IT350 - Web andInternet Programming
Fall 2005

Lab 09 – CGI-powered forms


This week will be anintroduction to CGI programming. To do this, you will go back to the HTML form you created for yourwebsite back in Lab 02/03, and finally put some computation behind it – toreally keep track of signups, orders, etc.

You originally created your labin Lab02, though you should copy yourwork from Lab03 instead, in order tobenefit from your later CSS additions. Recall that in Lab02 you were directed to create some forms as follows:

  1. Form: you must create a form for users to sign up for something. This form may be on any page – index.html, schedule.html, or a new page you create.  Pick what works best for your site. Specifics:

·        Your form collects necessary information from the usersuch as name, rank, SSN, e-mail address, leave address, leave phone number, newaddress, new phone number, seating preferences (table number), special dietaryrequests, working party, course title, course number, sport, team name,ingredients, directions, etc as appropriate for your topic.

·        These forms should contain at least one of each of these input types: hidden, submit,reset, text, password, checkbox, radio button, text area, and select inputfields. Tip: for password, either assume the user has an existing account orask them to create a password to be used for possible changes to their requestlater.


You must create a folder on you Web drivecalled"Lab09" (without the quotes) and store your work in thatdirectory.


  1. Your first order of business is to write a basic CGI program and get that working to the point where it produces some output visible with a browser, but does not yet read in any inputs. We’ll walk you through this part:
    1. Start MS-Visual Studio 6.0 (do not use Visual Studio.Net)
    2. Create a New Project as follows:

                                                               i.      File->New

1.      Pick Win32 Console Application

2.      For Project name, type “Scripts”

3.      Choose W:\Lab09 as your directory

4.      Proceed, then choose to create an empty project

    1. Right-click on the following three links and then save them in W:\Lab09\Scripts : Scripts.cpp, CGI.h, and CGI.cpp.  Then in Visual Studio select Project->Add To Project->Files and add Scripts.cpp.  Repeat for the other files.
    2. Take a look at CGI.h.  This defines a number of helper functions that you will find very useful.  You shouldn’t need it, but if you want you can see their implementation in CGI.cpp.
    3. Compile and run your program.  You should see something like this (details may change):


  1. Using a browser, fetch the URL (normally you would place this in a cgi-bin directory by itself, but it’s not necessary for our server, so easier to leave the file where it is).  You should see something like this:
  2. CGI programs can be hard to debug, because things can go wrong in multiple places – the server might not find or execute the CGI file, your form might provide the wrong values, your program might go into an infinite loop, the output of the CGI program might not be displayed in the browser because of HTML errors, etc.  To make this a little easier, we are providing the following functionality: IF you add a call to setCGIDebug() as the first thing in your main function, then getQueryString()will ignore whatever input is provided by GET or POST via the web server.  Instead, it will use the input string that you provide when you call something like this setCGIDebug("name=John+Smith&pet=Alpaca"). Why is this good?  Well, this enables you to manually set the input, then run your program only in Visual Studio – i.e. without opening up a web browser, without involving the web server – where you can use the Visual Studio debugger if needed. Don’t forget to comment this line out when you want to really run with the web server (through a browser).
  3. We’ll now use this debugging functionality to add the ability for your program to read in inputs.  Open Scripts.cpp and uncomment the line containing the call to setCGIDebug():
    Now using the helper functions defined in CGI.h, add the appropriate code to get the query string (getQueryString()), then more code to obtain the values of the ‘name’ and ‘pet’ parameters.  Add code to output these parameters so that if you run your program (in Visual Studio), it looks something like this (don’t worry about the exact layout, just something that grabs the parameters and outputs them):
  4. Once you have this working, comment out the line with setCGIDebug(), re-compile, and re-build your project.  Try fetching the URL: . You should see something like this:
  5. Copy all of your files from Lab03 into your Lab09 directory. 
  6. You should have a file form.html from Lab03.  Make sure it satisfies the original requirements for forms (given in the introduction above).  Then modify the form (in your Lab09 directory) so that when you click submit, it invokes your new CGI program.  Modify your CGI program so that it reads in some value from your form and displays the value in its resultant HTML output.
  7. Validity check: Write C++ code to validate all of the input that your form provides to your CGI program.  If an error is detected, your program should state explicitly what the error was, and tell the user to hit the back button and try again (see extra credit for a better approach). You may find it useful to go back to Lab03/form.html, fill in some values, and click submit to see how your data is received by the CGI program we gave you earlier. For the validation you should at a minimum check the following:
    1. Ensure all text fields are filled out (not empty)
    2. Ensure at least one radio button is selected in each radio button set.
    3. Ensure at least one checkbox is selected in each checkbox set.
    4. Ensure that numeric inputs, if any, have a reasonable value. (BUT SEE CLARIFICATON AT BOTTOM OF THIS PAGE)
  8. Confirmation: Modify your C++ code so that, if the variables pass all the validation tests above, the program prints out a friendly confirmation.  This confirmation should display the value of all the variables that were provided in a user-friendly manner.  For instance, “Your reservation for 4 people has been confirmed.  The details for this reservation are as follows…”
  9. The remainder of this lab requires dealing with File I/O.  If you reach this point before this has been discussed in class, you may wish to work on extra credit instead of continuing now.
  10. Logging: Modify your CGI program so that it logs the provided variables (query string parameters) received by the form’s submission to a file called LOG.txt. This shall be done by appending the data to an existing LOG.txt file you create.  Write to the log only if the parameters pass all the validation checks that you wrote above. To get this to work you may need to explicitly grant read/write privileges on LOG.txt to web clients.  The log file should be stored in the same directory as your executable Scripts.exe file – use getThisPath() from CGI.cpp to find the path to this directory. In the log, print one entry per line, separating different variables with tabs.
  11. Fraud check: Next you will modify your script so that one part of the user's input, such as name, credit card number, etc, will be checked against a list of fraudulent values stored in a file on the web server called "fraud-values.txt" This file should be in the same directory as the CGI program – create a sample one that includes at least three different values.  Modify your script so that it checks every submission against this file – you pick exactly which field gets checked.  If your script finds a “fraud match”, the program should display a nasty message to the user. Also, the activity should be recorded as a fraud alert in the log file.  If no fraud match is found, record the correct submission in the log file as usual. (ALSO SEE HINT AT BOTTOM ABOUT WHICH PART TO CHECK)
  12. Important final step: create five links in your top-level default.htm page under the heading “Lab09”
    1. Under the name “Form”, make a link to your Lab09/form.html page
    2. Under the name “Good submission” make a link to your Scripts.exe file with all of form variables specified in the URL, such that variables all validate and don’t trigger a fraud alert.  Hint: if your form uses the GET method (change this temporarily if necessary), then you can create the needed URL for this by filling out your form correctly and hitting submit.
    3. Under the name “Fraud submission” make a link like the one above, but such that one of the variables triggers a fraud alert.
    4. Under the name “LOG.txt” make a link to your log file
    5. Under the name “fraud-values.txt” make a link to your fraud-values.txt file.



When all is done you should have a site such that:

·        The user can fill out Lab09/form.html and click submit,invoking your CGI program.

·        Validity checking: The CGI program checks the values submitted and warns if any aremissing or invalid.  If there is a validationproblem, the program prints a detailed error message about the problem.  Otherwise, it prints a friendly confirmationmessage that mentions all the data that was provided.

·        Logging and fraud detection: if no validation problems are found the programwill write something to the LOG file.  If one of the values triggers a fraud alert, then an errormessage is written to the log (and a nasty message is displayed to the user).  Otherwise, all of the parameters arewritten to the log.

·        You have the three links in default.htm that aredescribed above.

·        You make appropriate use of functions to break up yourcode.

·        As always, you have appropriate comments.  As a start, each function should have abrief summary of its purpose and what it returns.

Your HTML web page must be constructed using Notepad or a similar text-onlyeditor. The use of programs such as Microsoft Word, Microsoft Frontpage,DreamWeaver, ColdFusion, Mozilla Composer, etc. will be considered an honoroffense. 

Extra Credit

For a nominal amount of extra credit do some/all of the following:
(NOTE: saving a backup copy of your working lab is recommended before startingon this)

  1. If your program finds a validation problem with an input (such as a missing value or a number that is too big), a much better way to handle this is to have your CGI program regenerate the table with all of the values provided by the user filled in, and values that had a problem highlighted.  Of course there should be a submit button so the user can modify the values and resubmit back to the CGI program.
  2. Write a new CGI program that reads your LOG file and generates a summary report of the submissions.  Be sure that your LOG.txt has enough data in it to make this report at least a little interesting.


  1. Your main web page should be called "form.html" (without the quotes).
  2. All of your files should be in a folder called "Lab09" (without the quotes) on the W drive. Your instructor will assume that your web pages are viewable at where XXXXXX is your alpha number. You may want to check that this URL is viewable and that everything works correctly from a computer where somebody else is logged in. If you've goofed and linked to a file on your X drive, this will help you catch it!
  3. Turn in the following hardcopy at the beginning of class on the due date, stapled together in the following order (coversheet on top):
    1. A completed assignment coversheet._ Your comments will help us improve the course.
    2. A printout of the source to your Scripts.cpp file.
    3. A printout of any C++ files that you created.
    4. A printout of your fraud-values.txt file.


Additional Hints/Clarifications (updated as the lab progresses)

  1. Some of you noticed that if you have multiple checkboxes that are checked that have the same name (say "hobby"), then a call to
    getParam(qString, "hobby")
    only returns one of the values.  You could write a more comples getParam() to handle this.  A much easier approach is to change the checkboxes to have different names "hobby1", "hobby2", ...  This doesn't change the functionality of the form. (This is not a problem for radio butons, since the user can only pick one. In fact you would not want to change the names for such radio buttons, because then the user could pick more than one at the same time). 
  2. If you make any functions that take a file stream as an argument, note that they must be passed by reference, not value:
    void myfunction(ifstream &fp, ...)  // use this
    void myfunction(ifstream fp, ...)   // not this
  3. When you return to working on your lab, choose “Recent Workspaces” from the file menu in Visual Studio and select your Scripts project.  If you just open your Scripts.cpp file, Visual Studio doesn’t know about the other files (CGI.cpp) that need to be included.
  4. Validation – don’t worry about checking that phone numbers or social security numbers are reasonable.  The intent of checking “numeric inputs” was to check to make sure that the user didn’t enter, for instance, “-5” for the number of people attending.  If you have any such inputs, check those.  You can use the atoi() function to convert a string to a number.
  5. When reading from “fraud-values.txt”, it’s much easier to read the values in properly if you chose something that won’t have a space in it (like email address), rather than a full name, because code like fin >> inputVariable will stop reading when it reaches a space   Recommended approach for this lab is to avoid this problem by choosing values that won’t have spaces in them.
  6. If you’ve followed our suggestions your executable script will be in the Lab09/Scripts/Debug directory.  Your LOG.txt and fraud-values.txt should go there too.
  7. Don’t forget to set the file permissions, especially on LOG.txt.
  8. If your code goes into an infinite loop when you try to read in “fraud-values.txt” it probably means that the file is not being opened properly.  Check to make sure the file is in the correct directory and is spelled correctly.  One good way to check this is to try fetching the URL  -- if you cant’ see the contents of this in your web browser, then something is wrong.  Check the spelling and make sure Windows is not hiding an extra file extension from you.