CGI Forms

By Herbert J. Bernstein
© Copyright 2004, 2010 Herbert J. Bernstein

Managing Common Gateway Interface (CGI) Forms

Web pages can contain forms intended to allow a user to provide data to be submitted to a program (an agent) for processing. The program may be on the same machine as the browser (on the "client-side") or on some other computer that serves web pages or mail messages or database accesses (on the "server-side"). For information on client side forms, see the discussion of Javascript Forms.

The rules for HTML forms are specified by the World Wide Web Consortium (W3C) in section 17 of the HTML specification ( http://www.w3.org/TR/html401/interact/forms.html#h-17.1).

A form element delimits any section of an HTML web page containing ordinary HTML markup (headings, paragraphs, tables, lists ...) between <form> and </form> tags and controls that a user can use to provide data.

There are two methods used by HTML forms to communicate with server-side programs: "get" and "post".

The get method works by appending a question mark to the url followed by pairs of names and values. Each name is coupled to its associated value by an equals sign. Each name/value pair is separated from thee next on by an ampersand. The get method is not very secure, but is easy to use and can be debugged by sending hand-formatted URLs.

The post method is more general and transmits the data from the form as a stream, and is much less visible to snoopers, but is more complicated to set up and test.
A simple version of a form to invoke a cgi-bin program named "myaction.py" belonging to a user named "myuser" on machine "mymachine.mycompany.mydomain" using cgiwrap to ensure security would be
<form action="http://mymachine.mycompany.mydomain/cgi-bin/cgiwrap/myuser/myaction.py" method="get">
...
</form>
In addition to regular HTML, the available controls to put into a form are:
- buttons: submit, reset, push
- checkboxes
- radio buttons
- menus
- text input
- file select
- hidden controls
- object controls
These controls are created in a web page using the HTML elements:
- input
  to create text input, password, checkbox, radio-button, submit button, graphical submit button, reset button, push button, hidden or file select controls
- button
  to create more richly decorated buttons than are provided by the input element
- select, optgroup, option
  to create and organize menus
- textarea
  to provide a multi-line input control
- label
  to provide a label for controls that are not self-labelling
- fieldset and legend
  to group form controls and labels
Here is an example of a web page to provide two character names to a script named cgistory4.py:
```
<html>
<head>
<title>Put yourself and a friend in the story</title>
</head>
<body>
<form 
action=http://arcib.dowling.edu/cgi-bin/cgiwrap/bernsteh/cgistory4.py
method="GET">
Name of first character: <input type=text name=arg1 value="Fred" 
/><br />
Name of second character: <input type=text name=arg2 value="Mary" 
/><br />
<input type="submit" value="format story">
</form>
</body>
</html>
```
which produces:
Name of first character:
Name of second character:

The service script in this case is:
```
#!/usr/bin/python2.5
def getargs( qstring ):
    rvalue = {}
    ipos = 0
    prevpos = 0
    while ipos < len(qstring):
        if qstring[ipos] == '=':
            kval = qstring[prevpos:ipos]
            ipos = ipos+1
            prevpos = ipos
            while ipos < len(qstring):
                if qstring[ipos] == '&':
                    vval = qstring[prevpos:ipos]
                    ipos = ipos+1
                    prevpos = ipos
                    break
                ipos = ipos+1
                if ipos == len(qstring):
                    vval = qstring[prevpos:ipos]
                    break
            rvalue[kval] = vval
        else:
            ipos = ipos+1
            if ipos == len(qstring):
                rvalue["(nokey)"] = qstring[prevpos:ipos]
    return rvalue

print "Content-type: text/html"
print
print "<html>"
print "<head>"
print "<title>pystat.py</title>"
print "</head>"
print "<body>"
print "<pre>"
import os, sys
from cgi import escape
print "<strong>Python %s</strong>" % sys.version
keys = os.environ.keys()
keys.sort()
for k in keys:
    print "%s\t%s" % (escape(k), escape(os.environ[k]))
print "</pre>"
print "<p>"
print 
"<h3>",getargs(os.environ["QUERY_STRING"]),"'s 
Story</h3>"
myargs=getargs(os.environ["QUERY_STRING"])
char1=myargs["arg1"]
char2=myargs["arg2"]
print "<p>"
print char1, "and ", char2, "went up the hill to fetch a 
pail of water."
print "</body>"
print "</html>"
```
Prepared by Herbert J. Bernstein 3 November 2010.
© 2004, 2010 Herbert J. Bernstein. All Rights Reserved.