Home > Perl > Web programming > CGI Programming - Part 3
CGI Programming - Part 3
Written by Philip L Yuson   
Who is this for
This article is for those starting to learn CGI programming. It discusses the two ways to pass data to a CGI script.


What you Need to Have
Skills: Perl programming, Basic HTML
Environment: Webserver setup to run you CGI scripts.

Review of Previous Article
In the previous article, we saw that your CGI script can use the %ENV hash to get a lot of general information. Your script can use the information in this hash during its processing. We also coded a basic CGI script that generates a HTML page.

We also coded a simple guest book with three fields. If you tried the provided sample, including putting data into the various fields and clicking the Send button, you will see the response from the CGI script when it received your data from the form. It displayed all the elements in the %ENV hash.

If you also note the $ENV{CONTENT_LENGTH} field as displayed, you will see that it has a non-zero value. We use this $ENV{CONTENT_LENGTH} to determine if there was in fact something passed to our script or not. If you read the code, the script will display a form if $ENV{CONTENT_LENGTH} is zero. Otherwise, it displays all the contents of the %ENV hash.

If you also looked carefully at the contents of the %ENV hash, you do not see the inputs from your form.

Reading Input from a Form

There are actually two methods to pass data to your CGI script: GET and POST. The difference between the two methods is the way you get the input.

  • GET uses the $ENV{QUERY_STRING} to pass data to the CGI script. The request is passed on to the server and is contained in the request string. This information is therefore written onto the server's log. DO NOT USE GET IF YOU ARE PASSING CONFIDENTIAL INFORMATION like: passwords, credit card numbers, account numbers, etc.

  • POST uses the STDIN to pass data to the CGI script. You will have to read the data from the STDIN as if you were reading it from an ordinary Perl program.

POST Method

Since in our sample script, we used the POST method, we have to read the data from STDIN.

#!perl
print "Content-type: text/html\n\n";
if ($ENV{'CONTENT_LENGTH'}) {
    foreach (sort keys %ENV) {
        print "<B>$_: </B>$ENV{$_}\n";
    }
    while (<>) {
        print "Input: $_<BR>\n";
    }
} else {
    print <<EndHTML;
<FORM METHOD=POST ENCTYPE='application/x-www-form-urlencoded'>
<HR>
<TABLE>
<TR><TD>Name:</TD><TD>
<INPUT TYPE=TEXT NAME=guestname></TD></TR>
<TR><TD>e-Mail Address:</TD><TD>
<INPUT TYPE=TEXT NAME=email></TD></TR>
<TR><TD VALIGN=TOP>Comments:</TD><TD>
<TEXTAREA rows=10 cols=40 NAME=comment></TEXTAREA>
</TD></TR>
<TR><TD><INPUT TYPE=submit NAME=Send Value=Send>
</TD><TD ALIGN=RIGHT>
<INPUT TYPE=reset NAME=Reset Value=Reset></TD><TD>
</TABLE><HR></HTML>

EndHTML
;
}

When you run this script and enter some input to the form, the script should display the contents of the %ENV hash and at the end display whatever you have entered on your form. $ENV{CONTENT_LENGTH} will contain the length of your input. The $ENV{REQUEST_METHOD} will contain the value POST. When the script has the input, it can proceed to process it based on your requirements.

Notice that the input has a lot of weird looking characters (& - separates each field, + is used instead of spaces, etc). We'll discuss how to handle this later.

GET Method

For the GET method, the input is passed in the $ENV{QUERY_STRING} value. The CONTENT_LENGTH item is also NOT defined in the %ENV hash. So you use it to check if there was input passed from the form. You have to use the $ENV{QUERY_STRING} to check this. The $ENV{REQUEST_METHOD} will contain the value GET.

Formatting the Input

If you noticed, the input contains a lot of weird characters. You will therefore have to re-format it before processing it. Since we know that & is used to separate fields, we can separate each field by putting them in an array. We do this using the split function. Assuming that the input is in the $_ variable, we split each field by:

split('&');

After spliting the field, we can then translate all the 'weird' characters to their respective values. + is equivalent to a space. All special characters are represented using their hexadecimal values prefixed by a % sign. What we want then is to translate + to ' ' and translate the two characters following the % to their packed form.

tr/+//;
s/%([a-fA-F0-9]{2})/pack("C",hex($1))/eg;

Now that we have the input, split up the fields and translated the input to something more understandable, we can then write your routine to process the input.

You can view a sample of the Guestbook script by right-clicking on this link. Then save the page to your drive. If you try to view this file, you will get a weird looking page.


For more information, you can check out:
http://www.webmonkey.com - for HTML basics
http://www.cgi101.com - for more detail discussion on CGI programming

 
Copyright: © 2017 Philip Yuson