Common Gateway Interface.
CGI does not have to be programmed in
perl, it can be done in
C,
C++,
shell scripts,
batch files,
Pascal,
Your favourite programing language goes here. Perl is most commonly used for it, and as such has a specialised module to make your life easier (
CGI.pm)
If you want to do it in another language, make sure that you pass a valid header back, or else you won't get very far. The header for a
html page looks like this:
Content-type: text/html followed by two newlines (
\r\n\r
\n).
CGI works by processing the data which you send to it, usually in a form or by some user action.
Commonly the CGI script will communicate with a database for more complex applications, for example,
Everything 2 talks to a
MySQL database using
DBI. (Technically, E2 is not using CGI as it uses mod_perl, which is a Perl API to the Apache webserver.)
For more information on CGI in Perl, see
perldoc CGI or go to
www.perlmonks.org. If you ever see
Matt's Script Archive, stay well clear! This code is terribly written (in Perl 4) and contains many bugs and exploits.
London.PM have rewritten these scripts, and you can find them at
london.pm.org and
Sourceforge as "
nms".
Dynamic web pages can also be created using
Javascript or
Java applets, however this is usually a different sort of "dynamic" (ie, dancing pixies on your web browser as opposed to personalised pages from the website).
You could also interface with a CGI script using a
Java applet (or other client side program) instead of plain
html.
What
xriso is talking about it
taint checking. This can be summed up by saying "never implicitly trust user input". In
Perl, use the -T flag to make it check for tainted data. You should always verify user input before doing anything with it.