Python CGI 编程

category: 编程语言

Python CGI编程全面指南

CGI(Common Gateway Interface)是一种让Web服务器与外部程序交互的标准协议。虽然现代Web开发更多使用框架，但了解CGI仍有其价值。

1. CGI基础概念

什么是CGI？

• 服务器与外部程序之间的接口标准
• 允许Web服务器动态生成内容
• 每个请求启动一个独立进程（性能较低）

基本工作流程

1. 客户端发送HTTP请求到Web服务器
2. 服务器识别CGI请求
3. 服务器启动CGI程序
4. CGI程序处理请求并返回结果
5. 服务器将结果返回客户端

2. 环境配置

Apache配置CGI

1. 确保Apache安装并运行
2. 编辑httpd.conf或apache2.conf:

   LoadModule cgi_module modules/mod_cgi.so
   ScriptAlias /cgi-bin/ "/path/to/your/cgi-bin/"
   <Directory "/path/to/your/cgi-bin">
       AllowOverride None
       Options +ExecCGI
       Require all granted
   </Directory>
   AddHandler cgi-script .cgi .py
   

3. 重启Apache服务

Python CGI脚本基本结构

#!/usr/bin/env python3
# 必须指定Python解释器路径

print("Content-Type: text/html")  # HTTP头部
print()                          # 空行分隔头部和内容
print("<h1>Hello CGI World!</h1>")  # HTML内容

3. CGI编程核心

获取环境变量

import os

# 获取请求方法
request_method = os.environ.get("REQUEST_METHOD", "GET")

# 获取用户代理
user_agent = os.environ.get("HTTP_USER_AGENT", "Unknown")

# 获取服务器信息
server_software = os.environ.get("SERVER_SOFTWARE")

处理表单数据

GET请求处理

import os
from urllib.parse import parse_qs

print("Content-Type: text/html")
print()

query_string = os.environ.get("QUERY_STRING", "")
params = parse_qs(query_string)

name = params.get("name", [""])[0]
print(f"<p>Hello, {name}!</p>")

POST请求处理

import os
import sys
from urllib.parse import parse_qs

print("Content-Type: text/html")
print()

content_length = int(os.environ.get("CONTENT_LENGTH", 0))
post_data = sys.stdin.read(content_length)
params = parse_qs(post_data)

username = params.get("username", [""])[0]
password = params.get("password", [""])[0]
print(f"<p>Username: {username}</p>")
print(f"<p>Password: {hidden}</p>")

使用cgi模块

import cgi

form = cgi.FieldStorage()  # 自动处理GET和POST

name = form.getvalue("name", "Guest")
email = form.getvalue("email", "")

print("Content-Type: text/html")
print()
print(f"<h1>Hello, {name}!</h1>")
if email:
    print(f"<p>Your email is: {email}</p>")

4. 安全注意事项

输入验证

import cgi
import html

form = cgi.FieldStorage()
user_input = form.getvalue("input", "")

# 转义HTML特殊字符
safe_input = html.escape(user_input)

文件上传处理

import cgi
import os

form = cgi.FieldStorage()

# 获取上传文件
file_item = form["file"]

# 检查是否是上传文件
if file_item.filename:
    # 防止目录遍历攻击
    fn = os.path.basename(file_item.filename)
    save_path = os.path.join("uploads", fn)
    
    # 写入文件
    with open(save_path, "wb") as f:
        f.write(file_item.file.read())
    message = "文件上传成功"
else:
    message = "没有文件上传"

print("Content-Type: text/html")
print()
print(f"<p>{message}</p>")

5. Cookie处理

设置Cookie

print("Content-Type: text/html")
print("Set-Cookie: username=JohnDoe; expires=Friday, 31-Dec-2023 23:59:59 GMT; path=/")
print()
print("<h1>Cookie已设置</h1>")

读取Cookie

import os

print("Content-Type: text/html")
print()

cookie_str = os.environ.get("HTTP_COOKIE", "")
cookies = {}
if cookie_str:
    for cookie in cookie_str.split(";"):
        key, value = cookie.strip().split("=", 1)
        cookies[key] = value

username = cookies.get("username", "Guest")
print(f"<h1>Welcome back, {username}!</h1>")

6. 会话管理

简单会话实现

import os
import random
import time
from urllib.parse import parse_qs

# 生成会话ID
def generate_session_id():
    return str(random.randint(100000, 999999)) + str(int(time.time()))

# 模拟会话存储
sessions = {}

print("Content-Type: text/html")

# 检查现有会话
cookie_str = os.environ.get("HTTP_COOKIE", "")
session_id = None
if cookie_str:
    for cookie in cookie_str.split(";"):
        key, value = cookie.strip().split("=", 1)
        if key == "sessionid":
            session_id = value

if not session_id or session_id not in sessions:
    session_id = generate_session_id()
    sessions[session_id] = {"created": time.time()}
    print(f"Set-Cookie: sessionid={session_id}; path=/")

print()
print(f"<h1>Your session ID: {session_id}</h1>")

7. 数据库集成

SQLite示例

import sqlite3
import cgi

form = cgi.FieldStorage()
name = form.getvalue("name", "")

# 连接数据库
conn = sqlite3.connect("mydatabase.db")
cursor = conn.cursor()

# 创建表(如果不存在)
cursor.execute("CREATE TABLE IF NOT EXISTS users (name TEXT)")

# 插入数据
if name:
    cursor.execute("INSERT INTO users VALUES (?)", (name,))
    conn.commit()

# 查询数据
cursor.execute("SELECT * FROM users")
users = cursor.fetchall()

conn.close()

# 输出结果
print("Content-Type: text/html")
print()
print("<h1>User List</h1>")
print("<ul>")
for user in users:
    print(f"<li>{user[0]}</li>")
print("</ul>")

8. 错误处理

错误页面

import sys
import cgi

try:
    form = cgi.FieldStorage()
    # 可能出错的代码
    result = 10 / int(form.getvalue("number", "1"))
    
    print("Content-Type: text/html")
    print()
    print(f"<p>Result: {result}</p>")

except Exception as e:
    print("Content-Type: text/html")
    print("Status: 500 Internal Server Error")
    print()
    print("<h1>Error</h1>")
    print(f"<p>{str(e)}</p>")
    print("<p>Please try again.</p>")

调试技巧

import cgitb
cgitb.enable()  # 在开发时启用详细错误报告

9. 性能优化

使用CGI包装器

#!/usr/bin/env python3
import sys
from io import StringIO

def application(environ, start_response):
    # 捕获输出
    output = StringIO()
    sys.stdout = output
    
    # 执行实际CGI代码
    main(environ)
    
    # 恢复stdout
    sys.stdout = sys.__stdout__
    
    # 返回响应
    start_response("200 OK", [("Content-Type", "text/html")])
    return [output.getvalue().encode("utf-8")]

def main(environ):
    # 实际CGI逻辑
    print("<h1>Hello from wrapper</h1>")
    print(f"<p>Method: {environ.get('REQUEST_METHOD')}</p>")

if __name__ == "__main__":
    from wsgiref.handlers import CGIHandler
    CGIHandler().run(application)

10. 现代替代方案

虽然CGI仍然可用，但现代Python Web开发更推荐：

1. WSGI (Web Server Gateway Interface)

   • Flask, Django, Bottle等框架使用
   • 更高效，不需要为每个请求启动新进程

2. ASGI (Asynchronous Server Gateway Interface)

   • FastAPI, Starlette等异步框架使用
   • 支持WebSocket等现代功能

简单WSGI示例

def application(environ, start_response):
    start_response('200 OK', [('Content-Type', 'text/html')])
    return [b'<h1>Hello WSGI!</h1>']

if __name__ == '__main__':
    from wsgiref.simple_server import make_server
    httpd = make_server('', 8000, application)
    print("Serving on port 8000...")
    httpd.serve_forever()

11. 实际应用示例

访客计数器

#!/usr/bin/env python3
import os
import pickle

# 计数器文件路径
COUNTER_FILE = "counter.dat"

print("Content-Type: text/html")
print()

# 读取或初始化计数器
try:
    with open(COUNTER_FILE, "rb") as f:
        count = pickle.load(f)
except (FileNotFoundError, EOFError):
    count = 0

# 增加计数
count += 1

# 保存计数器
with open(COUNTER_FILE, "wb") as f:
    pickle.dump(count, f)

# 显示结果
print(f"""
<html>
<head><title>访客计数器</title></head>
<body>
    <h1>欢迎!</h1>
    <p>您是第 {count} 位访客</p>
</body>
</html>
""")

简单留言板

#!/usr/bin/env python3
import cgi
import html
import sqlite3
from datetime import datetime

form = cgi.FieldStorage()
name = html.escape(form.getvalue("name", ""))
message = html.escape(form.getvalue("message", ""))

# 数据库操作
conn = sqlite3.connect("guestbook.db")
cursor = conn.cursor()
cursor.execute("""
    CREATE TABLE IF NOT EXISTS messages (
        id INTEGER PRIMARY KEY AUTOINCREMENT,
        name TEXT,
        message TEXT,
        timestamp DATETIME
    )
""")

if name and message:
    cursor.execute(
        "INSERT INTO messages (name, message, timestamp) VALUES (?, ?, ?)",
        (name, message, datetime.now())
    )
    conn.commit()

cursor.execute("SELECT name, message, timestamp FROM messages ORDER BY timestamp DESC")
messages = cursor.fetchall()
conn.close()

# 输出HTML
print("Content-Type: text/html")
print()
print("""
<html>
<head><title>留言板</title></head>
<body>
    <h1>留言板</h1>
    <form method="post">
        姓名: <input type="text" name="name"><br>
        留言: <textarea name="message"></textarea><br>
        <input type="submit" value="提交">
    </form>
    <hr>
    <h2>所有留言</h2>
""")

for msg in messages:
    print(f"""
    <div style="border: 1px solid #ccc; margin: 10px; padding: 10px;">
        <strong>{msg[0]}</strong> - <em>{msg[2]}</em>
        <p>{msg[1]}</p>
    </div>
    """)

print("""
</body>
</html>
""")

12. 总结

Python CGI编程要点：

虽然CGI技术较老，但理解其原理有助于掌握Web开发基础。对于新项目，建议使用现代Python Web框架如Flask或Django。