form data encoding get – url encoded post – url encoded post – multipart form
TRANSCRIPT
Form Data Encoding
GET – URL encoded POST – URL encoded POST – multipart form
<form action="/foo" method="get">
User ID:<input type="text" name="userid" size="10" maxlength="8">
Password:<input type="password" name="passwd" size="10" maxlength="8">
Mail message:<textarea name="mmesg" rows="5" cols="40"></textarea>
File:<input type="file" name="image_f">
GET – URL encoding
<form action="/foo" method="GET">...
GET /foo?userid=bkoehler&passwd=foo& mmesg=bow+%26+arrow%0D%0A%3D%0D%0A%3F%3F%3F& image_f=C%3A%5CTEMP%5Ccgi.txt HTTP/1.1Host: www.xyz.org...
some_form.html
HTTP request message
POST – URL encoding
<form action="/foo" method="POST">
some_form.html
POST /foo HTTP/1.1Host: www.xyz.orgContent-Type: application/x-www-form-urlencodedContent-Length: 150
userid=bkoehler&passwd=foo& mmesg=bow+%26+arrow%0D%0A%3D%0D%0A%3F%3F%3F& image_f=C%3A%5CTEMP%5Ccgi.txt
HTTP request message
POST – multipart form
<form action="/foo" method="POST" enctype="multipart/form-data">
some_form.html
POST /foo HTTP/1.1Host: www.xyz.orgContent-Type: multipart/form-data; boundary=---123Content-Length: 2421
---123Content-Disposition: form-data; name="userid"
brian---123Content-Disposition: form-data; name="passwd"
foo---123Content-Disposition: form-data; name="mmesg"
bow & arrow=???
---123Content-Disposition: form-data; name="image_f"; filename="cgi.txt"Content-Type: text/plain
The contents of the filewould be here.---123--
HTTP request message
The Static Web
ClientOrigin Server
Request
Response
Doc A
Doc B
Doc C
The Dynamic Web
ClientOrigin Server
Request
Response
CGI Program
Response
ENV
body
Common Gateway Interface (CGI)
convention for interaction between web servers and external applications that process requests
allows external applications to be reasonably portable across different web servers
external programs can be written in any language: C, C++, COBOL, FORTRAN, Java, Assembly, csh,
sh, Perl, Python, etc
CGI/1.1 overview
some information about the HTTP request is passed through environment variables
the HTTP request message body (if any) is connected to the external application's standard input stream
the external application must generate a valid HTTP response on its standard output stream
CGI Environment Variables
HTTP_* most of the headers in the request message get passed
as environment variables to the CGI program e.g.: HTTP_ACCEPT,
HTTP_ACCEPT_LANGUAGE, HTTP_USER_AGENT
REMOTE_*
REMOTE_ADDR the numeric IP address of the client sending the
request this may not be the user agent if there are proxies
along the chain REMOTE_HOST
the fully qualified domain name of the client sending the request
SERVER_*
SERVER_SOFTWARE: the name and version of the web server software
SERVER_NAME: the server's hostname or IP address
SERVER_PORT: the port number the request came in on
SERVER_PROTOCOL: the name and version of the protocol the request came in e.g. HTTP/1.1
GATEWAY_INTERFACE: version of CGI, usually CGI/1.1
CONTENT_*
only generated for POST requests CONTENT_TYPE: mime type of the message
body; usually:
application/x-www-form-urlencoded or
multipart/form-data CONTENT_LENGTH: length, in characters of
the message body
Request
REQUEST_METHOD: GET, POST, etc. SCRIPT_NAME: virtual path to script as derived
from the URI (no shcheme, host or query component) e.g. /cgi-bin/foo
QUERY_STRING: all the text past the '?' in the request URI e.g. arg1=val1&arg2=val2&arg3=val3...
Standard Input
when the external CGI program starts running, its standard input is connected to the request message at the beginning of the message body:
POST /foo HTTP/1.1Host: www.xyz.orgContent-Type: application/x-www-form-urlencodedContent-Length: 150
userid=bkoehler&passwd=foo& mmesg=bow+%26+arrow%0D%0A%3D%0D%0A%3F%3F%3F& image_f=C%3A%5CTEMP%5Ccgi.txt
POST /foo HTTP/1.1Host: www.xyz.orgContent-Type: multipart/form-data; boundary=---123Content-Length: 2421
---123Content-Disposition: form-data; name="userid"
brian---123Content-Disposition: form-data; name="passwd"
foo---123Content-Disposition: form-data; name="mmesg"
bow & arrow=???
Standard Output
when the external CGI program starts running, anything it writes to standard output will be part of the response to the client
modes: non-parsed headers (nph): the CGI program must
construct a complete HTTP response message which will be delivered unmodified to the client
parsed headers: the web server will fill in any missing required header fields
Parsed HeadersContent-Type: text/html
<html>...
HTTP/1.1 200 OKDate: Mon, 23 Sep 2002 19:11:21 GMTServer: Apache/1.3.20 (Unix) PHP/4.0.6 Content-Length: 699Content-Type: text/html
<html>...
<== output of CGI program
Apache mod_cgi
two methods of invoking CGI programs: ScriptAlias directive: all files the specified directory
are treated as CGI programs Options +ExecCGI and AddHandler directives: files
with specific file extensions are treated as CGI programs