Form Processing

Introduction

Forms are processed when an input button is pressed within the form.

The processing of the form is specified by the ACTION parameter in the <FORM> tag.


  <FORM [METHOD=method] ACTION=action>

    inputs

  </FORM>

ACTION parameter

This is the URL that processes the data from your form.

Delayed processing
If you just want the details mailed to an automated mail munger in which case your URL would be of the form mailto:{mail address}.
Immediate processing
This processing can occur on any server , not necessary the server that the document containing the form is.
The Action parameter is a URL to a CGI script.This is an executable program or script placed where-ever you've defined as your cgi-bin directory for the server that will do the processing.
(see the ScriptAlias entry in your srm.conf file in the httpd configuration).
A METHOD can be specified when the action url is a server based script. POST is the preferred method to use but the obsolete GET method is also available.

CGI Scripts

CGI scripts have two purposes

generate the form
Forms do not have to be embedded within a document, they can be generated on-the-fly by scripts. This is true for all documents, not just forms.
Using scripts to generate and process the form is convenient as there is more chance that both the generating and processing end of the script will be modified at the same time, reducing the risk of them getting out of step.
- On servers containing a fair amount of documents it can be sometimes difficult to remember exactly where documents containing forms are.
If your form is going generate and process the form, it needs to know when to do each activity.
- generate when the script has no arguments.
- process when the script has arguments.
process forms
Perl seems to be the language of choice for script writing. The easiest way to learn it is to look at other perl scripts and have a handy PERL reference.
To make life easier I've included with this guide a small library of PERL routines that do the pre-processing needed before your script processes the form.
Security
there are security implications if you allow people to run scripts. One major headache is sub shells. The perl library here strips out any nasty sub-shell escapes.
Also processes that are fired off from your server will get a reduced environment, only necessary environment variables which are used to convey data to the script will be passed down.

GET

This method has been withdrawn. See documentation on obsolete features for information on the GET method.

The GET method is the default on older versions of Mosaic. This generates massive url names as the contents of the forms are retained in the url names.

POST

When the submit button is pressed, the FORM details are sent to the URL as an environment variable rather than as part of the URL. This is the preferred method of invoking a script.

The data is encoded in key pairs of the form:



name=value&name=value&name=value

the first element (name part) of the key is the name of the input key.
the second element (value part) of the key is the data contained by that input field.

Special characters such as "=" and "&" in the "name" or "value" parts will be escaped i.e.prefixed with a \ character.

The "="'s and "&"'s that separate the name and value pairs are not escaped.

Inputs that were not checked, or contained no text are not included in the key pairs.