© Tony Lawrence, aplawrence.com
Web forms have two possible methods of passing information back to the script that will process the form. Every form will have something like this:
<form action="/cgi-bin/formpost.pl" method=POST> <form action="/cgi-bin/formpost.pl" method=GET>
Those mean that the cgi script "formpost.pl" will be called to process the form data. How the data is passed to the cgi script depends upon whether the method is GET or POST.
Using the GET method means that the cgi form script will receive headers that actually contain the data from the form. They'll look something like this:
GET /cgi-bin/formpost.pl?var1=hello+there&button=Send HTTP/1.0
In that case, the "var1" was actually "hello there" and has been encoded so that it can be transmitted without misinterpretation (spaces can also be encoded as %20).
The POST method is a little different. In that case, the headers might look like:
POST /cgi-bin/formpost.pl HTTP/1.0 Content-type: application/x-www-form-urlencoded Content-length: 26 var1=hello+there&button=Send
The Content-length tells the form script how much data it needs to read, but most folks don't bother to think about these details and instead use things like Perl's CGI.pm or Uncgi, which will just get the form data for you without your caring whether it's GET or POST.
Note there is one other important difference between GET and POST: GET requests can be cached, and POSTS cannot. Therefore, you shouldn't use GET for your forms if the result changes often.
What about when you want to SEND data to a form on somebody else's machine and get the results?
The simplicity of GET means that you can easily construct html that will call the form with specific variables.
<a href="http://aplawrence.com/cgi-bin/formpost.pl?var1=hello+there&button=Send">Click here</a>
You do have to encode the strings, but that's not hard and (for example) there are Perl modules that can do that, and also in other languages.
If you want to code the whole thing, of course you could just open up a connection to port 80 on the server, and manually issue your GET using the same string you'd use in the html. You could do the same thing for a POST, sending headers like the example above. Again, most folks would enlist the aid of pre-written modules to do that. For example, in Perl:
#!/usr/bin/perl # GET method form use LWP::Simple; use URI::Url $var1="hello there"; $button="Send"; $url=url('http://somesite/formpost.pl"); $url->query_form(var1=>$var1,button=>$button); $content=get($url); print $content;
#!/usr/bin/perl # POST method form use HTTP::Request::Common qw(POST); use LWP::UserAgent; $var1="hello there"; $button="Send"; $ua=LWP::UserAgent->new(); my $req= POST 'http://somesite/formpost.pl', [var1=> $var1,button=>$button]; $content=$ua->request($req)->as_string; print $content;
Notice that in neither case did I do anything to escape the strings. They wouldn't need any here (no spaces, etc.) but more importantly, the modules take care of that for you so if you did escape the strings, your escapes would be escaped again, which probably would get incorrect results from the form.