CGI Programming in C

November 01, 1996

CGI is the key to making a web page into an active agent, and C is a good language for implementing a CGI program.

Since its development in 1992, the World Wide Web (WWW) has been spreading like a wildfire. One of the main reasons for its popularity is the ease of authoring Web pages in Hypertext Markup Language (HTML). Like C, HTML lends itself to simple text editing. Though code generators exist for HTML, you don't need one to create useful pages. But a Web page created with a text editor is static; that is, the Web page cannot directly interact with a user. Static Web pages can deliver information such as a personal resume, or a company's catalog data. By contrast, the Common Gateway Interface (CGI) allows creation of Web pages dynamically, which boosts the power of the WWW dramatically.

The CGI is a standard that specifies how external programs can interface with the WWW server. (Detailed information about the CGI standard is available on the WWW at [1] .) CGI's interactive interface and dynamic Web page generation make possible a wide variety of web applications. For example, a customer may purchase a personal workstation through cyberspace by accessing a computer manufacturer's Web page. After choosing the configuration of choice such as microprocessor speed, memory, disk size, etc., the CGI program can dynamically generate a price. The customer can then place the order by just clicking a button.

CGI programming is like shell programming, in that CGI programmers usually do not write huge programs. Rather, they create an application by integrating many small CGI programs. You can write a CGI program in almost any language supported by the Web server's host computer, and C is one of the most popular languages. For example, the Mosaic Web server (distributed by the NCSA at Urbana-Champaign) uses C as the default language for CGI programming. This article will show how to get started writing a CGI program.

CGI Programming with Forms

One of the most important applications of the CGI is handling fill-out forms. An example appears at [2] . In this example the user can register by filling out a form using a Web browser. The CGI program located on the Web server's host computer will process the input, create a password for the user, generate a letter of acknowledgement dynamically, deliver the letter to the e-mail address provided by the user, and finally post a dynamic Web page to inform the user that registration is complete. Obtaining information submitted by the user forms a critical component of a CGI program. The C code for this component is typically difficult to read and use, however. Therefore, in this article I present a simple CGI C program for handling forms, using the example of ordering a pizza. Part of the order form as it appears on the Web page is shown in Figure 1.


Listing 1 shows the HTML source code for the Web page in Figure 1. I've modified this somewhat from an example given in the CGI standard specification [1] . The customer enters his street address and telephone number through the default text input of a fill-out form. He selects toppings for the pizza via check boxes. More than one topping can be selected. But the form allows only one method of payment: it enforces single selection with a radio button. Another radio button allows the customer to indicate whether the driver should call before leaving the store.

The CGI provides two different request methods (ways of getting user input) for handling fill-out forms. One is called POST, the other is GET. GET's default request method appends the encoded form contents to the user's URL and puts it in the server's environmental variable QUERY_STRING, as if it were a normal query. POST's request method sends filled-out form contents to the server through stdin rather than as a part of the URL. When a CGI program uses POST, it can check the environmental variable CONTENT_LENGTH to determine how much data to read from stdin.

In this example, I use the POST request method as shown near the beginning of Listing 1. The CGI program form.cgi resides in the default CGI Web server program directory cgi-bin. This is indicated by the field ACTION in Listing 1. This CGI program must obtain the customer input information of street address, phone number, selection of toppings, payment method, and calling-before-delivery. A pizza maker then can serve the customer accordingly.

Listing 2 shows the CGI program form.cgi, which can obtain the input submitted through a fill-out form. For illustrative purposes, this example program only decodes user's input and generates a dynamic Web page of plain text. Accordingly, the program's first line of output (generated by a printf) indicates that the content type of the output is plain text. Other content types such as HTML files or graphics can also be generated dynamically. Sample plain text generated by the program appears as follows:

CGI FORM test script reports:
The following 6 name/value pairs have been are submitted
address=UC Davis
phone=(916) 752-5020

The CGI program uses a few utility functions, which are shown in Listing 3. Function getnamevalue is critical for CGI programming. It obtains the name and value pairs in the encoded data submitted through the fill-out form. When a user types characters such as &, %, and $ into the text entry field, the Web browser automatically escapes them into hex form -- a percent sign followed by a two-digit hex value corresponding to the ASCII value of the character. For example, the string "&%$" becomes "%26%25%24". Function unescapechar in Listing 3 will decode escaped characters.

Function getnamevalue can handle both POST and GET request methods. To accomplish this, it defines two pointers to pointer to char, nam and val, and allocates arrays of strings to each. These arrays hold the name and value pairs mentioned previously. The CGI program will call function delnamevalue (Listing 3) to deallocate these arrays, after getnamevalue has returned and the CGI program has finished with the array. getnamevalue returns the number of name/value pairs. It passes pointers to the name/value arrays back through its argument list. For a given name, if the user submitted no input value, the corresponding value returned by getnamevalue is "NULL." For a filled-out form, the HTML file always predefines the name, whereas the value can be predefined or input by the user. In Listing 1, "address," "phone," "topping," "paymethod," and "callfirst" are predefined names.Listing 1 also predefines the values "pepperoni," "sausage," "cash," and "yes," but not the values for customer street address and phone number. These are provided by user input.

I have tested the C programs in Listings 2 and 3 on Web servers running under Unix, Linux, and Windows NT. These programs are available from the CUJonline sources (see p. 3) and at [3] . I provide many other examples of CGI programming with C source code at the above Web site. In addition, I make available a C interpreter with built-in security provisions for CGI and world-wide distributed Internet computing with application examples. You can download the interpreter from [4] . Once you've installed this C interpreter with a CGI toolbox, you can treat the functions in Listing 3 as if they were built-in functions, and you can execute CGI programs such as the one shown in Listing 2 on a Web server without compilation.

Harry H. Cheng is an Associate Professor of Mechanical Engineering and the Director of the Integration Engineering Laboratory at the University of California, Davis. He received an MS degree in mathematics and a Ph.D. in mechanical engineering from the University of Illinois at Chicago in 1986 and 1989, respectively. His research interests include world-wide internet computing, open-architecture enterprise-level system integration, evolution of C, robotics, mechatronics, factory automation, computational kinematics, and mechanisms. He may be reached at [email protected] or

November 1996/CGI Programming in C/Figure 1

Figure 1: Part of filled-out form for sample applications

November 1996/CGI Programming in C/Listing 1

Listing 1: HTML file that generated form in Figure 1

<TITLE>Fill-Out Form Example for Ordering Pizza </TITLE>
<H1>Fill-Out Form Example for Ordering Pizza </H1>

<FORM METHOD="POST" ACTION="/cgi-bin/form.cgi">
Type in your street address: <INPUT name="ADDRESS"> <P>
Type in your phone number: <INPUT name="PHONE"> <P>
Which toppings would you like? <P>

<LI> <INPUT TYPE="checkbox" name="TOPPING" VALUE="pepperoni" CHECKED> Pepperoni.
<LI> <INPUT TYPE="checkbox" name="TOPPING" VALUE="sausage" CHECKED> Sausage.
<LI> <INPUT TYPE="checkbox" name="TOPPING" VALUE="anchovies"> Anchovies.

How would you like to pay?  Choose any one of the following: <P>

<LI> <INPUT TYPE="radio" name="PAYMETHOD" VALUE="cash" CHECKED> Cash.
<LI> <INPUT TYPE="radio" name="PAYMETHOD" VALUE="check"> Check.
<LI> <I>Credit card:</I>
<LI> <INPUT TYPE="radio" name="PAYMETHOD" VALUE="mastercard"> Mastercard.
<LI> <INPUT TYPE="radio" name="PAYMETHOD" VALUE="visa"> Visa.
<LI> <INPUT TYPE="radio" name="PAYMETHOD" VALUE="americanexpress"> American Express.

Would you like the driver to call before leaving the store? <P>

<DD> <INPUT TYPE="radio" name="CALLFIRST" VALUE="yes" CHECKED> <I>Yes.</I>
<DD> <INPUT TYPE="radio" name="CALLFIRST" VALUE="no"> <I>No.</I>

To order your pizza, press this button: 
<INPUT TYPE="submit" VALUE="Order Pizza">. <P>

November 1996/CGI Programming in C/Listing 2

Listing 2: The CGI program

/* file name: form.cgi */
#include <stdio.h>
#include <www.h>  /* typedef char **stringArray */
extern int getnamevalue(stringArray *name, 
           stringArray *value);
extern void delnamevalue(stringArray name,
           stringArray value, int num);

main() {
  int i, num;
  /* name[i] is a char string */
  stringArray name; 
  /* value[i] is a char string */
  stringArray value;

  printf("Content-type: text/plain\n\n");
  printf("CGI FORM test script reports:\n\n");
  num = getnamevalue(&name, &value);
    printf("No input from FORM\n");
  printf("The following %d name/value pairs\n"
          " have been submitted\n\n", num);
  for(i=0; i < num; i++)
  delnamevalue(name, value, num);
/* End of File */

November 1996/CGI Programming in C/Listing 3

Listing 3: Utility functions for CGI program

/* File Name: util.c */

int getnamevalue(char ***name, char ***value)
  int cl;                    /* content length */
  int i, l1, l2, num=1;
  char *qs, *clientinput, *token;
  char **nam, **val;

  if(!strcmp("POST",getenv("REQUEST_METHOD"))) { 
    cl = atoi(getenv("CONTENT_LENGTH"));
    if(cl == 0)
      return 0; /* send nothing */
    clientinput = (char*) malloc(sizeof(char)*(cl+1));
    fgets(clientinput, cl+1, stdin); 
  else { /* GET */
    qs = getenv("QUERY_STRING");
    if(qs == NULL)
      return 0; /* send nothing */
    else {
      cl = strlen(qs); 
      clientinput = (char*)malloc(sizeof(char)*(cl+1));

  /* & is the name/value pair separator */
  token = strchr(clientinput, '&'); 
  while(token!=NULL) {  
    num++; /* obtain the total number of pairs */
    token = strchr(token, '&');

  nam = (char **)malloc(sizeof(char*)*num);
  val = (char **)malloc(sizeof(char*)*num);
  for (i=0,token=strtok(clientinput, "&");
       token!=NULL; i++) {
    l1 = strlen(token);
    l2 = strcspn(token,"=");
    nam[i] = (char *)malloc(sizeof(char) * (l2+1));
    strncpy(nam[i], token,l2); 
    nam[i][l2] = '\0';
    if(l1 != l2+1 ) { /* name=value& */
      val[i] = (char *)malloc(sizeof(char) * (l1-l2));
      strcpy(val[i], token+l2+1);
    else /* special case of name=& */
      val[i] = NULL;
    token=strtok(NULL, "&");
  *name  = nam;
  *value = val;
  return num;   /*  number of entries */

void delnamevalue(char **name, 
     char **value, int num) {
  int i;
  for (i = 0; i<num; i++) {

int unescapechar(char *url) {
  int x,y;
  char hex[3]; /* contains xx of %xx */
  for(x=0,y=0;url[y];++x,++y) {
    if(url[x] == '+')
      url[x] = ' '; /* change '+' to ' ' */
    else if(url[x] == '%') {
      /* change xx as char */
      hex[0] = url[y+1]; 
      hex[1] = url[y+2]; hex[2] = '\0';
      url[x] = strtol(hex, NULL, 16);
      y+=2; /* three chars %xx as one char */
      url[x] = url[y];
  url[x] = '\0';
/* End of File */

