The Common Gateway Interface (CGI) is an in­ter­sec­tion between web servers through which the stand­ard­ised data exchange between external ap­plic­a­tions and servers is possible. It belongs to the oldest existing online interface tech­no­lo­gies and is still used regularly today. When using CGI, HTML pages do not need to be stored on a server, but can be dy­nam­ic­ally created as and when a user makes a website query.

Mode of operation and ap­plic­a­tion

When a user makes an entry on a website, the data is not directly trans­ferred to a server, but needs to be processed first. This pro­cessing occurs via an external software (e.g. a CGI script), and not directly via a web server. The program transmits the data via a stand­ard­ised CGI in­ter­sec­tion which produces the in­form­a­tion in HTML. CGI programs are usually retained in a special folder on a web server.

The CGI script can be composed in different pro­gram­ming languages. The Common Gateway Interface ensures that – ir­re­spect­ive of which language is being used – the web server and script com­mu­nic­ate with one another.

Image: Presentation of how a Common Gateway Interface works
The Common Gateway Interface can produce its own HTML documents.

Examples of ap­plic­a­tion of a Common Gateway Interface

  • Shopping basket: When a customer adds a product to their online shopping basket, the in­form­a­tion is auto­mat­ic­ally processed by a CGI script and sent to the server.
  • Comments: When a user fills in a com­ment­ary section and hits “Send,” the text is first trans­mit­ted to a CGI script which then transfers it to the server.
  • Forms: Entries in online forms used for ap­plic­a­tions or messages are first processed by the Common Gateway Interface before they are trans­mit­ted to the server.
  • Website stat­ist­ics: If a website displays visitor hit rates, it will typically be using a CGI.
  • Server Side Includes: Thanks to Common Gateway In­ter­faces, text content can be loaded to a website dy­nam­ic­ally.
  • Software tests: De­velopers are able to use CGI scripts to test functions of external online ap­plic­a­tions for websites via their browser.

Whether a script is being processed or not is apparent by checking the URL. Even users with little or no pro­gram­ming knowledge are able to recognise a script that is being processed. Using a dedicated string of char­ac­ters, the server receives all the relevant in­form­a­tion from the script. We generally dis­tin­guish between three different methods of data transfer:

  • QUERY_STRING: used for most user queries
  • PATH_INFO: used to transmit con­tex­tu­al in­form­a­tion to a website
  • Stdin: used to processed ad­di­tion­al user entries

Ad­vant­ages and dis­ad­vant­ages of the Common Gateway Interface

Despite its age, the Common Gateway Interface is among the most commonly used in­ter­faces in web de­vel­op­ment. Even though the tech­no­logy offers plenty of ad­vant­ages, it does have some drawbacks.

Ad­vant­ages

CGI is a simple and effective method to generate dynamic website content. At the same time, CGI ap­plic­a­tions do not have to be saved on a server, so that no resources are un­ne­ces­sar­ily being used. In addition, the Common Gateway Interface is com­pat­ible with multiple pro­gram­ming languages which are easily in­teg­rated into the existing in­fra­struc­ture. Last but not least, the open-source standard is free of charge and can be used by de­velopers instantly.

Dis­ad­vant­ages

Among the greatest weak­nesses of Common Gateway In­ter­faces is that the time to reply to CGI ap­plic­a­tions can be re­l­at­ively lengthy. The program needs to be restarted with each new entry. This can be a problem for websites ex­per­i­en­cing high traffic where servers often only support a handful of CGI ap­plic­a­tions at a time and ad­di­tion­al queries are added to a queue or are rejected.

The Common Gateway Interface, much like any interface, can present a security risk if no ad­di­tion­al safety measures are in place. The­or­et­ic­ally, external programs gain access to web server data via CGI. Therefore, re­stric­tions should be in place for CGI scripts to not cause any damage.

Al­tern­at­ives to Common Gateway In­ter­faces

Over the last few years, various interface tech­no­lo­gies have been developed that expand on CGI. At the same time, they are trying to address one of its main short­com­ings: reloading the script with each new user query.

ASP (Active Server Pages): ASP was developed by Microsoft for its own server, but is now available for different types of servers. The ASP in­ter­pret­er is in­teg­rated in the web server, so that a new process does not need to be started for its use. ASP commands can be directly written into the HTML pages. Much like CGI, ASP can be used across multiple pro­gram­ming languages.

PHP: Besides Perl, PHP is among the most widely-used script languages in web de­vel­op­ment. Much of what a CGI script can do, PHP can do too. The PHP in­ter­pret­er, however, is directly in­teg­rated with the web server.

Cold­Fu­sion: Cold­Fu­sion was ori­gin­ally developed for Windows, but is now available for various Unix platforms as well. The Cold­Fu­sion In­ter­pret­er is in­teg­rated into the web server, much like the other CGI al­tern­at­ives. Using existing tags or in­di­vidu­al control elements, HTML pages can be modified. In addition, Cold­Fu­sion provides de­velopers with a series of standard functions.

FastCGI: When using FastCGI, dynamic queries from a web server can be directly processed via a Perl interface without the processor having to be restarted. FastCGI is CGI com­pat­ible and is supported by a range of web servers.

Go to Main Menu