CGI(3) Perl Programmers Reference Guide CGI(3)
NAME
CGI - Simple Common Gateway Interface Class
SYNOPSIS
# CGI script that creates a fill-out form
# and echoes back its values.
use CGI qw/:standard/;
print header,
start_html('A Simple Example'),
h1('A Simple Example'),
start_form,
"What's your name? ",textfield('name'),p,
"What's the combination?", p,
checkbox_group(-name=>'words',
-values=>['eenie','meenie','minie','moe'],
-defaults=>['eenie','minie']), p,
"What's your favorite color? ",
popup_menu(-name=>'color',
-values=>['red','green','blue','chartreuse']),p,
submit,
end_form,
hr;
if (param()) {
my $name = param('name');
my $keywords = join ', ',param('words');
my $color = param('color');
print "Your name is",em(escapeHTML($name)),p,
"The keywords are: ",em(escapeHTML($keywords)),p,
"Your favorite color is ",em(escapeHTML($color)),
hr;
}
ABSTRACT
This perl library uses perl5 objects to make it easy to
create Web fill-out forms and parse their contents. This
package defines CGI objects, entities that contain the
values of the current query string and other state vari-
ables. Using a CGI object's methods, you can examine key-
words and parameters passed to your script, and create
forms whose initial values are taken from the current
query (thereby preserving state information). The module
provides shortcut functions that produce boilerplate HTML,
reducing typing and coding errors. It also provides func-
tionality for some of the more advanced features of CGI
scripting, including support for file uploads, cookies,
cascading style sheets, server push, and frames.
CGI.pm also provides a simple function-oriented program-
ming style for those who don't need its object-oriented
features.
The current version of CGI.pm is available at
http://www.genome.wi.mit.edu/ftp/pub/software/WWW/cgi_docs.html
ftp://ftp-genome.wi.mit.edu/pub/software/WWW/
DESCRIPTION
PROGRAMMING STYLE
There are two styles of programming with CGI.pm, an
object-oriented style and a function-oriented style. In
the object-oriented style you create one or more CGI
objects and then use object methods to create the various
elements of the page. Each CGI object starts out with the
list of named parameters that were passed to your CGI
script by the server. You can modify the objects, save
them to a file or database and recreate them. Because
each object corresponds to the "state" of the CGI script,
and because each object's parameter list is independent of
the others, this allows you to save the state of the
script and restore it later.
For example, using the object oriented style, here is how
you create a simple "Hello World" HTML page:
#!/usr/local/bin/perl -w
use CGI; # load CGI routines
$q = new CGI; # create new CGI object
print $q->header, # create the HTTP header
$q->start_html('hello world'), # start the HTML
$q->h1('hello world'), # level 1 header
$q->end_html; # end the HTML
In the function-oriented style, there is one default CGI
object that you rarely deal with directly. Instead you
just call functions to retrieve CGI parameters, create
HTML tags, manage cookies, and so on. This provides you
with a cleaner programming interface, but limits you to
using one CGI object at a time. The following example
prints the same page, but uses the function-oriented
interface. The main differences are that we now need to
import a set of functions into our name space (usually the
"standard" functions), and we don't need to create the CGI
object.
#!/usr/local/bin/perl
use CGI qw/:standard/; # load standard CGI routines
print header, # create the HTTP header
start_html('hello world'), # start the HTML
h1('hello world'), # level 1 header
end_html; # end the HTML
The examples in this document mainly use the object-ori-
ented style. See HOW TO IMPORT FUNCTIONS for important
information on function-oriented programming in CGI.pm
CALLING CGI.PM ROUTINES
Most CGI.pm routines accept several arguments, sometimes
as many as 20 optional ones! To simplify this interface,
all routines use a named argument calling style that looks
like this:
print $q->header(-type=>'image/gif',-expires=>'+3d');
Each argument name is preceded by a dash. Neither case
nor order matters in the argument list. -type, -Type, and
-TYPE are all acceptable. In fact, only the first argu-
ment needs to begin with a dash. If a dash is present in
the first argument, CGI.pm assumes dashes for the subse-
quent ones.
Several routines are commonly called with just one argu-
ment. In the case of these routines you can provide the
single argument without an argument name. header() hap-
pens to be one of these routines. In this case, the sin-
gle argument is the document type.
print $q->header('text/html');
Other such routines are documented below.
Sometimes named arguments expect a scalar, sometimes a
reference to an array, and sometimes a reference to a
hash. Often, you can pass any type of argument and the
routine will do whatever is most appropriate. For exam-
ple, the param() routine is used to set a CGI parameter to
a single or a multi-valued value. The two cases are shown
below:
$q->param(-name=>'veggie',-value=>'tomato');
$q->param(-name=>'veggie',-value=>['tomato','tomahto','potato','potahto']);
A large number of routines in CGI.pm actually aren't
specifically defined in the module, but are generated
automatically as needed. These are the "HTML shortcuts,"
routines that generate HTML tags for use in dynamically-
generated pages. HTML tags have both attributes (the
attribute="value" pairs within the tag itself) and con-
tents (the part between the opening and closing pairs.)
To distinguish between attributes and contents, CGI.pm
uses the convention of passing HTML attributes as a hash
reference as the first argument, and the contents, if any,
as any subsequent arguments. It works out like this:
Code Generated HTML
---- --------------
h1()
h1('some','contents');
some contents
h1({-align=>left});
h1({-align=>left},'contents');
contents
HTML tags are described in more detail later.
Many newcomers to CGI.pm are puzzled by the difference
between the calling conventions for the HTML shortcuts,
which require curly braces around the HTML tag attributes,
and the calling conventions for other routines, which man-
age to generate attributes without the curly brackets.
Don't be confused. As a convenience the curly braces are
optional in all but the HTML shortcuts. If you like, you
can use curly braces when calling any routine that takes
named arguments. For example:
print $q->header( {-type=>'image/gif',-expires=>'+3d'} );
If you use the -w switch, you will be warned that some
CGI.pm argument names conflict with built-in Perl func-
tions. The most frequent of these is the -values argu-
ment, used to create multi-valued menus, radio button
clusters and the like. To get around this warning, you
have several choices:
1. Use another name for the argument, if one is avail-
able. For example, -value is an alias for -values.
2. Change the capitalization, e.g. -Values
3. Put quotes around the argument name, e.g. '-values'
Many routines will do something useful with a named argu-
ment that it doesn't recognize. For example, you can pro-
duce non-standard HTTP header fields by providing them as
named arguments:
print $q->header(-type => 'text/html',
-cost => 'Three smackers',
-annoyance_level => 'high',
-complaints_to => 'bit bucket');
This will produce the following nonstandard HTTP header:
HTTP/1.0 200 OK
Cost: Three smackers
Annoyance-level: high
Complaints-to: bit bucket
Content-type: text/html
Notice the way that underscores are translated automati-
cally into hyphens. HTML-generating routines perform a
different type of translation.
This feature allows you to keep up with the rapidly chang-
ing HTTP and HTML "standards".
CREATING A NEW QUERY OBJECT (OBJECT-ORIENTED STYLE):
$query = new CGI;
This will parse the input (from both POST and GET methods)
and store it into a perl5 object called $query.
CREATING A NEW QUERY OBJECT FROM AN INPUT FILE
$query = new CGI(INPUTFILE);
If you provide a file handle to the new() method, it will
read parameters from the file (or STDIN, or whatever).
The file can be in any of the forms describing below under
debugging (i.e. a series of newline delimited TAG=VALUE
pairs will work). Conveniently, this type of file is cre-
ated by the save() method (see below). Multiple records
can be saved and restored.
Perl purists will be pleased to know that this syntax
accepts references to file handles, or even references to
filehandle globs, which is the "official" way to pass a
filehandle:
$query = new CGI(\*STDIN);
You can also initialize the CGI object with a FileHandle
or IO::File object.
If you are using the function-oriented interface and want
to initialize CGI state from a file handle, the way to do
this is with restore_parameters(). This will (re)initial-
ize the default CGI object from the indicated file handle.
open (IN,"test.in") || die;
restore_parameters(IN);
close IN;
You can also initialize the query object from an
associative array reference:
$query = new CGI( {'dinosaur'=>'barney',
'song'=>'I love you',
'friends'=>[qw/Jessica George Nancy/]}
);
or from a properly formatted, URL-escaped query string:
$query = new CGI('dinosaur=barney&color=purple');
or from a previously existing CGI object (currently this
clones the parameter list, but none of the other object-
specific fields, such as autoescaping):
$old_query = new CGI;
$new_query = new CGI($old_query);
To create an empty query, initialize it from an empty
string or hash:
$empty_query = new CGI("");
-or-
$empty_query = new CGI({});
FETCHING A LIST OF KEYWORDS FROM THE QUERY:
@keywords = $query->keywords
If the script was invoked as the result of an
search, the parsed keywords can be obtained as an array
using the keywords() method.
FETCHING THE NAMES OF ALL THE PARAMETERS PASSED TO YOUR
SCRIPT:
@names = $query->param
If the script was invoked with a parameter list (e.g.
"name1=value1&name2=value2&name3=value3"), the param()
method will return the parameter names as a list. If the
script was invoked as an script and contains a
string without ampersands (e.g. "value1+value2+value3") ,
there will be a single parameter named "keywords" contain-
ing the "+"-delimited keywords.
NOTE: As of version 1.5, the array of parameter names
returned will be in the same order as they were submitted
by the browser. Usually this order is the same as the
order in which the parameters are defined in the form
(however, this isn't part of the spec, and so isn't guar-
anteed).
FETCHING THE VALUE OR VALUES OF A SINGLE NAMED PARAMETER:
@values = $query->param('foo');
-or-
$value = $query->param('foo');
Pass the param() method a single argument to fetch the
value of the named parameter. If the parameter is multi-
valued (e.g. from multiple selections in a scrolling
list), you can ask to receive an array. Otherwise the
method will return a single value.
If a value is not given in the query string, as in the
queries "name1=&name2=" or "name1&name2", it will be
returned as an empty string. This feature is new in 2.63.
If the parameter does not exist at all, then param() will
return undef in a scalar context, and the empty list in a
list context.
SETTING THE VALUE(S) OF A NAMED PARAMETER:
$query->param('foo','an','array','of','values');
This sets the value for the named parameter 'foo' to an
array of values. This is one way to change the value of a
field AFTER the script has been invoked once before.
(Another way is with the -override parameter accepted by
all methods that generate form elements.)
param() also recognizes a named parameter style of calling
described in more detail later:
$query->param(-name=>'foo',-values=>['an','array','of','values']);
-or-
$query->param(-name=>'foo',-value=>'the value');
APPENDING ADDITIONAL VALUES TO A NAMED PARAMETER:
$query->append(-name=>'foo',-values=>['yet','more','values']);
This adds a value or list of values to the named parame-
ter. The values are appended to the end of the parameter
if it already exists. Otherwise the parameter is created.
Note that this method only recognizes the named argument
calling syntax.
IMPORTING ALL PARAMETERS INTO A NAMESPACE:
$query->import_names('R');
This creates a series of variables in the 'R' namespace.
For example, $R::foo, @R:foo. For keyword lists, a vari-
able @R::keywords will appear. If no namespace is given,
this method will assume 'Q'. WARNING: don't import any-
thing into 'main'; this is a major security risk!!!!
NOTE 1: Variable names are transformed as necessary into
legal Perl variable names. All non-legal characters are
transformed into underscores. If you need to keep the
original names, you should use the param() method instead
to access CGI variables by name.
NOTE 2: In older versions, this method was called
import(). As of version 2.20, this name has been removed
completely to avoid conflict with the built-in Perl module
import operator.
DELETING A PARAMETER COMPLETELY:
$query->delete('foo','bar','baz');
This completely clears a list of parameters. It sometimes
useful for resetting parameters that you don't want passed
down between script invocations.
If you are using the function call interface, use
"Delete()" instead to avoid conflicts with Perl's built-in
delete operator.
DELETING ALL PARAMETERS:
$query->delete_all();
This clears the CGI object completely. It might be useful
to ensure that all the defaults are taken when you create
a fill-out form.
Use Delete_all() instead if you are using the function
call interface.
HANDLING NON-URLENCODED ARGUMENTS
If POSTed data is not of type applica-
tion/x-www-form-urlencoded or multipart/form-data, then
the POSTed data will not be processed, but instead be
returned as-is in a parameter named POSTDATA. To retrieve
it, use code like this:
my $data = $query->param('POSTDATA');
(If you don't know what the preceding means, don't worry
about it. It only affects people trying to use CGI for
XML processing and other specialized tasks.)
DIRECT ACCESS TO THE PARAMETER LIST:
$q->param_fetch('address')->[1] = '1313 Mockingbird Lane';
unshift @{$q->param_fetch(-name=>'address')},'George Munster';
If you need access to the parameter list in a way that
isn't covered by the methods above, you can obtain a
direct reference to it by calling the param_fetch() method
with the name of the . This will return an array refer-
ence to the named parameters, which you then can manipu-
late in any way you like.
You can also use a named argument style using the -name
argument.
FETCHING THE PARAMETER LIST AS A HASH:
$params = $q->Vars;
print $params->{'address'};
@foo = split("\0",$params->{'foo'});
%params = $q->Vars;
use CGI ':cgi-lib';
$params = Vars;
Many people want to fetch the entire parameter list as a
hash in which the keys are the names of the CGI parame-
ters, and the values are the parameters' values. The
Vars() method does this. Called in a scalar context, it
returns the parameter list as a tied hash reference.
Changing a key changes the value of the parameter in the
underlying CGI parameter list. Called in a list context,
it returns the parameter list as an ordinary hash. This
allows you to read the contents of the parameter list, but
not to change it.
When using this, the thing you must watch out for are mul-
tivalued CGI parameters. Because a hash cannot distin-
guish between scalar and list context, multivalued parame-
ters will be returned as a packed string, separated by the
"\0" (null) character. You must split this packed string
in order to get at the individual values. This is the
convention introduced long ago by Steve Brenner in his
cgi-lib.pl module for Perl version 4.
If you wish to use Vars() as a function, import the
:cgi-lib set of function calls (also see the section on
CGI-LIB compatibility).
SAVING THE STATE OF THE SCRIPT TO A FILE:
$query->save(\*FILEHANDLE)
This will write the current state of the form to the pro-
vided filehandle. You can read it back in by providing a
filehandle to the new() method. Note that the filehandle
can be a file, a pipe, or whatever!
The format of the saved file is:
NAME1=VALUE1
NAME1=VALUE1'
NAME2=VALUE2
NAME3=VALUE3
=
Both name and value are URL escaped. Multi-valued CGI
parameters are represented as repeated names. A session
record is delimited by a single = symbol. You can write
out multiple records and read them back in with several
calls to new. You can do this across several sessions by
opening the file in append mode, allowing you to create
primitive guest books, or to keep a history of users'
queries. Here's a short example of creating multiple ses-
sion records:
use CGI;
open (OUT,">>test.out") || die;
$records = 5;
foreach (0..$records) {
my $q = new CGI;
$q->param(-name=>'counter',-value=>$_);
$q->save(\*OUT);
}
close OUT;
# reopen for reading
open (IN,"test.out") || die;
while (!eof(IN)) {
my $q = new CGI(\*IN);
print $q->param('counter'),"\n";
}
The file format used for save/restore is identical to that
used by the Whitehead Genome Center's data exchange format
"Boulderio", and can be manipulated and even databased
using Boulderio utilities. See
http://stein.cshl.org/boulder/
for further details.
If you wish to use this method from the function-oriented
(non-OO) interface, the exported name for this method is
save_parameters().
RETRIEVING CGI ERRORS
Errors can occur while processing user input, particularly
when processing uploaded files. When these errors occur,
CGI will stop processing and return an empty parameter
list. You can test for the existence and nature of errors
using the cgi_error() function. The error messages are
formatted as HTTP status codes. You can either incorporate
the error text into an HTML page, or use it as the value
of the HTTP status:
my $error = $q->cgi_error;
if ($error) {
print $q->header(-status=>$error),
$q->start_html('Problems'),
$q->h2('Request not processed'),
$q->strong($error);
exit 0;
}
When using the function-oriented interface (see the next
section), errors may only occur the first time you call
param(). Be ready for this!
USING THE FUNCTION-ORIENTED INTERFACE
To use the function-oriented interface, you must specify
which CGI.pm routines or sets of routines to import into
your script's namespace. There is a small overhead asso-
ciated with this importation, but it isn't much.
use CGI ;
The listed methods will be imported into the current pack-
age; you can call them directly without creating a CGI
object first. This example shows how to import the
param() and header() methods, and then use them directly:
use CGI 'param','header';
print header('text/plain');
$zipcode = param('zipcode');
More frequently, you'll import common sets of functions by
referring to the groups by name. All function sets are
preceded with a ":" character as in ":html3" (for tags
defined in the HTML 3 standard).
Here is a list of the function sets you can import:
:cgi
Import all CGI-handling methods, such as param(),
path_info() and the like.
:form
Import all fill-out form generating methods, such as
textfield().
:html2
Import all methods that generate HTML 2.0 standard
elements.
:html3
Import all methods that generate HTML 3.0 elements
(such as
, and ).
:html4
Import all methods that generate HTML 4 elements (such
as , and ).
:netscape
Import all methods that generate Netscape-specific
HTML extensions.
:html
Import all HTML-generating shortcuts (i.e. 'html2' +
'html3' + 'netscape')...
:standard
Import "standard" features, 'html2', 'html3', 'html4',
'form' and 'cgi'.
:all
Import all the available methods. For the full list,
see the CGI.pm code, where the variable %EXPORT_TAGS
is defined.
If you import a function name that is not part of CGI.pm,
the module will treat it as a new HTML tag and generate
the appropriate subroutine. You can then use it like any
other HTML tag. This is to provide for the rapidly-evolv-
ing HTML "standard." For example, say Microsoft comes out
with a new tag called (which causes the user's
desktop to be flooded with a rotating gradient fill until
his machine reboots). You don't need to wait for a new
version of CGI.pm to start using it immediately:
use CGI qw/:standard :html3 gradient/;
print gradient({-start=>'red',-end=>'blue'});
Note that in the interests of execution speed CGI.pm does
not use the standard Exporter syntax for specifying load
symbols. This may change in the future.
If you import any of the state-maintaining CGI or form-
generating methods, a default CGI object will be created
and initialized automatically the first time you use any
of the methods that require one to be present. This
includes param(), textfield(), submit() and the like. (If
you need direct access to the CGI object, you can find it
in the global variable $CGI::Q). By importing CGI.pm
methods, you can create visually elegant scripts:
use CGI qw/:standard/;
print
header,
start_html('Simple Script'),
h1('Simple Script'),
start_form,
"What's your name? ",textfield('name'),p,
"What's the combination?",
checkbox_group(-name=>'words',
-values=>['eenie','meenie','minie','moe'],
-defaults=>['eenie','moe']),p,
"What's your favorite color?",
popup_menu(-name=>'color',
-values=>['red','green','blue','chartreuse']),p,
submit,
end_form,
hr,"\n";
if (param) {
print
"Your name is ",em(param('name')),p,
"The keywords are: ",em(join(", ",param('words'))),p,
"Your favorite color is ",em(param('color')),".\n";
}
print end_html;
PRAGMAS
In addition to the function sets, there are a number of
pragmas that you can import. Pragmas, which are always
preceded by a hyphen, change the way that CGI.pm functions
in various ways. Pragmas, function sets, and individual
functions can all be imported in the same use() line. For
example, the following use statement imports the standard
set of functions and enables debugging mode (pragma
-debug):
use CGI qw/:standard -debug/;
The current list of pragmas is as follows:
-any
When you use CGI -any, then any method that the query
object doesn't recognize will be interpreted as a new
HTML tag. This allows you to support the next ad hoc
Netscape or Microsoft HTML extension. This lets you
go wild with new and unsupported tags:
use CGI qw(-any);
$q=new CGI;
print $q->gradient({speed=>'fast',start=>'red',end=>'blue'});
Since using any causes any mistyped
method name to be interpreted as an HTML tag, use it
with care or not at all.
-compile
This causes the indicated autoloaded methods to be
compiled up front, rather than deferred to later.
This is useful for scripts that run for an extended
period of time under FastCGI or mod_perl, and for
those destined to be crunched by Malcom Beattie's Perl
compiler. Use it in conjunction with the methods or
method families you plan to use.
use CGI qw(-compile :standard :html3);
or even
use CGI qw(-compile :all);
Note that using the -compile pragma in this way will
always have the effect of importing the compiled func-
tions into the current namespace. If you want to com-
pile without importing use the compile() method
instead:
use CGI();
CGI->compile();
This is particularly useful in a mod_perl environment,
in which you might want to precompile all CGI routines
in a startup script, and then import the functions
individually in each mod_perl script.
-nosticky
By default the CGI module implements a state-preserv-
ing behavior called "sticky" fields. The way this
works is that if you are regenerating a form, the
methods that generate the form field values will
interrogate param() to see if similarly-named parame-
ters are present in the query string. If they find a
like-named parameter, they will use it to set their
default values.
Sometimes this isn't what you want. The -nosticky
pragma prevents this behavior. You can also selec-
tively change the sticky behavior in each element that
you generate.
-tabindex
Automatically add tab index attributes to each form
field. With this option turned off, you can still add
tab indexes manually by passing a -tabindex option to
each field-generating method.
-no_undef_params
This keeps CGI.pm from including undef params in the
parameter list.
-no_xhtml
By default, CGI.pm versions 2.69 and higher emit XHTML
(http://www.w3.org/TR/xhtml1/). The -no_xhtml pragma
disables this feature. Thanks to Michalis Kabrianis
for this feature.
If start_html()'s -dtd parameter specifies an HTML 2.0
or 3.2 DTD, XHTML will automatically be disabled with-
out needing to use this pragma.
-nph
This makes CGI.pm produce a header appropriate for an
NPH (no parsed header) script. You may need to do
other things as well to tell the server that the
script is NPH. See the discussion of NPH scripts
below.
-newstyle_urls
Separate the name=value pairs in CGI parameter query
strings with semicolons rather than ampersands. For
example:
?name=fred;age=24;favorite_color=3
Semicolon-delimited query strings are always accepted,
but will not be emitted by self_url() and
query_string() unless the -newstyle_urls pragma is
specified.
This became the default in version 2.64.
-oldstyle_urls
Separate the name=value pairs in CGI parameter query
strings with ampersands rather than semicolons. This
is no longer the default.
-autoload
This overrides the autoloader so that any function in
your program that is not recognized is referred to
CGI.pm for possible evaluation. This allows you to
use all the CGI.pm functions without adding them to
your symbol table, which is of concern for mod_perl
users who are worried about memory consumption. Warn-
ing: when -autoload is in effect, you cannot use
"poetry mode" (functions without the parenthesis).
Use hr() rather than hr, or add something like use
subs qw/hr p header/ to the top of your script.
-no_debug
This turns off the command-line processing features.
If you want to run a CGI.pm script from the command
line to produce HTML, and you don't want it to read
CGI parameters from the command line or STDIN, then
use this pragma:
use CGI qw(-no_debug :standard);
-debug
This turns on full debugging. In addition to reading
CGI arguments from the command-line processing, CGI.pm
will pause and try to read arguments from STDIN, pro-
ducing the message "(offline mode: enter name=value
pairs on standard input)" features.
See the section on debugging for more details.
-private_tempfiles
CGI.pm can process uploaded file. Ordinarily it spools
the uploaded file to a temporary directory, then
deletes the file when done. However, this opens the
risk of eavesdropping as described in the file upload
section. Another CGI script author could peek at this
data during the upload, even if it is confidential
information. On Unix systems, the -private_tempfiles
pragma will cause the temporary file to be unlinked as
soon as it is opened and before any data is written
into it, reducing, but not eliminating the risk of
eavesdropping (there is still a potential race condi-
tion). To make life harder for the attacker, the pro-
gram chooses tempfile names by calculating a 32 bit
checksum of the incoming HTTP headers.
To ensure that the temporary file cannot be read by
other CGI scripts, use suEXEC or a CGI wrapper program
to run your script. The temporary file is created
with mode 0600 (neither world nor group readable).
The temporary directory is selected using the
following algorithm:
1. if the current user (e.g. "nobody") has a directory named
"tmp" in its home directory, use that (Unix systems only).
2. if the environment variable TMPDIR exists, use the location
indicated.
3. Otherwise try the locations /usr/tmp, /var/tmp, C:\temp,
/tmp, /temp, ::Temporary Items, and \WWW_ROOT.
Each of these locations is checked that it is a direc-
tory and is writable. If not, the algorithm tries the
next choice.
SPECIAL FORMS FOR IMPORTING HTML-TAG FUNCTIONS
Many of the methods generate HTML tags. As described
below, tag functions automatically generate both the open-
ing and closing tags. For example:
print h1('Level 1 Header');
produces
Level 1 Header
There will be some times when you want to produce the
start and end tags yourself. In this case, you can use
the form start_tag_name and end_tag_name, as in:
print start_h1,'Level 1 Header',end_h1;
With a few exceptions (described below), start_tag_name
and end_tag_name functions are not generated automatically
when you use CGI. However, you can specify the tags you
want to generate start/end functions for by putting an
asterisk in front of their name, or, alternatively,
requesting either "start_tag_name" or "end_tag_name" in
the import list.
Example:
use CGI qw/:standard *table start_ul/;
In this example, the following functions are generated in
addition to the standard ones:
1. start_table() (generates a
tag)
2. end_table() (generates a
tag)
3. start_ul() (generates a
tag)
4. end_ul() (generates a
tag)
GENERATING DYNAMIC DOCUMENTS
Most of CGI.pm's functions deal with creating documents on
the fly. Generally you will produce the HTTP header
first, followed by the document itself. CGI.pm provides
functions for generating HTTP headers of various types as
well as for generating HTML. For creating GIF images, see
the GD.pm module.
Each of these functions produces a fragment of HTML or
HTTP which you can print out directly so that it displays
in the browser window, append to a string, or save to a
file for later use.
CREATING A STANDARD HTTP HEADER:
Normally the first thing you will do in any CGI script is
print out an HTTP header. This tells the browser what
type of document to expect, and gives other optional
information, such as the language, expiration date, and
whether to cache the document. The header can also be
manipulated for special purposes, such as server push and
pay per view pages.
print header;
-or-
print header('image/gif');
-or-
print header('text/html','204 No response');
-or-
print header(-type=>'image/gif',
-nph=>1,
-status=>'402 Payment required',
-expires=>'+3d',
-cookie=>$cookie,
-charset=>'utf-7',
-attachment=>'foo.gif',
-Cost=>'$2.00');
header() returns the Content-type: header. You can pro-
vide your own MIME type if you choose, otherwise it
defaults to text/html. An optional second parameter spec-
ifies the status code and a human-readable message. For
example, you can specify 204, "No response" to create a
script that tells the browser to do nothing at all.
The last example shows the named argument style for pass-
ing arguments to the CGI methods using named parameters.
Recognized parameters are -type, -status, -expires, and
-cookie. Any other named parameters will be stripped of
their initial hyphens and turned into header fields,
allowing you to specify any HTTP header you desire.
Internal underscores will be turned into hyphens:
print header(-Content_length=>3002);
Most browsers will not cache the output from CGI scripts.
Every time the browser reloads the page, the script is
invoked anew. You can change this behavior with the
-expires parameter. When you specify an absolute or rela-
tive expiration interval with this parameter, some
browsers and proxy servers will cache the script's output
until the indicated expiration date. The following forms
are all valid for the -expires field:
+30s 30 seconds from now
+10m ten minutes from now
+1h one hour from now
-1d yesterday (i.e. "ASAP!")
now immediately
+3M in three months
+10y in ten years time
Thursday, 25-Apr-1999 00:40:33 GMT at the indicated time & date
The -cookie parameter generates a header that tells the
browser to provide a "magic cookie" during all subsequent
transactions with your script. Netscape cookies have a
special format that includes interesting attributes such
as expiration time. Use the cookie() method to create and
retrieve session cookies.
The -nph parameter, if set to a true value, will issue the
correct headers to work with a NPH (no-parse-header)
script. This is important to use with certain servers
that expect all their scripts to be NPH.
The -charset parameter can be used to control the charac-
ter set sent to the browser. If not provided, defaults to
ISO-8859-1. As a side effect, this sets the charset()
method as well.
The -attachment parameter can be used to turn the page
into an attachment. Instead of displaying the page, some
browsers will prompt the user to save it to disk. The
value of the argument is the suggested name for the saved
file. In order for this to work, you may have to set the
-type to "application/octet-stream".
The -p3p parameter will add a P3P tag to the outgoing
header. The parameter can be an arrayref or a space-
delimited string of P3P tags. For example:
print header(-p3p=>[qw(CAO DSP LAW CURa)]);
print header(-p3p=>'CAO DSP LAW CURa');
In either case, the outgoing header will be formatted as:
P3P: policyref="/w3c/p3p.xml" cp="CAO DSP LAW CURa"
GENERATING A REDIRECTION HEADER
print redirect('http://somewhere.else/in/movie/land');
Sometimes you don't want to produce a document yourself,
but simply redirect the browser elsewhere, perhaps choos-
ing a URL based on the time of day or the identity of the
user.
The redirect() function redirects the browser to a differ-
ent URL. If you use redirection like this, you should not
print out a header as well.
You should always use full URLs (including the http: or
ftp: part) in redirection requests. Relative URLs will
not work correctly.
You can also use named arguments:
print redirect(-uri=>'http://somewhere.else/in/movie/land',
-nph=>1,
-status=>301);
The -nph parameter, if set to a true value, will issue the
correct headers to work with a NPH (no-parse-header)
script. This is important to use with certain servers,
such as Microsoft IIS, which expect all their scripts to
be NPH.
The -status parameter will set the status of the redirect.
HTTP defines three different possible redirection status
codes:
301 Moved Permanently
302 Found
303 See Other
The default if not specified is 302, which means "moved
temporarily." You may change the status to another status
code if you wish. Be advised that changing the status to
anything other than 301, 302 or 303 will probably break
redirection.
CREATING THE HTML DOCUMENT HEADER
print start_html(-title=>'Secrets of the Pyramids',
-author=>'fred@capricorn.org',
-base=>'true',
-target=>'_blank',
-meta=>{'keywords'=>'pharaoh secret mummy',
'copyright'=>'copyright 1996 King Tut'},
-style=>{'src'=>'/styles/style1.css'},
-BGCOLOR=>'blue');
After creating the HTTP header, most CGI scripts will
start writing out an HTML document. The start_html() rou-
tine creates the top of the page, along with a lot of
optional information that controls the page's appearance
and behavior.
This method returns a canned HTML header and the opening
tag. All parameters are optional. In the named
parameter form, recognized parameters are -title, -author,
-base, -xbase, -dtd, -lang and -target (see below for the
explanation). Any additional parameters you provide, such
as the Netscape unofficial BGCOLOR attribute, are added to
the tag. Additional parameters must be proceeded
by a hyphen.
The argument -xbase allows you to provide an HREF for the
tag different from the current location, as in
-xbase=>"http://home.mcom.com/"
All relative links will be interpreted relative to this
tag.
The argument -target allows you to provide a default tar-
get frame for all the links and fill-out forms on the
page. This is a non-standard HTTP feature which only
works with Netscape browsers! See the Netscape documenta-
tion on frames for details of how to manipulate this.
-target=>"answer_window"
All relative links will be interpreted relative to this
tag. You add arbitrary meta information to the header
with the -meta argument. This argument expects a refer-
ence to an associative array containing name/value pairs
of meta information. These will be turned into a series
of header tags that look something like this:
To create an HTTP-EQUIV type of tag, use -head,
described below.
The -style argument is used to incorporate cascading
stylesheets into your code. See the section on CASCADING
STYLESHEETS for more information.
The -lang argument is used to incorporate a language
attribute into the tag. For example:
print $q->start_html(-lang=>'fr-CA');
The default if not specified is "en-US" for US English,
unless the -dtd parameter specifies an HTML 2.0 or 3.2
DTD, in which case the lang attribute is left off. You
can force the lang attribute to left off in other cases by
passing an empty string (-lang=>'').
The -encoding argument can be used to specify the charac-
ter set for XHTML. It defaults to iso-8859-1 if not spec-
ified.
The -declare_xml argument, when used in conjunction with
XHTML, will put a declaration at the top of the
HTML header. The sole purpose of this declaration is to
declare the character set encoding. In the absence of
-declare_xml, the output HTML will contain a tag
that specifies the encoding, allowing the HTML to pass
most validators. The default for -declare_xml is false.
You can place other arbitrary HTML elements to the
section with the -head tag. For example, to place the
rarely-used element in the head section, use this:
print start_html(-head=>Link({-rel=>'next',
-href=>'http://www.capricorn.com/s2.html'}));
To incorporate multiple HTML elements into the sec-
tion, just pass an array reference:
print start_html(-head=>[
Link({-rel=>'next',
-href=>'http://www.capricorn.com/s2.html'}),
Link({-rel=>'previous',
-href=>'http://www.capricorn.com/s1.html'})
]
);
And here's how to create an HTTP-EQUIV tag:
print start_html(-head=>meta({-http_equiv => 'Content-Type',
-content => 'text/html'}))
JAVASCRIPTING: The -script, -noScript, -onLoad,
-onMouseOver, -onMouseOut and -onUnload parameters are
used to add Netscape JavaScript calls to your pages.
-script should point to a block of text containing
JavaScript function definitions. This block will be
placed within a