Intermediate Published on 12 June Categories: Tweet The most reliable way to make sure your users haven't filled in your forms wrongly is to use server-side form validation.
For source code and links from this chapter, click here. Maybe you have a guestbook program and want to keep a log of the names and email addresses of visitors, or a page counter that must update a counter file, or a program that scans a flat-file database and draws info from it to generate a page.
On Unix systems, the web process runs under its own userid, typically the "web" or "nobody" user. In order to write to a data file, you must usually make the file or the directory where the file will be created world-writable — or at least writable by the web process userid.
In Unix a file can be made world-writable using the chmod command: Unfortunately, if the file is world-writable, it can be written to or even deleted by other users on the system. You should be very cautious about creating world-writable files in your web space, and you should never create a world-writable directory there.
An attacker could use this to install their own CGI programs there. A much better solution is to configure the server to run your programs with your userid.
Obviously if your CGI program is running with your userid, it will be able to create, read and write files in your directory without needing the files to be world-writable. The Apache web server also allows the webmaster to define what user and group the server runs under.
If you have your own domain, ask your webmaster to set up your domain to run under your own userid and group permissions. Permissions are less of a problem if you only want to read a file. If you set the file permissions so that it is group- and world-readable, your CGI programs can then safely read from that file.
Use caution, though; if your program can read the file, so can the webserver, and if the file is in your webspace, someone can type the direct URL and view the contents of the file. Be sure not to put sensitive data in a publicly readable file. Opening Files Reading and writing files is done by opening a file and associating it with a filehandle.
This is done with the statement: Here are some examples: You can use just about any name for the filehandle. This is generally not the case with the Apache web server, but some other servers behave differently. The safe way to open a file is as follows: Printing it may help you figure out why the open failed.
If the file already exists, touch simply updates the last-modified timestamp of the file. If your CGI program runs without any errors, you should see data added to the guestbook. The resulting file will show the submitted form data in pipe-separated form: Perl has powerful pattern matching and replacement capabilities; it can match the most complex patterns in a string using regular expressions see Chapter The basic syntax for substitution is: Here is how to replace the end-of-line characters in your guestbook program: To prevent this, you need to lock the files you are writing to.
There are two types of file locks: A shared lock allows more than one program or other process to access the file at the same time.
A program should use a shared lock when reading from a file. An exclusive lock allows only one program or process to access the file while the lock is held.
A program should use an exclusive lock when writing to a file.
File locking is accomplished in Perl using the Fcntl module which is part of the standard libraryand the flock function. The use statement is like CGI. The values are as follows:Steps to creating a successful Perl CGI script.
1. Get some info from your webhost. Things to know about every Perl CGI script you write. The shebang line. Robert's Perl tutorial; The Perl you need to know; Fan Mail.
Your website was very helpful.
I was seeing so many SERVER ERRORs that I was ready to use my wood maul as a debugging tool. If your problem is related to parsing the CGI input and you aren't using a widely tested module like caninariojana.com, CGI::Request, CGI::Simple or CGI::Lite, use the module and get on with life.
caninariojana.com has a caninariojana.com compatibility mode which can help you solve input . This is particularly useful in a mod_perl environment, in which you might want to precompile all CGI routines in a startup script, and then import the functions individually in each mod_perl script.
-nosticky. The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers such as HTTP servers. This caninariojana.com script is a simple Perl script which is writing its output on STDOUT file, i.e., screen. Web server provides this message to the CGI script in the form of the standard input.
I also tried to open the file in read mode and display the contents of file The CGI script didn't fail saying it cannot open the file but at the same time it did not display the output of file contents which means it didn't open the file Reviews: I am trying to create a webpage on my site that takes input from a form (firstname,lastname) and process this input via a PERL CGI script and write that input to a file.
I would also like the page after script runs to display a message stating it successfully completed with links to get back to the homepage.