This is to record for me and others how to do the really basic cgi stuff. With cgi, a web site builder puts code at the web site to compute a response to data provided by the user of a browser. That code can consult other data at the site to compute the result and it can transfer data from the user to the site for access by other programs.

The file “x.html” has content:

<form Action="../../cgibin/x.cgi">def
<input name="wer" type=int></form>
The “input” tag causes the browser to draw a text entry field which invites text from the user. If the user enters text there and types a CR then that text is delivered to the program named by the “Action” keyword in the “form” tag. The rest of this note is mainly describing how to produce such programs.

As it stands the file /cgibin/x.cgi holds text:

echo "content-type: text/plain"
The web server, Apache in my case, must know that the file “/cgibin/x.cgi” is to be obeyed (executed) as a program rather than transmitted to the browser. Instead the output of the program is transmitted to the browser. Your directory /cgibin may or may not already have been introduced to the server as a directory of programs. If the contents of the file show up at the browser then putting the file .htaccess in the cgibin directory should fix the problem. The file’s content is:
Options +ExecCGI
SetHandler cgi-script
Unix Shells and the Mac Finder both like to pretend that files whose name begins with “.” do not exist and this causes great confusion. “ls -ltd .*” as a shell command will reveal them. The server will ignore the .htaccess file unless you have AllowOverride in your server configuration file. See “AllowOverride” in this file.

The form of the .cgi files has to do with the site’s operating system which is Unix here. In particular the language of x.cgi is shell script because the initial text “/bin/sh” nominates the program to interpret the rest of the file x.cgi. I won’t be saying much about shell scripts here but “echo zot” means send “zot” to the browser except if “$QUERY_STRING” is found in the string then it is replaced by the text offered by the browser user. “QUERY_STRING” is the name of an environment variable to which is assigned the input field value before the cgi program runs. “printenv” shows all of the other environment variables and their values. The “content-type: text/plain” tells the browser how to process the file. That and the following blank line are part of http protocol.

Now we will do the same job in the programming language C. I am generally critical of the amount of boilerplate necessary for web function. Here is the remarkably short C code to do this simple echo function. (If you would prefer what some think an easier language to learn, see information on Perl.) On Unix I compiled with the shell command gcc -Wall echo.c and then moved the new file “a.out” to the cgibin directory where it is called Cversion.cgi. The name “cgibin” is purely conventional but the Apache book gives some plausible reasons for following that convention. The “.cgi” in the file name is special, however. So here is a test of the new cgi function:

Type here and end with the return key: You will have to use the browser’s “Back” button to get back to this page.
Note the connection between what you type and the URL that your browser uses to evoke the reply from the server. Note that some characters are escaped. Try text with spaces and plus signs. The rationale for this escaping is that the text travels from the browser to the web server within an URL and characters within URLs have many special meanings. It is all part of the http protocol. The web server could have undone these escapes, but it doesn’t. See this about simple cookie logic.

Using Post

The above forms did a normal GET as specified by the http logic. The data going to the server was tacked onto the end of the URL that “fetched” the data from the server. An alternative is POST instead of GET. POST delivers the data as a following separate block and is made available to the cgi program as standard (keyboard) input. Try this. Use local browser magic to see the file’s content. (Menu > View > View Source) File C2.cgi was compiled from this file. I had to guess this much; if you know where this is officially described, let me know. If I read the official specification for the input field right then I can add “type=FILE” to the input tag. Lets try this. On Safari and the Mac Firefox (1.0.1) this transmits the contents a file back to the host if I navigate to the file. Notice that the name of the file at the client is transmitted to the server along with the contents. This seems wrong to me. Notice also that there seems to be a MIME part transmitted from the browser to the server for each INPUT element. If I omit the element for “submit” I can’t get the browser to send the stuff to the server. This seems very not orthogonal!

Now we deceive a bit. Notice the “Cancel” button actually sends the file in this version.

Here is a marginally useful cgi application. It builds html files on demand each with 100 special characters to learn how your browser displays them. Here is a short description of the logic.
You really need to know that the Apache ‘error_log’ file is found at "/private/var/log/apache2/error_log on your Mac.