packages icon
   cgihtml Documentation
   Eugene Eric Kim,
   v1.69, March 18, 1998

   Documentation for cgihtml, a set of CGI and HTML routines written in

   Table of Contents

   1. Introduction

      1.1 Where to Find cgihtml

   2. What is cgihtml?

      2.1 What are the advantages of cgihtml?
      2.2 Why C?
      2.3 Latest changes
      2.4 Files included in this package

   3. Installation

      3.1 Requirements
      3.2 Obtaining and unpacking the distribution
      3.3 Compiling the library
         3.3.1 Makefile variables
         3.3.2 Compiling for Win32
         3.3.3 Configuring File Uploadn
         3.3.4 Compiling and Installing
      3.4 Porting

   4. Using cgihtml

      4.1 Basic programming structure
      4.2 Compiling your program

   5. Routines

      5.1 cgi-lib.h
         5.1.1 Library Variables
         5.1.2 Library functions
      5.2 html-lib.h
         5.2.1 Library functions
      5.3 cgi-llist.h
         5.3.1 Library variables
         5.3.2 Library functions
      5.4 string-lib.h
         5.4.1 Library functions

   6. Example programs

      6.1 test.cgi
      6.2 query-results
      6.3 mail.cgi
      6.4 index-sample.cgi
      6.5 ignore.cgi

   7. Miscellaneous

      7.1 Release notes
      7.2 Future releases
      7.3 Credits


   1.  Introduction

   This documentation is also available at

   Documentation last updated: March 18, 1998

   1.1.  Where to Find cgihtml

   You can download cgihtml (gzipped, UNIX compressed, or PKZipped) from
   one of the following sites:

      Harvard Computer Society

      Keith Bunge's Iowa State mirror site

   Useful information about cgihtml is available at the cgihtml home page
   <>, located at

   2.  What is cgihtml?

   cgihtml is a collection of routines for parsing World Wide Web (WWW)
   Common Gateway Interface (CGI) input and outputting HyperText Markup
   Language (HTML).

   2.1.  What are the advantages of cgihtml?

   cgihtml simplifies the task of parsing CGI input and producing HTML
   output.  Tasks which would normally require several lines of C can be
   reduced to just a few.

   Additionally, I have attempted to include general routines which CGI
   programmers often find themselves using.  Consequently, some of the
   complexities of CGI programming are hidden.  On the other hand, if you
   want to know what's going on, source is included.

   2.2.  Why C?

   The purpose of CGI programs is to take data and manipulate it as the
   web programmer desires.  Since CGI programs are often dealing with
   text manipulation, Perl or other scripting languages is an ideal way
   of producing CGI scripts.  (Perl programmers should check out Lincoln
   Stein's <http://www-> or Steve
   Brenner's <>.)

   However, interpreted scripting languages tend to be relatively large.
   This rarely has a major effect on the performance of your server
   (unless you are a high-traffic site).  However, if this is a concern
   of your's, a program written in C is often several times smaller than
   the equivalent program written in Perl.  There's definitely a
   performance improvement when using CGI programs written in C, although
   the performance is not always noticeable.
   Additionally, some servers (notably Netsite and Apache) have APIs so
   that CGI programs can be written as extensions to the server, rather
   than as separate programs.  This greatly improves performance,
   especially on high-traffic sites.  The best way to take advantage of
   these APIs is to write your programs in C.

   Or, you might fall under one of the following categories:

   o  You don't know Perl

   o  You don't like Perl

   o  You like C

   In which case, you will hopefully find cgihtml useful.

   2.3.  Latest changes

   See the CHANGES file, included in the distribution.

   2.4.  Files included in this package

   The following files are included in this package:

   3.  Installation

   3.1.  Requirements

   cgihtml was written for Unix machines in C, although it has been
   successfully ported to Windows 95 and NT, VMS, OS-9, and other
   operating systems.  All you need is a C compiler, and you should be

   By default, cgihtml assumes that the CGI source code goes in the cgi-
   src directory and the binaries in the cgi-bin directory.

   3.2.  Obtaining and unpacking the distribution

   You may find cgihtml.tar.gz at

   To unpack the distribution, you must first gunzip it (using the GNU
   gzip utility) and then untar it.  Copy the distribution into your CGI
   source directory, and try the following command:

        % gzip -dc cgihtml.tar.gz | tar xvf -

   cgihtml is also available in UNIX compressed (.Z) and PKZipped (.zip)

   3.3.  Compiling the library

   To compile the library, examine the Makefiles in the cgihtml and
   examples directories, and make sure you are satisfied with the
   3.3.1.  Makefile variables

   INSTALLDIR in cgihtml's Makefile should point to your CGI source
   directory, while INSTALLDIR in your examples directory should point to
   your server's CGI binary directory.

   3.3.2.  Compiling for Win32

   If you're compiling for Win32 (ie. Windows 95/NT), make sure to
   uncomment the line with -DWINDOWS.

   3.3.3.  Configuring File Uploadn

   By default, the file upload directory is set to /tmp.  To change this
   value, uncomment #-DUPLOADDIR='"/tmp"' in the Makefile and replace
   /tmp with the directory of your choice.  Make sure that whichever
   directory you choose is surrounded by both the single and double
   quotes, ie: '"/foo/bar"'.

   3.3.4.  Compiling and Installing

   When you are satisfied with the Makefiles, type:

        % make cgihtml.a

   This will produce the file cgihtml.a.  To compile the library as well
   as all of the example programs, type:

        % make all

   To install the library and examples, type:

        % make install

   If you want to compile and/or install the example programs separately,
   change to the examples subdirectory and use make there.

   3.4.  Porting

   While compiling the libraries on various Unix machines, you may have
   trouble with the "ranlib" command.  If you system doesn't seem to have
   this command, you most likely don't need.  Set the RANLIB variable in
   the Makefile to "true".

   If you're compiling for Win32, make sure you use the -DWINDOWS
   directive when compiling.

   If you are compiling for DOS/16-bit Windows, VMS, or OS-9, you will
   need to change the filenames to support your OS.

   4.  Using cgihtml

   4.1.  Basic programming structure

   There are standard initialization things that you will want to do when
   using this library.  The following template should give you some idea
   of how to properly use this library.

   /* template using cgihtml.a library */

   #include <stdio.h>    /* standard io functions */
   #include "cgi-lib.h"  /* CGI-related routines */
   #include "html-lib.h" /* HTML-related routines */

   int main()
     llist entries;  /* define a linked list; this is where the entries */
                     /* are stored.                                     */

   /* parse the form data and add it to the list */

   /* The data is now in a very usable form.  To search the list entries  */
   /* by name, call the function:                                         */
   /*      cgi_val(entries, "nameofentry")                                */
   /* which returns a pointer to the value associated with "nameofentry". */

     html_header();           /* print HTML MIME header */
     html_begin("Output");    /* send appropriate HTML headers with title */
                              /*   <title>Output</title>                  */

   /* display whatever data you wish here, probably with printf() */

     html_end();   /* send appropriate HTML end footers (</body> </html>) */
     list_clear(&entries);     /* free up the pointers in the linked list */
     return 0;

   4.2.  Compiling your program

   To compile your program with the library, include the file cgihtml.a
   when linking your object files.  For example, if your main object file
   is program.cgi.o, the following should work successfully:

        cc -o program.cgi program.cgi.o cgihtml.a

   5.  Routines

   5.1.  cgi-lib.h

   5.1.1.  Library Variables

   cgi-lib.h defines constants for the standard CGI environment
   variables.  For instance, the value of the environment variable
   QUERY_STRING is stored in the constant QUERY_STRING in cgi-lib.h.
   Here is a list of the constants:



















   5.1.2.  Library functions

   short accept_image();

   accept_image() determines whether the browser will accept pictures.
   It does so by checking the HTTP_ACCEPT environment variable for an
   image MIME type.  It returns a 1 if the browser will accept graphics,
   a 0 otherwise.

   void unescape_url();

   unescape_url() converts escaped URI values into their character form.
   read_cgi_input() calls this function.  You will rarely if ever need to
   access this function directly but it is made available in case you do.

   int read_cgi_input(llist *entries);

   This routine parses the raw CGI data passed from the browser to the
   server and adds each associated name and value to the linked list
   entries.  It will parse information transmitted using both the GET and
   POST method.  If it receives no information, it will return a 0,
   otherwise it returns the number of entries returned.  If it receives a
   badly encoded string, it will return -1.

   If you run your CGI program that calls read_cgi_input() from the
   command line, this function will start an interactive mode so you can
   directly input the CGI input string.  Note that this string must be
   properly encoded.

   read_cgi_input() also handles HTTP file upload correctly.  The file
   will be uploaded to the directory defined by UPLOADDIR in cgi-lib.h
   (/tmp by default).

   char* cgi_val(llist l, char *name);

   cgi_val() searches the linked list for the value of the entry named
   name and returns the value if it finds it.  If it cannot find an entry
   with name name, it returns NULL.

   char** cgi_val_multi(llist l, char *name);

   Same as cgi_val() except will return multiple values with the same
   name to an array of strings.  Will return NULL if it cannot find an
   entry with name name

   char* cgi_name(llist l, char *value);

   Same as cgi_val() except searches for value with specified name.

   char** cgi_name_multi(llist l, char *value);

   Analogous to cgi_multi_val().

   int parse_cookies(llist *entries);

   Parses the environment variable HTTP_COOKIE for cookies.  Returns the
   number of cookies parsed, zero if there are none.

   void print_cgi_env();

   Pretty prints the environment variables defined in cgi-lib.h.  Prints
   "(null)" if the variables are empty.

   void print_entries(llist l);

   This is a generic routine which will iterate through the linked list
   and print each name and associated value in HTML form.  It uses the
   <dl> list format to display the list.

   char* escape_input(char *str);

   escape_input() "escapes" shell metacharacters in the string.  It
   precedes all non-alphanumeric characters with a backslash.  C routines
   including system() and popen() open up a Bourne shell process before
   running.  If you do not escape shell metacharacters in the input
   (prefix metacharacters with a backslash), then malicious users may be
   able to take advantage of your system.

   short is_form_empty(llist l);

   is_form_empty() checks to see whether no names or values were
   submitted.  Note that this is different from submitting a blank form.

   short is_field_exists(llist l,char *str);

   Checks to see whether a field actually exists.  Equivalent to checking
   whether cgi_val() returns "" or NULL.  If it returns "", the field
   exists but is empty; if it returns NULL, the field does not exist.

   short is_field_empty(llist l,char *str);

   Returns 1 (true) if either the field does not exist or the field does
   exist but is empty.

   5.2.  html-lib.h

   5.2.1.  Library functions

   void html_header();

   html_header() prints a MIME compliant header which should precede the
   output of any HTML document from a CGI script.  It simply prints to

        Content-Type: text/html

   and a blank line.

   void mime_header(char *mime);

   Allows you to print any MIME header.  For example, if you are about to
   send a GIF image to the standard output from your C CGI program,
   precede your program with:

   /* now you can send your GIF file to stdout */

   mime_header() simply prints Content-Type: followed by your specified
   MIME header and a blank line.

   void nph_header(char *status);

   Sends a standard HTTP header for direct communication with the client
   using no parse header.  status is the status code followed by the
   status message.  For instance, to send a "No Content" header, you
   could use:

   nph_header("204 No Content");

   which would send:

        HTTP/1.0 204 No Content
        Server: CGI using cgihtml
        Content-Type: text/html

   nph_header() does not send a blank line after printing the headers, so
   you must follow it with either another header or a blank line.  Also,
   scripts using this function must have "nph-" preceding their

   void show_html_page(char *loc);

   Sends a "Location: " header.  loc is the location of the HTML file you
   wish sent to the browser.  For example, if you want to send the root
   index file from the CGI program:


   void status(char *status);

   Sends an HTTP Status header.  status is a status code followed by a
   status message.  For instance, to send a status code of 302 (temporary
   redirection) followed by a location header:

   status("302 Temporarily Moved");

   status() does not print a blank line following the header, so you must
   follow it with either a0);.er function which does output a blank line
   or an explicit printf("
   void pragma(char *msg);

   Sends an HTTP Pragma header.  Most commonly used to tell the browser
   not to cache the document, ie.:


   As with status(), pragma() does not print a blank line folowing the

   void set_cookie(char *name, char *value, char *expires, char *path,
   char *domain, short secure);

   Sets a cookie using the values given in the parameters.

   void html_begin(char *title);

   html_begin() sends somewhat standard HTML tags which should generally
   be at the top of every HTML file.  It will send:

        <html> <head>

   void html_end();

   html_end() is the complement to html_begin(), sending the following

        </body> </html>

   Note that neither html_begin() nor html_end() are necessary for your
   CGI scripts to output HTML, but they are good style, and I encourage
   use of these routines.

   void h1(char *header);

   Surrounds header with appropriate headline tags.  Defined for h1() to

   void hidden(char *name, char *value);

   Prints a hidden form field with name name and value value.

   5.3.  cgi-llist.h

   For most scripts, with the exception of list_end(), you will most
   likely never have to use any of the link list routines available,
   since cgi-lib.h handles most common linked list manipulation almost
   transparently.  However, you may sometimes want to manipulate the
   information directly or perform special functions on each entry, in
   which case these routines may be useful.

   5.3.1.  Library variables

   typedef struct {
     char *name;
     char *value;
   } entrytype;

   typedef struct _node {
     entrytype entry;
     struct _node* next;
   } node;

   typedef struct {
     node* head;
   } llist;

   5.3.2.  Library functions

   void list_create(llist *l);

   list_create() creates and initializes the list, and it should be
   called at the beginning of every CGI script using this library.

   node* list_next(node* w);

   list_next() returns the next node on the list.

   short on_list(llist *l, node* w);

   on_list() returns a 1 if the node w is on the linked list l;
   otherwise, it returns a 0.

   short on_list_debug(llist *l, node* w);

   The previous routine makes the assumption that my linked list routines
   are bug-free, a possibly bad assumption.  If you are using linked list
   routines and on_list() isn't returning the correct value, try using
   on_list_debug() which makes no assumptions, is almost definitely
   reliable, but is a little slower than the other routine.

   void list_traverse(llist *l, void (*visit)(entrytype item));

   list_traverse() lets you pass a pointer to a function which will
   manipulate each entry on the list.

   To use, you must create a function that will take as its argument a
   variable of type entrytype.  For example, if you wanted to write your
   own print_entries() function, you could do the following:

   void print_element(entrytype item);
     printf("%s = %s0,,item.value);

   void print_entries(llist entries);
     list_traverse(&stuff, print_element);

   node* list_insafter(llist* l, node* w, entrytype item);

   list_insafter() adds the entry item after the node w and returns the
   pointer to the newly created node.  I didn't bother writing a function
   to insert before a node since my CGI functions don't need one.

   void list_clear(llist* l);

   This routine frees up the memory used by the linked list after you are
   finished with it.  It is imperative that you call this function at the
   end of every program which calls read_cgi_input().

   5.4.  string-lib.h

   5.4.1.  Library functions

   char* newstr(char *str);

   newstr() allocates memory and returns a copy of str.  Use this
   function to correctly allocate memory and copy strings.

   char* substr(char *str, int offset, int len);

   Analogous to the Perl substr function.  Finds the substring of str at
   an offset of offset and of length len.  A negative offset will start
   the substring from the end of the string.

   char* replace_ltgt(char *str);

   Replaces all instances of < and > in str with &lt; and &gt;.

   char* lower_case(char *buffer);

   Converts a string from upper to lower case.

   6.  Example programs

   6.1.  test.cgi

   test.cgi is a simple test program.  It will display the CGI
   environment, and if there is any input, it will parse and display
   those values as well.

   6.2.  query-results

   This is a generic forms parser which is useful for testing purposes.
   It will parse both GET and POST forms successfully.  Simply call it as
   the form "action", and it will return all of the names and associated
   values entered by the user.

   query-results also works from the command line.  For instance, if you
   run query-results from the command line, you will see:

   Content-type: text/html

   <html> <head>
   <title>Query Results</title>


   --- cgihtml Interactive Mode ---
   Enter CGI input string.  Remember to encode appropriate characters.
   Press ENTER when done:

   Suppose you enter the input string:


   Then query-results will return:

         Input string: name=eugene&age=21
        String length: 18
        --- end cgihtml Interactive Mode ---

        <h1>Query results</h1>
          <dt> <b>name</b>
          <dd> eugene
          <dt> <b>age</b>
          <dd> 21
        </body> </html>

   This feature is extremely useful if you are debugging code.  query-
   results will also handle file upload properly and transparently.  It
   will save the file to the directory defined by UPLOADDIR (/tmp by

   6.3.  mail.cgi

   This is a generic comments program which will parse the form, check to
   see if the intended recipient is a valid recipient, and send the e-
   mail if so.

   You will want to edit two things in the source file: WEBADMIN and
   AUTH.  WEBADMIN is the complete e-mail address to which the comments
   should be sent by default.  AUTH is the exact location of the
   authorization file.

   The authorization file is simple a text file with a list of valid e-
   mail recipients.  Users will only be able to use this program to send
   e-mail to those listed in the authorization file.  Your file might
   look like this:

   In the above case, you would only be able to send e-mail to and  Make sure you
   include the value of WEBADMIN in your authorization file.

   The following are valid variables in your form:

   o  to

   o  name

   o  email

   o  subject

   o  content

   If there is no to variable defined in the form, the mail will be sent
   to WEBADMIN by default.  mail.cgi will reject empty forms.

   mail.cgi adds a "X-Sender:" header on each message so recipients know
   that the message was sent by this program and not by a regular mail

   6.4.  index-sample.cgi

   Imagemaps have become increasingly popular to use on home pages.
   Unfortunately, imagemaps are not lynx friendly; if you forget to
   include some sort of text index as well, lynx users will not be able
   to access any of your subpages.

   You can circumvent this problem by using a CGI program as your home
   page rather than an HTML page (or by using server-side includes).
   This CGI program will determine whether your browser is a graphics or
   text-browser.  If it is a text-browser, it will send a text HTML file,
   otherwise it will send a graphics HTML file.

   You will need to create two HTML files: a graphical and a text one.
   Place the names of these files in the macros: TEXT_PAGE and

   6.5.  ignore.cgi

   Sends a status code of 204, signifying no content.  If you use
   imagemaps, you can set "default" to /cgi-bin/ignore.cgi.  Whenever
   someone clicks on a part of the picture which is undefined, the server
   will just ignore the request.

   7.  Miscellaneous

   7.1.  Release notes

   I periodically enhance this library, and I welcome any comments or
   suggestions.  Please e-mail them to

   This library is e-mail ware.  Please send me e-mail if you use this
   library; I'd really like to hear your comments.  Although I do not
   require it, I would appreciate attribution if you use my code.

   7.2.  Future releases

   This library is nearing its final release.  I hope to include FastCGI
   support, and API support (for Apache, Netscape, and Microsoft
   servers).  I may also attempt to port it to the Macintosh, and I want
   to improve generally portability.  I will most likely rewrite the API
   in the next major release.  Finally, I'd like to improve the
   robustness and fix all the bugs.

   If you have any suggestions, I'd like to hear them.  Feel free to e-
   mail me at

   7.3.  Credits

   Thanks to the countless people who have sent me suggestions and
   comments.  You may contact me via e-mail at  My web
   page is located at  <>.