information

Most information about the client, server, or user is placed in CGI environment variables. Form data is either incorporated into an environment variable, or is included in the "body" of the request and extra path information is placed in environment variables.

 

Accessing Form Input

Forms provide a way to get input from users and supply it to a CGI program. The Web browser allows the user to select or type in information, and then sends it to the server when the Submit button is pressed. The following image shows form interaction with CGI.

 Form interaction with CGI
Form interaction with CGI

 

Query Strings

As discussed in the previous blog, one way to send form data to a CGI program is by appending the form information to the URL, after a question mark. You may have seen URLs like the following:

http://some.machine/cgi-bin/name.pl?fortune

Up to the question mark (?), the URL should look familiar. It is merely a CGI script being called, by the name name.pl.

What's new here is the part after the "?". The information after the "?" character is known as a query string. When the server is passed a URL with a query string, it calls the CGI program identified in the first part of the URL (before the "?") and then stores the part after the "?" in the environment variable QUERY_STRING. A Query String, by its name suggest that it is a string used to 'Query'. The query string begins after the first '?' character. Query strings are usually used to pass a list of variables and value pairs with "&" as the pair delimiter, and "=" as the variable and value separator.
The information supplied by the QUERY_STRING variable comes from the user pressing buttons and entering text in the HTML document or form. It is this information that is sent to the CGI script whose URL is specified in the action attribute of the <form> tag.
The following is a CGI program called fact.cpp that uses query information supplied by the form. (form is dicussed after this)

#include <iostream>
#include<stdlib.h>
#include<string.h>
using namespace std;
int main()
{
string value, s; // declaration
s = getenv("QUERY_STRING"); // s stores the query string extracted from URL
int a =s.length(); // a stores length of query string
int b =s.find("="); // b stores the index number or simply number where "=" is found in the string
value = s.substr(b+1,a); // value stores the value part of the string specified after "="
int fact = 1, factorial;
int n= atof(value.c_str()); // atof() converts string to int which gets stored in n 

for (int i=1; i<=n; i++) // for loop for calculating factorial
{
fact= fact*i;
}
factorial = fact;

cout<< "Content-Type : text/html \n\n";

cout<< "<html> <head> <title> factorial </title> </head>";

cout<< "<body bgcolor= green> ";

cout<< "<h2 color= blue> Factorial of "<< n <<" is: "<< factorial << "</h2>";
cout<< " </body> </html>";
return 0;
}

 

This program is placed in /usr/lib/cgi-bin
Compile it using the command :
g++ fact.cpp -o fact.cgi
This creates an executable file fact.cgi in /usr/lib/cgi-bin
Make sure, f.cgi has executable permissions. If not, Change the permissions of this file as :
chmod 777 f.cgi
Make sure the cgi-bin directory has executable permissions. If not, change them by executing the chmod command in the directory /usr/lib as:
chmod 777 cgi-bin

Form supplies the query string to this CGI program. The following is the program, named as form.cpp that contains the form in CGI format.

#include<iostream>
using namespace std;

int main()
{
cout<<"Content-Type: text/html \n\n";
cout<<" <html><head><title>C++</title></head>";
cout<<"<body bgcolor = green ><form action=/cgi-bin/fact.cgi method=get><p> <h3>Enter any Number</h3></p><input type=text name=n><p><h4><input type = submit value= Submit ></h4> </p></form></body></html>";
return 0;
}

Note : The first "\n" after the header is used to terminate the current line and the second "\n" is used to separate the header from the body since the CGI output must always be in such format. (as explained in previous blog)

The action tag is the URL of the executable of CGI script which is fact.cgi in this case. The method GET tells it to use the QUERY_STRING method of sending information.

This program is also placed in /usr/lib/cgi-bin
Compile it using the command :
g++ form.cpp -o form.cgi
This creates an executable file form.cgi in /usr/lib/cgi-bin
Make sure, form.cgi has executable permissions. If not, Change the permissions of this file as :
chmod 777 form.cgi
Some of these commands may require root permissions. For this, use sudo before the command.

This defines the form that would supply the query string to the CGI script. Now, You are good to go. Go to your browser window and type the URL http://localhost/cgi-bin/form.cgi in the address bar and the form appears as :

Screenshot from 2014-04-30 20:16:57

Suppose, you want to find the factorial of 5 and you submit the value 5. After submitting, notice the URL in the address bar.
It appears as :
http://localhost/cgi-bin/fact.cgi?n=5

where n=5 is the Query string and 5 is the value part that is extracted from 'n=5' in fact.cpp

Here's what appears after clicking the submit button. Observe the URL.

Screenshot from 2014-04-30 20:17:12

The concept of CGI has been explained properly in these two blogs. Code your own programs for a better hold over this.
Good Luck !

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: