"QUERY_STRING beast" Was "CGI ???"

William F. Hammond (hammond@csc.albany.edu)
Fri, 17 Nov 1995 17:07:01 -0500 (EST)


"Russell Holt" <holtrf@destinyusa.com> steps on some of my worship
objects in writing:

> . . . The concept of stdin/stdout is showing its age,
> and doesn't translate well at all to integrated GUI environments.
(Have you ever looked at AmigaOS?)

If stdin and stdout are pass\'e, then so also must be piping.
Sigh! ...

> In fact, let's be brutally honest. CGI itself is one big ugly hack
> piggybacking on HTTP, especially the QUERY_STRING beast. Spaces to
> plus? Escaped chars? Hello? Those are implementation-specific hacks
> if I've ever seen any. We shouldn't be burdened with the complications
> of Un*x. It has its own idiosyncratic and drastically different
> behavior.

I do not see what "Un*x" has to do with it. The concepts of primary
program input and primary program output go back in programming
history to a time before "Un*x" was a gleam in anyone's eye.

Some of the "ugliness" in the CGI standard arises from security
concerns. Escaped characters exist in part to prevent processes on
various systems from choking on characters that are special to those
processes, and, therefore, to make CGI robust across many platforms.

The QUERY_STRING may be empty and certainly does not need to be
a "beast" if client data is dispatched with method POST -- the
*recommended* way.

-- Bill