Passing inputted information from a cgi script.

Posted on 2005-04-14
Last Modified: 2010-03-05
This is a two part question, depending on the answer to the first question I would not need the answer to the second one.  The first part is I have a cgi script where I need to get input from the user, access the database, give the user back a list of all the necessary info (just a drop down box), then the user has to choose something from the drop down, so on ...  right now I just have four different cgi created where all the info gets passed from one to the other.  If there is a way to do this on one page, that would be great.
If there isn't, I need to pass all the inputted information somehow so cgi4 will no what the input was for all of the previous ones.  I was going to write it out to a file, but the server that I am working on does not allow cgi scripts to write to a file, so that idea does not work.  Any suggestions?
Question by:feldmani
    LVL 16

    Expert Comment

    cgi scripts are usually called from HTTP requests. If one CGI script has to call another script, there is no need for the second script to be a CGI script.
    LVL 20

    Accepted Solution

    But for a multi-step query, there are a number of techniques for carrying over information from earlier steps to later steps. All depend on dynamically generating the HTML containing the forms for steps after the first.

    1. Sessions: if you can't write files, you probably can't use Sessions, but this is probably the preferred way to hold state on the server while waiting for the additional steps to be completed.

    2. Hidden variables: the scripts generating the response to step 1, step 2, etc send back a form for the next step and include the data from step 1 as variables with type HIDDEN. These hidden variables will be supplied as additional form variables when the form is submitted, so the later step can see what was entered before.

    3. Non-hidden variables: sometimes it makes more sense to send back the new form for the later steps with the information already filled in still showing as filled in. This can allow the user to go back and change things before submitting to the next step -- which may or may not be what you want.

    4. Cookies: I don't think I can recommend this, but if you set a cookie with the data submitted on a form, the cookie with that data will be sent back to you if the path matches. A cookie containing a session key may be a useful alternative, but putting all of the data into a cookie seems more likely to just get some users mad.
    LVL 1

    Author Comment

    Out of the four options, I'd say the hidden variables is the best option to me.  The users will have computers that won't allow cookies, and don't know how to use sessions.  Any useful tips for me concerning hidden variables?
    LVL 18

    Expert Comment

    Since you're using a database, you can still use sessions. CGI::Session has drivers for a variety of databases, among which mysql, postgresql and odbc.
    The advantage of using sessions is that you don't have to drag all previous data around in the html. The only hidden variable you need is the one for the session id.

    I'd also suggest using a combination of 2 and 4 of jmcg's suggestion to transfer the session id: a cookie is by far the most convenient, because you you set it once and then forget about it. Hidden variables require all communications to go through forms. URL parameters require you to rewrite every url on every page you output, and is generally just not worth the effort. You could still set the session id in a hidden field in forms whenever you need to, to accomodate users who've disabled cookies.


    Featured Post

    Do You Know the 4 Main Threat Actor Types?

    Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

    Join & Write a Comment

    A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (,  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
    Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    This video is in connection to the article "The case of a missing mobile phone (". It will help one to understand clearly the steps to track a lost android phone.

    729 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    20 Experts available now in Live!

    Get 1:1 Help Now