It's Eleven P.M.. You've been working on a research paper for six hours straight and you can't stand it for one more minute. You fire up the browser and go to your Bookmark file. (You know it's in there someplace, now where the hell did you put it? ) OK,ok... calm down. There it is. You load the bookmark and watch ........looking up DNS entry.....Host contacted. Waiting for reply...................come on, come on. Slowly it arrives in all it's exquisitely lit, hi-res glory. It's beautiful...the golden crust, the glistening sausage, the steaming cheese, the sun-dried tomatoes. You can almost taste the Pepperoni. Your mouth waters as you make your selections...pepperoni, mushrooms, green peppers, red peppers, black olives....Extra Large ..............Nirvana ...................... Oh, yeah, and a six pack of Guinness. You type in your credit card numbers and push the button. Thirty minutes later, the doorbell rings. You've finally got your break...

While most people wouldn't think that there was anything particularly miraculous about ordering a pizza, the fact that you can use your desktop computer to do it is testament to how quickly new technologies can become an indispensable part of everyday life. Early browsers were text only, and were limited to simple, passive transactions...you clicked on a link, the server sent you a block of text. Although HTML provided the users of the Web with a way to transmit text across a multitude of system platforms, it soon became clear that there was a powerful need for a way to perform tasks that were beyond the capabilities of HTTP servers. The development of the Common Gateway Interface provided Web browsers and their servers with a way to talk to the rest of the computer world. Suddenly, using of a standard set of protocols, it became possible to pass information from your Web browser through an HTTP server to a program that didn't speak the language of the Web. You could, for instance, use your Web browser to pass a query from the Web server through the gateway to a search engine. On the way, your query would be converted from HTML to a format which the search engine could understand. Once the search engine had calculated the answer, it would pass the answer back through the gateway to your server. The server would convert the answer back into an HTML format, then send it on to your browser. The answer would appear on your screen. You were no longer limited to receiving what someone else had written. For the first time, the Web was capable of dynamically tailoring an answer in response to your question, and a new era was born. The entire world became one huge personal computer.

     Just as Plug-Ins and Helpers allow your browser to handle a myriad of file types once the data reaches your machine, it is the versatility of the Common Gateway Interface which allows you and your browser to overcome the limitations of HyperText and harness the power of a distant server to command a search engine, respond to a mapped image, or order a pizza over the Net.

A Whole New World
Unlike HTML, which is a friendly, easy to learn language based on a simple, intuitive instruction set, the languages carried across the Common Gateway Interface are the languages of servers, robots, crawlers. Like touring the tunnels under Disney World, crossing over the Gateway to the machine side of the Interface transports you to the engine room of the Internet, where English is seldom heard. Instead, programmers speak directly to their computers in C++, Unix, Perl, Java, and the other languages of the digital universe. It is a complex, arcane world, for the machines cannot understand; they can only obey. Syntax must be perfect. Arguments must be flawless. Imperfections are rewarded only with silence, or worse, chaos. It is not a place for the uninitiated.

     In this section we're going to discuss a few of the more popular scripting languages and some of the things that you can do with them. As you will see, the power of the Common Gateway Interface, combined with an impressive palette of available computer languages, provides you with almost limitless possibilities. If you can think of it, you can do it. But, in the immortal words of Michael Crighton, should you? Let's talk.

Berlitz for Computers
While the instructions for searching a database or sending E-mail can be written in a number of languages, computer languages in general fall into a few broad categories, each with its own set of pros and cons. In the world of CGI Scripts, these are the most popular players......

Compiled Languages
Before your computer can carry out the instructions that you've written into your program, they must first be translated from source code, which vaguely resembles English, into machine code, a language that the computer's Central Processing Unit can understand and work with directly. The CPU of a typical computer contains millions of microscopic hi-speed switches arranged in an intricate network, each of which can be in only one of two "states," roughly corresponding logically to the words Yes and No, or to the On and Off positions of a household light switch. Because each switch can only be in one of two possible positions, the computer's binary language, as the name implies, requires an alphabet which contains only two letters, mathematically represented by the numbers 1 and 0. All of the numbers, letters, pictures and sounds which are contained in your computer must ultimately be broken down into 1s and 0s before they can be processed by the CPU. The instructions for processing your data must also be translated into binary code before the computer can execute them. The process which transforms source code into machine code is known as compiling, and the special program which performs the task is called a compiler.

     Because compiled languages are already reduced to binary form and don't require any further transformation before they can be run, they tend to be compact and blazingly fast. This is important, especially if the CGI script is complex and lives on the server rather than on the viewer's machine, because a busy server may be asked to run the script dozens or even hundreds of times in just a few minutes. If the server has to stop and perform an extra step on the script each time it is requested, the result is a dramatic increase in the amount of time it takes for the computer to respond.

     Compiled programs also offer an increased measure of security to the system, because once a program is compiled, it is difficult for hackers to modify or even see its source code.

     One of the pitfalls of compiled language programs is that they must be specifically compiled for the exact combination of hardware platform and operating system that the program is running on. This means that a program that works on an Intel-based machine running UNIX will not work on an Intel-based machine running Windows NT, even though both programs may start with the exact same source code.

     That said, lets talk specifics......the most popular flavors of compiled languages used for scripting are....(the envelope please)...........

C - Developed and released in 1971 by Bell Labs and based on, you guessed it, B, C was invented in order to give researchers the tools necessary to develop the UNIX operating system. It is an extraordinarily powerful language, but it is difficult to learn and doesn't handle long strings very well. This is important because much of what is passed through the Gateway is in the form of long strings.

C++ - C++ is based on C ( the ++ part of the name comes from an operator which tells the computer to increment a variable by 1 after it is referenced) and contains classes of re-usable objects. By combining custom pieces of source code with objects and classes, the programmer builds the program in chunks, Lego-style. This style of programming is known as Object Oriented Programming, and while it is very powerful and relatively fast, it requires that you learn a new way of thinking, especially if you've grown accustomed to programming in procedural languages such as Pascal. The ability to create re-usable classes is a high art, and requires a deep understanding of the language. It is better than C, but still not great, at handling long strings.

Visual Basic - VB was invented by Microsoft and is based on their open object model called Object Linking and Embedding. It too is very powerful, easily handles long strings and complex text manipulation, allows access to local and remote databases, and is supported by a huge object library. VB also comes in an additional flavor, called Visual Basic for Applications, which contains an integrated database engine and a set of controls for developing links to other database programs. On the downside, VB and VBA only work on Web servers which are running Microsoft operating systems, and VBA in particular can generate a huge amount of overhead for the CPU, slowing an underpowered server down to a crawl. Finally, VB's power and ease of use, the very things that make it so tantalizing, also make it extraordinarily dangerous. The recent attack of The Love Bug, a malevalent virus transmitted via VB, was written by a disgruntled college student and spread like wildfire through millions of Windows-based computers. It brought down tens of thousands of businesses worldwide in a few hours. Damages were in the billions. This, as the saying goes, is not a toy.

Because of intractable security problems (VB was not originally intended to operate in a hostile computing environment) and Microsoft's desire to encourage users to upgrade thier computing environments to the .NET architecture, support for the classic version of VB has recently been discontinued. A .NET version of VB has been developed to replace it.

Let's move on to the next class of popular scripting languages.........

Interpreted Scripting Languages
Interpreted languages don't usually require that you create a compiled binary file from your source code before the program will run. They do, however, require processing by an additional, intervening piece of system specific software called an interpreter, which transforms your instructions into machine code on the fly. Although interpreted language scripts can usually be written as plain ASCII text files, they must be processed by the interpreter each time they are called, which means that they usually run more slowly than compiled languages.On the plus side, most interpreted scripting languages are versatile, fairly easy to learn and use, and widely available. Many of the interpreters have also been ported to a large number of operating systems, meaning that the source code is also portable, and can easily be transferred between machines.

Here are the most popular players.............

Unix Shell Scripts - Since UNIX is still by far the most popular system software used on the Web, no discussion of Scripting Languages is complete without a mention of Unix shell scripts. Every UNIX system contains some version of the shell, which allows you to pass a short set of common commands directly to the operating system using ASCII text files. Like batch files, shell scripts are basically a simple list of instructions given to the machine in the order in which you want them to be processed. Shells come in a couple of popular varieties, such as the Bourne shell, named after its creator, S.R.Bourne. There is also the Bourne Again shell (BASH), and the C Shell (CSH), which contains a language structure that looks something like the C programming language mentioned above. Shell scripts are a fast and easy way to create CGI scripts on a UNIX machine, but they only work on UNIX, and they create a high security risk because they allow command line access to the operating system.

Perl - Perl, which stands for Practical Extraction and Report Language, was specifically designed for handling data and generating reports. Perl is versatile and easy to understand because of its relatively simple syntax. Although it was originally written for UNIX, it has since been ported to almost every version of Windows, Macintosh, OS2/WARP, Linux, and VMS. For CGI scripting, it is much more capable and secure than UNIX shells, and much easier to learn than C. It handles complex data structures effortlessly, and is supported by an enormous library of easily modified, ready-to-use programs. It's even available for free. Perl is the Swiss Army Kife of utility languages.

Python - Python is a relatively new language that is rapidly gaining popularity with web developers. Like PERL, it is portable and runs on dozens of operating systems.

PHP - Another general purpose scripting language that is specially suited for the development of dynamic web sites and can be embedded into HTML. PHP is now being utilized in over 18 million domains, up from almost nothing in 2000.

Applescript - Applescript was developed for use with Systems 7, 8,9 and 10 for the Macintosh. Applescript's natural language syntax makes building and maintaining even complex CGI scripts a snap. Because Mac Systems are highly scriptable, Applescript offers the programmer access to a high level of automation and interconnectivity to other Mac programs. Applescripts are typically compact and fast, and a pretty good supply of powerful and free applications are already written and available on the Web. If you're running a Web server on a Mac, it's definitely worth a look.

Tool Command Language - Tool Command Language (Pronounced "tickle") is a fairly easy-to-learn language that is built from a library of C routines. TCL is kind of a hybrid because the source code is compiled before it is passed to the interpreter. This gives you a security edge over some of the other languages because it keeps the internal workings of the script from prying eyes. TCL scripts tend to be compact, more portable, and almost as fast as native applications written in C. It is slowly gaining popularity, and is available for Mac, MS-DOS, and most UNIX operating systems.

This brings us to the third classification of Scripting Languages..........

Compiled Interpreted Scripting Languages
One of the main features that distinguish Compiled Interpreted Scripting Languages from the others is the fact that they run primarily on the client side. This means that the actual instructions required to execute the script are usually downloaded and interpreted by your browser and carried out by your computer rather than by the server that you are connected to. As a site developer, this approach gives you a big advantage over those doing business in the usual way because it allows your server to pass the instructions to your client and move on to the next request, rather than allowing your client's computer to lounge around while your server does all the work. Client-side implementations also allow data to be pre-processed before it is passed back to the server. If, for instance, I created a form which would allow you to order a free copy of my new catalog, I could write a script that would check to make sure that you had completed the form before you sent it in. If you had forgotten to include, say, your zip code, the script would ask you to fill in the empty field before it would allow you to submit the form. This kind of pre-processing can cut way down on the number of error handling routines that the server has to deal with on the other end, making each transaction faster and more efficient.

Here are the most popular of the new languages............

Java - Java was developed by Sun Microsystems and is a brilliant offshoot of a user-interface programming language called Oak, which, oddly enough, was a complete commercial flop and is now dead. Like C++, Java is an object-oriented language, and makes use of a rich palette of class libraries, modules, objects, and routines. Unlike C or C++, however, Java is platform independent. The Java interpreter creates an entity known as a Virtual Machine inside of your browser (which has already been written and compiled for your computer and operating system). This means that the same self-contained Java application code, called an Applet, will run on virtually any Java-enabled browser. Java can actually run on either side of the interface. In general, Java is powerful, fairly secure, and respectful of your privacy. Java Applets and Scripts have limited access privileges and are not allowed to write to any file or interfere with any data on your machine. (There are full blown Java applications with more privileges, but they are generally not used as CGI scripts.)

JavaScript is a small and easy to learn text-based scripting language loosely based on Java. JavaScripts fill in the gaps between HTML extensions and real CGI applications. They are not truly CGI applications because JavaScript commands are embedded in the HTML files and run entirely within the browser, so they never actually cross the Common Gateway Interface. JavaScripts are great for lightweight tasks like checking forms and manipulating displays, animating GIFs, etc.

JS - When JavaScript was first introduced by Sun, many of the big software developers quickly lined up to license the new technology. In the midst of the surrounding stampede, Microsoft held back, choosing instead to take a wait and see attitude. Despite Microsoft's foot dragging, JavaScript took off. Fearful that the emergence of truly multi-platform applications would shatter their stranglehold on the home computer software developers, and realizing that Netscape was pulling away from them in the browser wars, Microsoft reluctantly licensed the Java virtual machine for Internet Explorer. In a rush to turn the tide, they immediately began to try and water down the impact of JavaScript by developing their own "enhanced" version of JavaScript, called JS. JS is indeed a more robust and versatile scripting language than JavaScript, at least at this point, and it comes with it's own very slick and easy-to-use set of development tools. Sadly, but not surprisingly, JS "scriptlets" only work with other Microsoft products.

ActiveX - ActiveX is an enormously powerful and versatile programming language developed by Microsoft and based on their popular Component Object Model. In addition to it's ability to use ActiveX scripts to automate complex functions between applications, it is also capable of opening and manipulating files which live on your drive (which Java cannot do). ActiveX functions as a stand-alone language or as an enhancement to Java, allowing Java to use files which are written in other languages. ActiveX was designed to be compact to facilitate quick downloads, and employs a system of secure "signed" controls which can be used to access the full capabilities of the language without requiring any special input from the user. Without the encrypted digital signature of a "trusted" developer, the control will not work unless the client grants access privileges to the control by responding to a question in a dialog box. ActiveX brings a new and heretofore unheard-of level of interactivity to the Web.

Sound Fabulous? Here's a little scenario for all you X-Files fans......

...You're chasing a thread on your favorite news group and you notice a headline that says........USE YOUR COMPUTER TO MAKE UP TO $25,000 A MONTH WORKING AT HOME!!!.......VISIT OUR SITE AT HTTP://WWW.WETOLDYASO.COM FOR FREE INFORMATION.........You fire up your copy of Internet Explorer and load the URL. When you connect to the site you get a dialog box telling you that you are about to load an unsigned ActiveX control. Seeing that it's only the twelve hundredth dialog box you've seen that day, you absently click on OK, and after a short pause you get a connection. You read the first few paragraphs and sure enough, it sounds like a great deal! While you're busy reading the details and trying to figure out how to fill out the form so you can get started, a distant server is reading your mail, looking through the history and cache files of your browser to see where you've been, downloading your Quicken files with all of your bank account and credit card numbers on them. If it's really in a bad mood, it may wipe your directories or one of your drives to cover its tracks, then crash your machine for good measure. A month later, maybe you'll receive $16,0000 worth of credit card bills. You never figure about what actually happened................

Ridiculous? Paranoid Fantasy? Don't count on it. Rifling through your drive or even crashing your machine are child's play to ActiveX. In the hands of a skilled programmer working within a tightly controlled, secure corporate environment, ActiveX can be a powerful administrative tool, easily accomplishing tasks which would be almost impossible using other technologies, perhaps even saving a big company millions through the efficient use of IT resources. Loose on the Internet, however, especially in light of the typical user's casual attitude toward dialog boxes, ActiveX raises a number of serious security and privacy issues. Wake up, conspiracy fans, your nightmare has arrived.

     Don't get me wrong. I have nothing against ActiveX in principle. I am, for instance, a big fan of Stinger missiles. I know that they are a powerful and versatile tool for the U.S. Military, and I sleep better knowing that they are available to our armed forces. I would, however, become very upset if I were to wake up one morning to discover that they were being sold at Wal-Mart. That being said, let me say this...........we do not recommend or support the use of ActiveX on Web sites that we are developing. If, at some point, Microsoft decides to seriously grapple with some of the ethical issues that they've created with this language, we may change our minds. We'll keep you posted.

     Now that we've talked about some of the common languages used for CGI Scripts, let's say a few words about the real issue.......

Alright, Already, So What Can They Do?
Although we've said quite a bit about the languages that are typically used for CGI Scripting, you may still be wondering how site developers typically use them . Here is a very short list of some of the things that CGI scripts allow you to do ...........

Fill out and manage data from forms

Send and receive E-mail

Take and process orders

Manage Web site subscriptions

Manipulate search engines

Manage guest books

Handle image maps

Generate images in real time

Manipulate complex databases

Manage data from robots and web crawlers

Implement internet chat systems

Transmit audio files

Use Web-based video cameras

Control Virtual Reality Modeling

Generate and control animation

generate interactive HTML documents in real time

Manage video files

 In reality, the list is almost endless. In general, CGI scripts provide a powerful way for your client's browser to access special features of your Web site. A carefully designed and executed script can add a huge measure of excitement, fun, and interactivity to your site, but all of this additional flexibility and power does not come without a price. Scripts can be hard on your budget. They must be conceived, written, tested and de-bugged. They must include a comprehensive set of routines for handling errors. And they must provide a means for safeguarding the security of your site and the privacy of your clients. The need to accommodate all of these considerations at once makes scripting one of the more daunting but gratifying aspects of developing a site.

     In the next section, we're going to ask you to consider a very important question. Are your secrets safe?...