With the growing use of the Internet in general, and more specifically, the World Wide Web ("the Web"), the use of electronic forms that may be filled out by users via remote client systems is also increasing. Electronic forms may be provided for many different purposes including gathering survey information, ordering products, creating guest books, and developing mailing lists.
Many such forms are developed using Hypertext Markup Language (HTML) as it is versatile and easily learned. HTML forms available on the Web are typically viewed through a user interface referred to as a browser. Examples of well-known browsers are Navigator.TM. from Netscape Communications Corporation and Internet Explorer.TM. from Microsoft Corporation.
In order for a server to receive and process data entered into fields of an HTML form by a remote client, a Common Gateway Interface (CGI) program specific to the form is typically developed. CGI is an open standard that defines how Web servers use external programs. The CGI programs (or scripts, depending on the language in which they are written) provide the output of an on-screen form to a data processing program to be processed. CGI programs may also provide for the output of the data processing program to be displayed to the client computer system from which the form was submitted.
The complexity of CGI programs can vary widely depending on the language used to develop the program and the validation and processing requirements of the form. PERL is a popular language in which to write CGI scripts because it is easily learned and powerful. PERL, however, is an interpreted language and is therefore inefficient. High level languages such as C/C++ may be used to develop CGI programs, but may require more development time and expertise.
One issue with current CGI program development is that the software developer must focus software development resources on data validation. CGI programs that process prior HTML forms must typically include code to validate the data entered into each of the fields of the form. Further, in many cases, a different CGI program must be custom-written for each HTML form that is to be processed. Such coding may be time and resource intensive, especially in the case of forms that provide for many different types of data and/or in the case of forms for which the validation requirements are complex.
Another disadvantage associated with current CGI programs, regardless of the language in which they are written, is that, in many cases, HTML designers are forced to provide a server directory path as well as specific data validation and processing information within the HTML form itself. The directory path is provided to indicate a location on the server at which a CGI program associated with the HTML form is located. The data validation and processing information indicates how the data entered into the form should be handled.
The directory path and data validation information is provided in HTML forms as "hidden fields." The hidden fields are hidden when the form is viewed through the browser in a typical manner. Most Web browsers, however, allow a user to view the source of the HTML file using a "View Source" or other similar command. In prior approaches, when viewing the HTML source, server directory information and data validation and processing control information can typically be viewed by the user. Such information may expose aspects of the server that would ordinarily not be known to others, and may therefore, create an unnecessary security risk. Additionally, where data validation and processing information is included in the HTML form, HTML form design can become cumbersome and time-consuming.
Another disadvantage associated with current CGI programs is that they often do not provide helpful error messages back to the computer system user if data entered into a field is incorrect or otherwise invalid. For example, if a field in a form is left blank where the field is required to be filled in, some CGI programs may only inform the user that there is an error in the form without identifying the source of the error. The user may then have to determine on her own what is wrong with the form, or try multiple times to correct the form before identifying the problem.
The limitations with respect to currently available CGI programs and other methods for validating and processing form input data have in certain instances, led to potentially increased server security risks, compromised forms processing efficiency, and caused user frustration.