Why is Perl commonly used for writing CGI scripts?

Question

I plan to add a better search feature to my site, so I thought that I would write it in C and use the CGI as a means to access it. But it seems that Perl is the most popular language when it comes to CGI-based stuff. Why is that? Wouldn't it be faster programmed in C or machine code?

What advantages, if any, are there to writing it in a scripting language?

Thanks.

Answer 1

Back in the day when CGI was becoming popular, Perl was the easiest language to use. People could pick up "baby Perl" very quickly, and since the program was a text file, they could easily upload it and pass it around. Since Perl started life as a system administration language, lots of servers already had it installed. When it came time to make a CGI script on some hosting service, Perl was most likely already there. Not only that, a Perl script is pretty much the same on any platform, so what you wrote locally most likely worked exactly the same on a different machine.

It was faster to program for "accidental programmers" in the big scheme of things because they had less to learn before they could make a useful program; they could start with nothing and have a Perl program running in an hour, even if they were just cargo-culting it. They didn't have to worry about all the things that come with writing and compiling a C program, then transferring it to another host (which might be a different platform).

Perl got a quick foothold, and you still see the effects of that today. If Perl had to start from scratch today, I don't think it would necessarily win out over anything else. PHP has certainly taken over the low-end, quick-startup crowd (and for most of them, it's probably the right tool at first).

It didn't hurt that Perl had a lot of text processing features, either. Some people talk about CPAN, but that barely existed when Perl started to get noticed for CGI programming.

However, Perl's not as special for CGI programming as it used to be. It still does all of the great things it always has, but now various other languages have caught up in both functionality, availability, and community awareness.

I started programming CGI stuff in 1994, and I still see how amazingly and mind-boggling hard most frameworks make it. I really wish we had Seaside back then because you never even know about all the stupid things other frameworks make you do. How much better the world would have been if we'd all learned Smalltalk instead. :)

Answer 2

Security, for one thing. If you write in C, you have to be very careful to make sure all your string handling is correct so you don't introduce buffer overflows, etc. In any decent scripting language, someone else has already done that for you. You may be able to have other security holes, but unless there's a bug in the runtime or an extension module, you won't have a buffer overflow. This benefit is not limited to scripting languages; compiled languages such as Java and C# provide it as well, and it is obtainable (albeit frequently more difficultly) in C++ with std::string and C with a good string library.

Securitywise, Perl has another useful feature not seen in many other systems: "taint" mode. This keeps you from blindly passing user input to other systems as part of a database query, command line, etc. This is an excellent benefit when writing CGI scripts, as your script will die cleanly before it passes uninspected user input off to the shell for execution. Taint mode is not perfect, as the untainting process depends on the programmer doing things correctly, but it at least helps catch code paths you missed.

Also, at this point, Perl has been used for a long time for CGI scripting, so there is a large body of libraries, frameworks, etc. already in existence to make writing new scripts easier. Plus CPAN has code to do just about anything.