Well, this introduction will not teach you CGI, so after reading it you will be as capable of writing a CGI script as before. However, this introduction will explain what CGI is for, how it works and how scripts are written. Enough said, let's roll!

Ok. You know that HTML creates static documents, there is no life in them. Yes, you can create animated GIFs, you can make your whole text blink and you can marquee your important messages, but still... HTML is static. You see, when HTML was created, no one knew that web pages would be used to show streamed live video from a camera in someone's bedroom (oh, so now you are interested!). A scripting language was created to cure a problem of HTML on client's side. Some means of communicating with web servers had to be provided, too. That's where CGI steps in. Because server designers were aware that client (you and your web browser) should not be given access to the whole system, they had to create a special protocol which would allow strict communication.

CGI stands for Common Gate Interface, and if you have read the previous paragraph carefully, you will know why. CGI opens a very small gate that can be used by any HTML document for communication.

Yeah, it is all wonderful, you might say, but who needs to communicate with the server? At the moment I am aware of two most important uses of CGIs - on-fly HTML and FORMS. You must've seen both, but let's see them in action.

On-fly HTML is actually a very powerful feature. Let's go to Yahoo, for example and search for "CGI scripts". In a couple of seconds (or minutes, if you're unlucky) you will be list of all pages in Yahoo directory that contain CGI scripts. Now, you don't think that Yahoo has an HTML page for every possible search inquiry, do you? So how is it done? Well, as soon as you press submit button, a search program on Yahoo web server is called to find any entries that contain "CGI scripts" string. When they are found, they are translated into HTML tags and are sent back to web browser by using CGI. Browser then displays the HTML as if it was just one of the static files. What is even cooler, CGI script can send anything at all to web browser: it can be an audio file, a video, an image or a zip file. This is possible because browsers recognise MIME specification. MIME specification is a very basic idea: when server sends something to a client it sends an information on the type of file that is to be sent beforehand. So, if an HTML document is being sent, a string"text/html" is sent first.

In the previous example we showed that CGI can be used to send data from web server to a client. However, this same example can be used to explain another usage of CGI - to send data from a client to web server. As soon as you write a search string and hit "Submit" button in your search engine, CGI script is called. I guess you are reading this document after you gained a fair knowledge of HTML, so you know that there are no tools in HTML or JavaScript that let your web page effectively deal with user's requests like searching. You clearly need an external page. So, as soon as you press Submit, CGI script receives all the information you entered and deals with it as it finds appropriate.

If you are unsure about these explanations, here are some additional examples of CGI usage.

1. Hit counter. We all know what it is, it's an image (usually) that displays the number of visitors to your page. But how is it done? Well, you write a piece of code at your page that calls a CGI script. For example, <IMG SRC = "/cgi-bin/counters/webign">. IMG tag tells browser that image is to follow. SRC attribute points to a script. All CGI scripts have to reside in a special directory, usually cgi-bin, due to security reasons (this directory and all it's files can be accessed by the whole Internet!). The script is further situated in a sub-directory webign which is itself a sub-directory of counters. So, every time your page is accessed, the counter script is called. It increases the counter variable by 1 and then creates an image and sends it back to browser client, which is waiting for it. And that's it, you have an on-fly created image on your web page. Now, isn't that cool? A counter scripts do not need to be as simple as described above. Most scripts check the client's domain and have a history of visitors, so the counter is not abused (say, counter script will only increase the counter if visitor did not visit the page in the previous hour). Some scripts even let owner see a detailed stats on visitors: which browser they used, average time spent browsing, list of all surfers by country and so on.

2. A form. Contrary to another popular belief, FORMS are not operated in JavaScript. JavaScript can be used to add some functionality to forms, but forms are worthless without a CGI that would "service" them. Consider an e-mail form that you use to order a product over the Net. When you hit "Send form" button (or whatever their send button might be called), a CGI script is called with the details you provided and then it's up to the script to act accordingly. If you know HTML fairly well, you might recall that there is a special tag <FORM> in HTML to create forms. This tag has three attributes, namely ACTION, METHOD and ENCTYPE that are of interest to us. ACTION specifies an URL location that will receive the data from the form. At the moment the only sensible solution is to specify an URL of CGI script. METHOD can be either GET or POST for CGI and it just states what method is used to send the data. There is a technical difference in POST and GET and it does not need to bother you at this stage. Finally ENCTYPE is the encryption used to send the data. Now, this might seem confusing, but the default encryption is just a simple protocol that changes spaces to question marks and several "unsendable" special characters to a special format (namely, %nn). Hence, the default encryption is not encryption in a sense that it is a secure method of posting confidential information. So if you send your credit card details, make sure that your information is encrypted securely.

3. Finally, another popular use of CGI is to create a guestbook. A guestbook lets user enter his/her name in a special form, then submit the information and see his/her name stored in the HTML with other guests' names. Now, after reading the explanations for previous examples you should have no problem with understanding how it works. User sends information using CGI to the web server, a cgi script is called, cgi script sorts the information and adds it to the existing HTML and then reloads the updated page back to client.

4. Now, you know what CGI is for, but how are CGI written? Well, it all depends on web server software. But basically, all scripts must be kept in cgi-bin directory. You can use different languages to create CGI scripts, such as AppleScript, C/C++, PERL, Fortran and Visual Basic. If you want to code CGI, you have to know at least one of these (this is not an exhaustive list, some other languages can be used to write CGI scripts, it depends on many factors) languages.

All right, you know how you write scripts (I mean, you know what you have to know). But how does a client transfer data to a CGI script? Well, if you have an inquiring mind, you might have noticed that when you tell search engine to search for "cgi scripts", it's URL location changes from something like www.yahoo.com to www.yahoo.com/cgi-bin/search?find="cgi scripts". So, anything written after the name of the script to be executed (here "search") followed by the question mark is sent to the CGI script (here 'find="cgi scripts"').

Ugh. That's it, you are now familiar with the CGI. Yeah, you know as much about actual coding as before, but now you know what CGI is. Well, if you have no experience in programming, you might think that you'll never be able to use CGIs. This is not true. If your Internet provider will let you run your own CGI scripts on its servers (not many do!), you do not need to write a CGI yourself. First of all, your provider probably has some standard CGIs (like guestbook, counter, etc.) that need just some minor adjustments (no more than changing prompts or URL addresses) prior to use. Second, there are some web pages that have free CGI scripts for you to use. Now, finally, you can actually go to your search engine and type "cgi scripts".

Right. Everything needed to be said is said. So why is there this final paragraph? Well, it's a cautionary note. Scripts can be abused. The simplest example is the abuse of a guestbook. Usually whatever you write in someone's guestbook is appended to the HTML exactly as written. Hence, you can write HTML tags. This feature can be used to change the look of your entry, e.g. you can write it all in italics, etc. But this can also be abused. A "naughty" person might write a code to automatically load another page instead of the guestbook as soon as it is accessed. Or the same person can simply write <FONT COLOR="#FFFFFF"> to prevent people seeing anything (white-on-white, you see...). I know, it is not that bad... But if a simple script as that can have security holes, more complex scripts can easily be filled with bounties for such a "naughty" person. And if you use a script someone else wrote and you don't understand a word of it, you exposed yourself and your Internet provider to danger.

Now that you are finished, you can go back to the CGI section and read more about CGI and scripting.

©1997 by Repfect Drug design studio. All Rights Reserved.