WHAT IS CGI?

CG I STAN DS FOR COMM ON G ATEWAY INTER FACE . IT IS A STAN DARD THAT

FACI LITAT ES COMMUNICAT I ON BETWEEN WEB SERVERS AN D EXTERNAL
DATA BASES O R IN FO RMAT I ON SOURCES . IT ACTS AS MI DD LEWARE, A LLOW ING
WE B SERVERS TO INTER ACT W ITH AP PLI CATIONS THAT P ROCESS DATA AND
S E ND BACK R ES PONSES .
T HE CGI STAN DAR D WAS DEF INED BY THE WOR LD WI DE WE B CONSORT IUM
( W3 C) AN D SPECI FI ES HOW A PROGRAM INTER ACTS WIT H A HYPER TEXT
T R A NSF ER P ROTOCOL S E RVER .

CG I PROG RAMS A RE CA LLE D S CR IPTS WHI CH A RE WRIT TEN IN M ANY P OP ULAR

L ANGUAGES LI KE PYT HON, PHP, R U BY, ETC THAT INTER ACT WIT H A WEB SERVER
TO P ROCESS USER INP UT. CGI S CRIPTS ARE STORE D IN A DIREC TORY WHI CH
VA RIES DEPEN DING ON SERVER CONF IG URAT I ON BUT USUALLY, IT RESI DES IN A
S P ECI AL T YP E O F DI R EC TORY I N A W E B S E RV ER CA L L E D CG I - BI N .
 ADVANTAGES OF CGI
▪Quick implementation: CGI can be a quick and straightforward method for
implementing simple web-based tasks, such as form processing or data manipulation.
For example, a CGI script can be quickly developed and deployed to process user input
from a web form and generate a response.
▪Easy to use existing code: There is a large existing code base of CGI scripts, especially in
Perl, which can be readily used or customized for specific requirements. For example,
there are numerous CGI scripts available for tasks such as form processing, data
validation, and file uploads.
▪Well-defined and supported standard: CGI is a widely accepted standard in web
development, ensuring compatibility across different systems and platforms.
▪CGI-based counters and CGI code to perform simple tasks are available in plenty.
 DISADVANTAGES OF CGI
▪Overhead in page loads: Each page load in CGI incurs overhead by having to load the script into
memory, which can impact performance, especially in high-traffic websites. For example, if a
website receives a large number of requests, the overhead of loading the CGI script for each
request can result in slower response times.
▪Limited caching capabilities: CGI scripts do not easily allow for caching of data in memory
between page loads, which can affect performance and scalability. For example, if a website
requires frequent database queries or other resource-intensive tasks, CGI may not be the best
choice due to limited caching capabilities.
▪Security: Since CGI scripts are executed on the server, there is always a risk of security
vulnerabilities. For example, if the script does not properly validate user input, it may be
vulnerable to SQL injection attacks.
▪Scalability: CGI is not well-suited for handling large volumes of traffic or requests. As the number
of requests increases, the performance of the server may suffer, leading to slower response
times or even crashes.
 Configuring the Server to support CGI
Configuring a server to support CGI involves several steps. CGI allows you to run script on the
server to generate dynamic content like HTML, which can be sent to client’s browser.
Follow the given steps to configure the server:
1. Install a web server software: Ensure that the web server software (Apache, Nginx, IIS, etc.) is
installed on your system. Installation procedure vary based on the OS and web server software.
2. Enable CGI support:
▪Apache: In Apache, you typically need to enable CGI module (‘mod_cgi’ or ‘mod_cgid’)
▪Nginx: Nginx doesn’t directly support CGI but can use FastCGI wrapper like ‘fcgiwrap’ or
‘spawn_fcgi’.
▪IIS: Enables CGI feature through the Internet Information Services (IIS) manager.
3. Configure CGI Script Directory:
Define the directories where CGI scripts will reside and configure the web server to
execute scripts from the directory. This is done by using ‘ScriptAlias’ directive in
Apache’s configuration file.
4. Set Execute Permissions:
Ensure that the directories and scripts have appropriate permissions to be executed by
web server.
5. Create CGI Scripts:
• CGI Scripts can be written in various languages like Perl, Python or Shell Scripting.
• Make sure your script outputs valid HTTP headers followed by content you want to
display.
6. Test The CGI Scripts:
• Before displaying your CGI scripts in a production environment, it is crucial to test
them thoroughly.
• Make sure they work as expected and handle errors gracefully.
7. Restart Server:
After making changes, restart the server to apply them.
8. Security Considerations:
CGI can pose security risks if not properly configured. Ensure that your input
data is sanitized to prevent attacks like SQL injector or cross-site scripting
(XSS) attacks.
9. Monitoring & Maintainance:
Regular monitor your screen for any issues related to CGI scripts. Keep your
server & scripts updated to prevent any security vulnerability.
 Input/Output operations on WWW
Input/output (I/O) operations on the World Wide Web (WWW) refer to the processes of
transferring data between a client (user's device) and a server (hosting website). These
operations are fundamental to web browsing and various online activities. Here's a breakdown:
1. Input Operations:
▪ Forms: Users input data through web forms, such as text fields, checkboxes, radio buttons, etc.
This data is sent to the server for processing, typically through HTTP POST requests.
▪File Uploads: Users can upload files through web forms. These files are transmitted to the
server, often using multipart/form-data encoding.
▪Clicks and Selections: User interactions like clicking on links, selecting options from dropdown
menus, or interacting with buttons also constitute input operations. These interactions trigger
HTTP requests to the server.
2. Output Operations:
▪ Web Pages: When a user requests a webpage, the server sends back HTML, CSS,
and JavaScript files. The browser interprets these files to render the webpage.
▪ Dynamic Content: Content generated dynamically by server-side scripts or client-
side JavaScript can be sent as output. This could include personalized
recommendations, real time updates, etc.
▪ Media Files: Images, videos, audio files, and other media content are transmitted
from the server to the client upon request.
▪ API Responses: Web APIs (Application Programming Interfaces) return data in
various formats like JSON or XML in response to client requests. This data is
typically used for integrating different services or fetching dynamic information.
3. Common Protocols for I/O Operations:
▪ HTTP/HTTPS: Hypertext Transfer Protocol (HTTP) is the primary protocol for
communication between web clients and servers. HTTPS adds a layer of
encryption using SSL/TLS.
▪ WebSockets: This protocol enables bidirectional communication between a
client and a server over a single, long-lived connection. It's commonly used for
real-time applications like chat, gaming, and financial trading.
▪ FTP, SFTP: File Transfer Protocol (FTP) and Secure File Transfer Protocol (SFTP)
are used for transferring files between a client and a server. While FTP is less
secure, SFTP encrypts the data during transfer.

These operations are essential for the functioning of the modern web,
enabling users to interact with websites and access a wide range of content
and services.
 Form Processing Using Perl
Perl is a powerful scripting language often used for server-side form processing via CGI
(Common Gateway Interface). Here's how it works:
1. HTML Form: The user interacts with an HTML form containing input fields and a
submit button. The <form> tag specifies the method (usually GET or POST) and the
action (the URL of the script to handle the submitted data).
<form method="post" action="/cgi-bin/process_form.pl">
<label for="name">Name:</label>
<input type="text" id="name" name="name"><br><br>
<label for="email">Email:</label>
<input type="email" id="email" name="email"><br><br>
<input type="submit" value="Submit">
</form>
2. Process Form Data With Perl: You create a Perl script (e.g., process_form.pl) that will handle the form
submission. This script typically retrieves the form data from the HTTP request, processes it, and
generates a response.
#!/usr/bin/perl
use CGI;

my $q = CGI->new;

# Access form data using the 'param' method

my $name = $q->param('name');
my $email = $q->param('email');

# ... process the data (e.g., validation, database interaction) ...

# Generate a response (e.g., a thank you page)
print $q->header('text/html');
print "<html><body>";
print "<h2>Thank You!</h2>";
print "<p>Your name is: $name</p>";
print "<p>Your email is: $email</p>";
print "</body></html>";
3. Receive Form Data: In the Perl script, you use the CGI module to retrieve the form
data. The param() method is used to access the values submitted by the form. You can
access the values by the names of the form elements.
4. Process the Data: Once you have the form data, you can perform any necessary
processing on it. This might include validation to ensure that the data is in the correct
format, sanitization to prevent injection attacks, or any other business logic required by
your application.
5. Generate Response: Finally, you generate a response to the user. This could be a
simple confirmation message, a redirection to another page, or a dynamically generated
HTML page based on the form data.
 Form Processing Using VBScript
VBScript (Visual Basic Scripting Edition) was primarily a client-side scripting
language developed by Microsoft for use in Internet Explorer. Its use for forms
processing was mainly focused on client-side validation and manipulation before
the data was submitted to the server.
How it Worked (Limited Modern Relevance):
1. HTML Form: Similar to the Perl example, an HTML form is created.
2. Client-Side Scripting (VBScript): VBScript code could be embedded within the
<script> tags in the HTML page.
<form name="myForm" method="post" action="/some_server_script.asp">
<label for="name">Name:</label>
<input type="text" id="name" name="name" onblur="ValidateName(this.value)"><br><br>
<label for="email">Email:</label>
<input type="email" id="email" name="email"><br><br>
<input type="submit" value="Submit" onclick="return ValidateForm()">
</form>
<script type="text/vbscript">
Sub ValidateName(name)
If Len(name) < 3 Then
MsgBox "Name must be at least 3 characters long."
End If
End Sub
Function ValidateForm()
If Len(document.myForm.name.value) < 3 Then
MsgBox "Name is too short."
ValidateForm = False ' Prevent form submission
Exit Function
End If
ValidateForm = True ' Allow form submission
End Function
</script>
3. Client-Side Validation: VBScript code could access and manipulate form
elements (e.g., using document.myForm.name.value). It could perform
validation checks (e.g., ensuring required fields are filled, checking the format
of email addresses) before the form was submitted.
 Form Processing Using JavaScript
JavaScript is a programming language that is commonly used for adding
interactivity to websites and applications. It can be used to manipulate the
content and layout of a webpage, as well as handle user input and interact with
servers.
How it Works (Client-Side):
1. HTML Form: Similar to the previous examples.
2. Client-Side Scripting (JavaScript): JavaScript code is embedded within
<script> tags or linked from external .js files.
<form id="myForm" method="post" action="/process">
<label for="name">Name:</label>
<input type="text" id="name" name="name"><br><br>
<label for="email">Email:</label>
<input type="email" id="email" name="email"><br><br>
<button type="submit">Submit</button>
</form>

<script>
const form = document.getElementById('myForm');
const nameInput = document.getElementById('name');
const emailInput = document.getElementById('email');
form.addEventListener('submit', function(event) {
let isValid = true;
if (nameInput.value.trim() === '') {
alert('Name is required.');
isValid = false;
}
if (emailInput.value.trim() === '' || !isValidEmail(emailInput.value)) {
alert('Please enter a valid email address.');
isValid = false;
}
if (!isValid) {
event.preventDefault(); // Prevent form submission if validation fails
}
});
function isValidEmail(email) {
// Basic email validation regex
const emailRegex = /^[^\s@]+@[^\s@]+\.[^\s@]+$/;
return emailRegex.test(email);
}
</script>
3. DOM Manipulation: JavaScript can access and manipulate the Document Object
Model (DOM) of the HTML page. This allows it to:Get and set the values of form
elements.Add or remove elements dynamically.Modify CSS styles.Handle events (like
submit, change, blur, focus).
4. Client-Side Validation: JavaScript is commonly used to perform real-time
validation of form inputs as the user interacts with them, providing immediate
feedback. This improves the user experience and reduces the load on the server by
catching errors early.
5. AJAX (Asynchronous JavaScript and XML): JavaScript can use AJAX to submit form
data to the server in the background without a full page reload. This allows for more
interactive and responsive web applications. The server can then process the data
and send back a response that JavaScript can use to update parts of the page.