QUERY_STRINGenvironment variable) for a non-encoded = character to determine if the command line is to be used, if it finds one, the command line is not to be used. This trusts the clients to encode the = sign in ISINDEX queries, a practice which was considered safe at the time of the design of this specification.
For example, use the finger script and the ISINDEX interface to look up "httpd". You will see that the script will call itself with
/cgi-bin/finger?httpd and will actually execute "finger httpd" on the command line and output the results to you.
If the server does find a "=" in the
QUERY_STRING, then the command line will not be used, and no decoding will be performed. The query then remains intact for processing by an appropriate FORM submission decoder.
Again, as an example, use this hyperlink to submit
"httpd=name" to the finger script. Since this
QUERY_STRING contained an unencoded "=", nothing was decoded, the script didn't know it was being submitted a valid query, and just gave you the default finger form.
If the server finds that it cannot send the string due to internal
limitations (such as exec() or /bin/sh command line restrictions) the
server should include NO command line information and provide the
non-decoded query information in the environment
CGI - Common Gateway Interfacecgi@ncsa.uiuc.edu