178
Chapter 11 CGI Programming
lines and the content. Web browsers look for the header-content boundary in this way so that it can hide the headers properly from users. As no more headers are specified after the content type line in this example, the extra empty line is produced by two consecutive \n. A CGI script does not have to generate all necessary HTTP headers because the Web server should generate them automatically. An exception is Content-Type, for the reason that I have just explained. Apart from defined HTTP headers your scripts may generate other custom headers you prefer. However, because CGI scripts are usually rendered in browsers, unrecognized headers are generally ignored, anyway.
11.5 GET vs. POST In the previous example, we have used a form to transmit user-specified data to the server CGI script. Note that we have used the GET method to pass the form data, as characterized by the method property of the form element. However, another method POST is also available. Here we shall discuss what they are and how they differ from each other. To start with, let’s investigate how the form data are transmitted in each case. Both methods involve construction of a query string of the following format: name1=value1&name2=value2& ... Recall the HTML form listed in greeting.html. <form> ... </form> encloses the form. Inside the form, we can find a text entry control, whose name attribute is “name”. Each control in the form should have the name atttribute set. When data is transmitted to the server script, as there may be several pieces of data sent in the same form, every piece of data has to be labeled with a name so that the server script can differentiate the values. The name is set as the name attribute in the corresponding form control. In this example, as there is only one control, there is only one name-value pair in the form. Expressed in the above format, that is: name=Bernard What if the name or value contains the characters & or =? In fact, non-alphanumeric characters in the name or the value is encoded, in a manner compatible to RFC2396 for a reason that is to be explained shortly. This document documents the format of Uniform Resource Identifiers, of which Uniform Resource Locators form a subset. The URI encoding scheme stipulates all characters except alphanumeric characters and a few unreserved characters (section 2.3) should be encoded, and this is achieved by representing the character by the hexadecimal representation of its ASCII value preceded by the character “%”. Examples: Bernard%20Chan 100%25 A%26B%20Associates
# Bernard Chan # 100% # A&B Associates
However, as the space character frequently occurs in data to be encoded, there exists an alternative representation of the space character by the character “+”. Therefore, if you are parsing the form data manually yourself (which you are discouraged to do so as explained earlier) you should ensure “%20” and “+” are both treated as the space character. This also explains why it is desirable to use CGI.pm, as to decode properly is not a trivial affair in itself. By using CGI.pm, you don’t even have to care such details — it is handled for you automatically.