1 / 16

Introduction to HTML and CGI

Introduction to HTML and CGI. HTML. HTML is simply a text markup language, similar to nroff , that is used for creating Web pages Most HTML commands are like bookends; they have a start command and a corresponding stop command <HTML> </HTML> <BODY></BODY> <TITLE></TITLE> <H1></H1>.

morna
Download Presentation

Introduction to HTML and CGI

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Introduction to HTML and CGI

  2. HTML • HTML is simply a text markup language, similar to nroff, that is used for creating Web pages • Most HTML commands are like bookends; they have a start command and a corresponding stop command • <HTML> </HTML> • <BODY></BODY> • <TITLE></TITLE> • <H1></H1>

  3. Parts of a Web Page • <HTML></HTML> specifies the start and stop of embedded HTML codes. This tells the browser to interpret the codes rather than treat them as normal text. Everything following the </HTML> tag is supposed to be ignored by the browser. • <BODY></BODY> contains the information you want to display in your page • Can consist of paragraphs of text, graphics, pictures, numbered and bulleted lists, and headers

  4. Forms • Forms are a way to collect data from a user for processing by the server via your CGI script. • They are accessed by a <FORM> tag like this: <FORM action="http://abc.def.com/cgi-bin/script.cgi" method="POST" > • Forms are similar to paper forms we use every day. They consist of: • TEXT and TEXTAREA fields • CHECKBOXes • RADIO buttons • OPTION lists

  5. Forms also have a submit button. • When the button is selected, the action associated with the FORM tag is executed • Additionally, the data associated with the form is sent to the server using the method indicated by the method keyword of the FORM tag • MAILTO: mails the data • GET sends the data as part of the URL • POST sends the data as name=value pairs; cgi script gets the data from STDIN

  6. FORM Elements • TEXTAREA creates a field for entering large amounts (multiple lines) of text • INPUT can have one of the following: • TEXT creates a field for entering a single line of text • CHECKBOX allows users to select one or more items. Each item has an individual name. • RADIO buttons allow the user to select only one of several items. All items have the same name but each has a different value. • RESET sets all checkboxes and radio buttons back to their initial state

  7. OPTIONS • OPTION is part of a SELECT tag • Used to generate a drop-down list of possible selections • <SELECT name="varname"> • <OPTION> Doodlebug</OPTION> • <OPTION>Unixbug</OPTION> • <OPTION>VWbug</OPTION> • </SELECTION>

  8. CGI • Common Gateway Interface - used to communicate between the Web and your programs • Provides a way to make your Web pages more interactive • Provides a way for you to customize your Web pages for the individual user

  9. How CGI Works • The web browser requests a form from the server • The user fills out the form and "presses" the submit button • The browser sends the form's data to the server • The server recognizes the CGI call and passes the script name and the data to the set of programs known as CGI • The CGI application massages the data, creates a set of environmental variables, and starts the script

  10. The CGI script runs, usually generating a response to the user as well as other actions • The CGI software passes the response created by the script back to the server • The server passes the response back to the browser • The browser displays the response to the user

  11. CGI in Action User requests a form Server sends form CGI Process Data forwarded to CGI app User submits form CGI response to server Response to user

  12. CGI Scripts • CGI scripts can be written in shell, Perl, C, or any other language the server's CGI software is "aware" of • In shell, the scripts usually consist of shell commands to read the data returned from the form from stdin and parse it into shell variables • The script also generates HTML formatting commands which are sent to stdout • Along with this, the input data is processed, a response is generated, and it is sent to stdout

  13. Since the CGI script is a shell script in our case, virtually anything you can do with shell can be used for processing your script • Things to note: • The CGI software passes the data received from the form to your script via stdin when using the POST method • Output from your script is sent to stdout where the CGI software receives it for forwarding to the user's browser

  14. Input Format • The input, for a POST method, is sent as a line of data with the name=value pairs separated by &s • Special characters are sent in hexadecimal as %xx where xx is the hex code for the character • %40 - @ • %5B - [ • %5D - ] • %3D - =

  15. Security • Since CGI scripts are executable, you are letting any user run a program on your system which may not be the safest thing to do • Any script interacting with a user has the possibility of the user doing something malicious to obtain unauthorized access to your system • Even innocent looking scripts can be dangerous

  16. Security Precautions • Never trust your guests • Put cgi scripts in a special directory: cgi-bin • Avoid "~filename" inclusions in email • Watch out for eval statements which allow you to construct a string and have the shell execute the string • Special characters can confuse a script. Remove any special characters from the input string that might do things you don't want such as : or |

More Related