Internet Programming

Each time the Web server executes a CGI script, it creates a number of environment variables to pass information to the CGI script. Theses variables inform the CGI script how the script is being invoked as well as provide information about the server and the Web browser being used by the client. Depending on how the CGI script is invoked, some environment variables may not be  available in some  cases.

Environment variables supplied to CGI scripts are always all uppercase. When they are being accessed by a C Program or Perl Script, or  whichever language you  are using, be sure to use all uppercase letters.

This section discusses the environment variables available to CGI scripts. By accessing these variables, CGI scripts can obtain certain information, such  as the browser used to invoke the script.  After the following discussion about environment variables, you learn how to access these variables from a Perl script, as well as a C program via CGI.

Some Web servers can be configured to authenticate users. If the server has authenticated a user, the authentication type used to validate the user is stored in the AUTH_TYPE variable. The authentication type is determined b y examining the Authorization Header the Web server might receive with an HTTP request.

Sometimes CGI scripts are invoked with additional information. This information is typically input for the CGI program. The length of this additional information is specified by the number of bytes taken up by the additional information in this variable. If a CGI script is called with the PUT or POST method, CONTENT_LENGTH is  used to determine the length of the input.

MIME content types are used to label various types of objects (HTML files,  Microsoft Word files, GIF files, etc.). The MIME content type for data being submitted to a CGI script is stored in CONTENT_TYPE. For example, if data is submitted to a CGI script using the GET  method, this variable  will contain the value application/x-www-form-urlencoded. This is because responses to the form  are encoded according to URL specifications

The CGI specification revision number stored in the GATEWAY_INTERFACE environment variable. The format  of  this variable  is CGI/revision. By examining this variable, a CGI script can determine the version of CGI  that the Web server is using.

Various Web clients can handle different MIME types. These MIME types are described in the HTTP_ACCEPT variable. MIME types accepted by the Web client calling the CGI script will be a list separated by commas. This list takes the format type/subtype, type/subtype. For example, if the Web client supports the two  image formats GIF and JPEG, the HTTP_ACCEPT list will contain the two items image/gif, image/jpeg.

By looking at this value, the Web browser used by the client can be determined.  For example, if Netscape 2.0 beta 4 is being used by the client, the HTTP_USER_AGENT variable will contain the value Mozilla/2.0b4 (WinNT; I). The general format of this variable is software/version library/version.

The PATH_INFO variable is usually used to pass various options to a CGI program. These options follow the script's URL. Clients may access CGI scripts with additional information after the URL of the CGI script. PATH_INFO will always contain the string that was used to call the CGI script after the name of the CGI script. For example, PATH_INFO will have the value /These/Are/The/Arguments if the CGI  script FunWithNT.EXE is called with the following URL :

In the event the CGI script needs to know the absolute path name of itself, the CGI script can obtain this information from PATH_TRANSLATED. For example, if the CGI script being invoked is HelloNTWorld.EXE, all CGI scripts are stored in H:\www\http\ns-home\root\cgi-bin, and the CGI script is accessed with the URL http://your_server.your_domain/root/cgi-bin/HelloNTWorld.EXE, PATH_TRANSLATED will contain the value the value H:\www\http\ns-home\root\cgi-bin\HelloNTWorld.EXE. If the CGI program needs to save or access any temporary files in its home directory, it can use PATH_TRANSLATED to determine its absolute location by examining this CGI  variable.

You may have noticed that when you submit some forms, there is a string of  characters after a question mark, followed by the URL name of the script being called. This string of  characters is referred to as the query string and contains everything after the question mark. When a CGI script is called with the GET method, QUERY_STRING typically contains variables and their values as entered by the person who filled in the form. QUERY_STRING is  sometimes used by various search engines to examine the input when a form is submitted for a keyword search. For example, if a CGI  applications is executed using the URL,, QUERY_STRING will contain the string "WindowsNT=Fun".

The IP address of the client that called the CGI program is stored in the REMOTE_ADDR environment variable. Due to  security reasons, the value of this variable should never be used for user authentication purposes. It's not very hard to trick your Web server into believing a client is  connecting to your Web server from a different IP address.

If the Web server can do a DNS lookup of the client's IP address and finds the alias of the IP address, the REMOTE_HOST variable will contain the alias name of the client's IP address. Some Web server allow DNS lookups to be turned on or off. If you will be using this variable to find the IP address alias of clients, be sure the DNS lookup option is turned on. The Web server can find the IP address aliases of most clients, but it might not be capable of getting the  aliases of some clients. In such an event, the REMOTE_HOST variable will not be assigned the client's DNS alias value, it will just contain the client's IP address. This value should never be used for user authentication purposes.

If the Web server being used supports RFC 931 identification, this variable will contain the user name retrieved from the server. Unfortunately, this value cannot be trusted when transmitting sensitive data. Typically a Web server obtains this value by  contacting the client that initialized the HTTP request and speaking with the client's authentication server.

Some Web server support user authentication. If a user is authenticated, the CGI script can find out the username of the person browsing the Web site by looking at the value of the REMOTE_USER environment variable. The REMOTE_USER CGI variable is available only if the user has been authenticated using an authentication mechanism.

A client can call a CGI script in a number o f ways. The method used by  the client to call the CGI script i s in the REQUEST_METHOD variable. This variable can have a value like HEAD, POST, GET, or PUT. CGI scripts use the value of this variable to find where to obtain data passed to the CGI script.

All files on a Web server are usually referenced relative to its document root directory. SCRIPT_NAME contains the virtual path  name of the script called relative to the document root directory. For example, if the document root  directory  is c:\www\http\ns-home\root, all CGI scripts are stored in c:\www\http\ns-home\root\cgi-bin\ and the CGI script HelloNTWorld.EXE is called, the SCRIPT_NAME variable will contain the value \cgi-bin\HelloNTWorld.EXE. The advantage  of this variable is that is allows the CGI script to refer to itself.  This is handy if somewhere in the output,  the script's URL needs to be made into a hypertext link.

The domain name of the Web server that invoked the CGI script is stored in this variable. This domain name can either be an IP address or DNS alias.

Typically, Web servers listen to HTTP requests on port 80. However, a Web server can listen to any port that's not in use by another application. A CGI program can find out the port the Web server is serving HTTP requests by looking at the value of the SERVER_PORT environment variable. When displaying self-referencing hypertext links at runtime by examining the contents of SERVER_NAME, be sure to append the port number of the Web server (typically port 80)  by concatenating it with the value of SERVER_PORT.

Web servers speak the HyperText Transport Protocol (HTTP). The version of HTTP the Web server is using can be determined by examining the SERVER_PROTOCOL environment variable. The SERVER_PROTOCOL variable contains the name and revision data of the protocol being used. This information is in the format protocol/revision. For example, if the server speaks HTTP 1.0,  this variable will have the value HTTP/1.0.

The name of the Web server that invoked the CGI script is stored in the SERVER_SOFTWARE environment variable. This environment variable is in the format name/version. If a CGI script is designed to make use of various special capabilities of a Web server, the CGI script can determine the Web server being used by examining this variable before those special capabilities are used.

References : 
Sanjaya Hettihewa, Windows NT 4, Web Development, Sams net, Indianapolis, First Edition, 1996

[Home] - [Isi Buku Tamu] - [Lihat Buku Tamu] - [Email]
Copyright 1999-2007, InVirCom. All rights reserved.