what is CGI?

Posted on 2000-04-05
Medium Priority
Last Modified: 2013-12-25
what is CGI?
can you explain in details to me?
Question by:stanleyhuen
  • 2
  • 2

Expert Comment

ID: 2687619
Check this link:




Expert Comment

ID: 2687653
LVL 16

Accepted Solution

maneshr earned 40 total points
ID: 2693667
here is some info you might fine useful from a very good book "PERL Cookbook". Hope you find it useful.


Changes in the environment or the availability of food can make certain species more successful than others at getting food or
avoiding predators. Many scientists believe a comet struck the earth millions of years ago, throwing an enormous cloud of dust
into the atmosphere. Subsequent radical changes to the environment proved too much for some organisms, say dinosaurs, and
hastened their extinction. Other creatures, such as mammals, found new food supplies and freshly exposed habitats to compete

Much as the comet altered the environment for prehistoric species, the Web has altered the environment for modern
programming languages. It's opened up new vistas, and although some languages have found themselves eminently unsuited to
this new world order, Perl has positively thrived. Because of its strong background in text processing and system glue, Perl has
readily adapted itself to the task of providing information using text-based protocols.


The Web is driven by plain text. Web servers and web browsers communicate using a text protocol called HTTP, Hypertext
Transfer Protocol. Many of the documents exchanged are encoded in a text markup system called HTML, Hypertext Markup
Language. This grounding in text is the source of much of the Web's flexibility, power, and success. The only notable exception
to the predominance of plain text is the Secure Socket Layer (SSL) protocol that encrypts other protocols like HTTP into
binary data that snoopers can't decode.

Web pages are identified using the Uniform Resource Locator (URL) naming scheme. URLs look like this:


The first part (http, ftp, file) is called the scheme, and identifies how the file is retrieved. The next part (://) signifies a
hostname will follow, whose interpretation depends on the scheme. After the hostname comes the path identifying the
document. This path information is also called a partial URL.

The Web is a client-server system. Client browsers like Netscape and Lynx request documents (identified by a partial URL)
from web servers like Apache. This browser-to-server dialog is governed by the HTTP protocol. Most of the time, the server
merely sends back the contents of a file. Sometimes, however, the web server will run another program to send back a
document that could be HTML text, an image, or any other document type. The server-to-program dialog is governed by the
CGI (Common Gateway Interface) protocol, so the program that the server runs is a CGI program or CGI script.

The server tells the CGI program what page was requested, what values (if any) came in through HTML forms, where the
request came from, who they authenticated as (if they authenticated at all), and much more. The CGI program's reply has two
parts: headers to say "I'm sending back an HTML document," "I'm sending back a GIF image," or "I'm not sending you
anything, go to this page instead," and a document body, perhaps containing GIF image data, plain text, or HTML.

The CGI protocol is easy to implement wrong and hard to implement right, which is why we recommend using Lincoln Stein's
excellent CGI.pm module. It provides convenient functions for accessing the information the server sends you, and for
preparing the CGI response the server expects. It is so useful, it is included in the standard Perl distribution as of the 5.004
release, along with helper modules like CGI::Carp and CGI::Fast. We show it off in Recipe 19.1.

Some web servers come with a Perl interpreter embedded in them. This lets you use Perl to generate documents without
starting a new process. The system overhead of reading an unchanging page isn't noticable on infrequently accessed pages,
even when it's happening several times a second. CGI accesses, however, bog down the machine running the web server.
Recipe 19.5 shows how to use mod_perl, the Perl interpreter embedded in the Apache web server, to get the benefits of CGI
programs without the overhead.

Behind the Scenes

CGI programs are called each time the web server needs a dynamic document generated. It is important to understand that
your CGI program doesn't run continuously, with the browser calling different parts of the program. Each request for a partial
URL corresponding to your program starts a new copy. Your program generates a page for that request, then quits.

A browser can request a document in a number of ways called methods. (Don't confuse HTTP methods with the methods of
object-orientation. They have nothing to do with each other). The GET method is the most common, indicating a simple request
for a document. The HEAD method is used when the browser wants to know about the document without actually fetching it.
The POST method is used to submit form values.

Form values can be encoded in both GET and POST methods. With the GET method, values are encoded in the URL, leading
to ugly URLs like this:


With the POST method, values are in a different part of the HTTP request that the browser sends the server. If the form values
in the example URL above were sent with a POST request, the user, server, and CGI script all see the URL:


The GET and POST methods differ in another respect: idempotency. This simply means that making a GET request for a
particular URL once or multiple times should be no different. This is because the HTTP protocol definition says that a GET
request may be cached by the browser, or server, or an intervening proxy. POST requests cannot be cached, because each
request is independent and matters. Typically, POST requests changes or depends on the state of the server (query or update a
database, send mail, or purchase a computer).

Most servers log requests to a file (the access log) for later analysis by the webmaster. Error messages produced by CGI
programs don't go to the browser by default. Instead they are also logged to a file (the error log), and the browser simply gets
a "500 Server Error" message saying that the CGI program didn't uphold its end of the CGI bargain.

Error messages are useful in debugging any program, but they are especially so with CGI scripts. Sometimes, though, the
authors of CGI programs either don't have access to the error log or don't know where it is.


CGI programs let anyone run a program on your system. Sure, you get to pick the program, but the anonymous user from Out
There can send it unexpected values and try to trick it into doing the wrong thing. Thus security is a big concern on the Web.

Some sites address this concern by banning CGI programs. Sites that can't do without the power and utility of CGI programs
must find ways to secure their CGI programs.

HTML and Forms

Some HTML tags let you create forms, where the user can fill in values that will be submitted to the server. The forms are
composed of widgets, like text entry fields and check boxes. CGI programs commonly return HTML, so the CGI module has
helper functions to create HTML for everything from tables to form widgets.

Web-Related Resources

Unsurprisingly, some of the best references on the Web are found on the Web:

WWW Security FAQ






HTTP Specification


HTML Specification



CGI Specification


CGI Security FAQ

LVL 16

Expert Comment

ID: 2700671
stanleyhuen ,

was your question answered?

let us know.


Featured Post

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Preface This is the third article about the EE Collaborative Login Project. A Better Website Login System (http://www.experts-exchange.com/A_2902.html) introduces the Login System and shows how to implement a login page. The EE Collaborative Logi…
Active Directory replication delay is the cause to many problems.  Here is a super easy script to force Active Directory replication to all sites with by using an elevated PowerShell command prompt, and a tool to verify your changes.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

589 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question