CGI.pm

From Dev411: The Code Wiki

In the early days of the Internet, Perl scripts manually parsed HTTP requests (forms, cookies, etc.) and generated HTTP responses (headers, cookies, etc.). This led to widespread usage of poor quality code that worked for a particular situations but not all. Luckily this functionality is handled well and correctly in the standard CGI.pm (http://search.cpan.org/~lds/CGI.pm-3.15/CGI.pm) module and alternatives. These modules are widely used and tested so there is virtually no reason to do manual HTTP handling today.

Note: CGI.pm is primarily recommended for those just starting with Perl CGI scripting. As you get more advanced, you will find ample reasons to move away from CGI.pm, one of which is that it doesn't work well with FastCGI: FastCGI problems with CGI.pm (http://www.fastcgi.com/archives/fastcgi-developers/2001-May/001269.html).

Table of contents
1 CGI.pm vs. hand-rolling
2 But don't create HTML with CGI.pm
3 Useful alternatives to CGI.pm
4 Summary
[edit]

CGI.pm vs. hand-rolling

CGI.pm comes bundled with Perl so it is almost always available. It automatically handles many problems that tend to plague hand-rolled solutions such as:

  • correct handling of file uploads
  • multiple values for one parameter. many solutions don't handle this at all and many that do have a security hole (http://www.perlmonks.org/index.pl?node_id=38548)
  • correctly query string handling for ; in addition to &
  • verification of CONTENT_LENGTH to handle browser errors

Here's some detailed reading on why you should use CGI.pm:

  • use CGI or die; (http://www.perlmonks.org/index.pl?node_id=51012) (PerlMonks (http://www.perlmonks.org) node)
  • Why use CGI.pm? (http://users.easystreet.com/ovid/cgi_course/lessons/lesson_two.html) (lesson 2 of Ovid's CGI Course (http://users.easystreet.com/ovid/cgi_course/index.html))
[edit]

But don't create HTML with CGI.pm

As a caveat, in addition to CGI capabilities, CGI.pm also has HTML generation capabilities. It is a good idea to skip this feature and not rely on CGI.pm to generate HTML for the following reasons:

  • if you move on from CGI.pm to other modules for HTTP request and response handling (such as the ones listed in the Alternatives section below), they generally have CGI.pm's interface for CGI methods but don't include the HTML methods,
  • HTML handling is better done by a templating system such as HTML::Template (http://search.cpan.org/~samtregar/HTML-Template-2.8/Template.pm), Template Toolkit (http://www.template-toolkit.org) or Mason (http://www.masonhq.org).
[edit]

Useful alternatives to CGI.pm

While CGI.pm is the minimum you should use, there are a number of alternatives that may fit your needs better however these require a separate installation.

CGI.pm also tries to read from STDIN when an object is instantiated which can cause problems.

  • CGI::Lite (http://search.cpan.org/~smylers/CGI-Lite-2.02/Lite.pm) & CGI::Simple (http://search.cpan.org/~jfreeman/Cgi-Simple-0.077/Simple.pm): For those that want a lighter-weight solution, these alternatives provide the CGI handling component of CGI.pm with a similar API but with out the HTML functionality.
  • libapreq (http://search.cpan.org/~stas/libapreq-1.33/) & libapreq2 (http://search.cpan.org/~joesuf/libapreq2-2.06-dev/): libapreq (for Apache 1.x/mod_perl 1.x) and libapreq2 (for Apache 2.x/mod_perl 2.x) provide HTTP request functionality through the Apache:: and Apache2:: family of modules. In particular, these modules are much faster at parsing GET and POST parameters than CGI.pm.
  • Catalyst::Request (http://search.cpan.org/~agrundma/Catalyst-5.62/lib/Catalyst/Request.pm)/Response (http://search.cpan.org/~agrundma/Catalyst-5.62/lib/Catalyst/Response.pm) and Isotope (http://dev.catalyst.perl.org/browser/trunk/Isotope): The Catalyst framework (http://www.catalystframework.org/) currently has it's own HTTP handling component that provides a single interface to multiple engines so your code will automatically work with CGI, mod_perl 1.3x, mod_perl 1.99x, mod_perl 2.x, FastCGI, SpeedyCGI, the Zeus server, etc. This functionality is being broken out into a separate project called Isotope which is currently in development. When Isotope is ready, it will be used by Catalyst and available for use outside of Catalyst.
[edit]

Summary

Use CGI.pm or one of the alternatives. Do not roll your own HTTP handling code.

Retrieved from "http://www.dev411.com/wiki/CGI.pm"