Perl - reading from forms

bewgrosseteteΛογισμικό & κατασκευή λογ/κού

13 Δεκ 2013 (πριν από 3 χρόνια και 6 μήνες)

97 εμφανίσεις


Perl
-

reading fr
om

forms


Objectives:

This exercise w
ill introduce interactive CGI.

Specifically you will learn how to:

1. Create HTML forms which submit information to CGI

2. Extract fo
rm data using Perl

3. Display form
data from a CGI in the browser


Instructi
ons:


1. Create an HTML form on your account

similar

to the following, using the GET

method:

Student Su
r
v
ey

Full Name:

Favou
rite Sport:

Favourite Seneca Course

Current GPA:

Make sure that

each appropriate form element is named: person, sport, cour
se,

gpa, send and
reset.

Ensure that the fo
rm action points to a script called aboutme.cgi in your script
-
aliased directory.
You will create this script next.

2. Create the aboutme.cgi script based on the code below:


#!/usr/bin/perl
-
w


# print a standard

200
-
level HTTP header

print "Content
-
Type:
text/html
\
n
\
n" ;


# the following code
-

in blue
-

will

# get the data from the form, and store it in a hash named %form



# get data from environment variable

$qstring = $ENV{'QUERY_S
TRING'};

# break

data up on ampersands, and store in array

@pairs = split(/&/, $qstring);


# start a loop to process form data

foreach (@pairs) {

# split field name and value on '=', store in two scalar variables

($key, $value) = split(/=/);

# translate '+' signs back to
spaces

$value =~ tr/+/ /;

# translate special characters

$
value =~ s/%([a
-
fA
-
F0
-
9][a
-
fA
-
F0
-
9])/pack("C", hex($1))/eg;

# store data in hash

$form{$key} = $value;

}


# now the data is stored in the hash %form


#send output to browser as HTML


print “<html><
head><title>Student Survey</title></head>
\
n"; .

print "<body>
\
n";


# display form data

&displayInfo();


print "</body></html>
\
n";


# This subroutine will display in
formation received from a form

sub displayInfo {

print "Full Name
:
",



$form{"person"}, "
<br
>";

print “Favourite Sport:“,


$form{“sport“}, “<br>";

print "Favourite Seneca Course:",

$form{“course"}, “<br>";

print "GPA:",




$form{"gpa"}, “<br>";

}

3. Set appropriate permissions for the script and test it

with your

form. If you did

everything
cor
rectly you should see your

fo
rm entries displayed back from the

script.

4. Submit

various information to your script, including embedded HTML tags, spaces

and special
UNIX shell characters. You will learn shortly that

this is a potential

security problem a
nd learn
ways to deal with them.

5. As usual, make sure that all output produced by your script is valid XHTML.

Exercise:

In a real
-
world case hardcoded HTML forms are a rarity. Usually forms are produced by

scripts.
The task of

converting static forms to
CGI is very simple


all you have to do is to

print the form
from your script. While adding a separate print statement in front of each

HTML line and
quoting each line may be the instinctive direction to take, Perl provides us

with a nice shortcut
-

alterna
te quoting. Alternate quoting allows us to define our own quotes

and preserves
formatting.


Have a look at the following example:

Suppose you would like to print the following HTML from your script:


<form action="/cgi
-
bin/aboutme.cgi" method="get">


<i
nput type="submit" name="send" value="send">

</form>


With standard quoting you would achieve this through following Perl code:

print "<form act ion=
\
"/cgi
-
bin/aboutme.cgi
\
" method=
\
"get
\
">
\
n“;

print "
\
t<input type=
\
"submit
\
" name=
\
“send
\
" value=
\
"se nd
\
">
\
n";

print "</form>
\
n";


Note, that since a double quote (") is a string delimiter, whenever you wish to print an

actual
quote it must be quoted with a backslash (
\
).

As it is inconvenient with simple forms, it is a big
problem for complex forms because it

is a source for hard
-
to
-
trace syntax errors.


Alternate quoting allows us to define our own quotes. This way the double quote can be

just a
simple character. Here is an improved version of the code above:


print qq~

<form action="/cgi
-
bin/aboutme.cgi" met
hod="get">

<input type="submit" name="send" value="send“>

</form>



~;


Hopefully you can see the advantage of the latter approach. Please note that in this case

we
have defined the ~ character as our alternate quote, but you are free to define one

which i
s
convenient at any time.


We will now change the aboutme.cgi script to be used for both producing the form as

well as
processing it.

1. Using alternate quoting place your form code (including its formatting) in the

aboutme.cgi script as a subroutine.

2. M
ake sure that the form uses the POST method.

3. Add an if statement to your script which will check the HTTP method. If the method

is GET


the script will display the form, but if the form is POST, your script will

process the form.

4. Test your improved
script thoroughly. Make sure that you understand it completely.

You will use this approach for the entire semester to build many other scripts,

print the

form from your script. While adding a separate print statement in front of each

HTML

line

and quoting each line may be the instinctive direction to take, Perl provides us

with

a nice shortcut
-

alternate quoting. Alternate quoting allows us to define our own quotes


and preserves formatting.


Have a look at the following example:

Suppose you

would like to print the following HTML from your script:


<form action="/cgi
-
bin/aboutme.cgi" method="get">


<input type="submit" name="send" value="send">

</form>


With standard quoting you would achieve this through following Perl code:

print "<form ac
t ion=
\
"/cgi
-
bin/aboutme.cgi
\
" method=
\
"get
\
">
\
n“;

print "
\
t<input type=
\
"submit
\
" name=
\
“send
\
" value=
\
"se nd
\
">
\
n";

print "</form>
\
n";


Note, that since a double quote (") is a string delimiter, whenever you wish to print an

actual
quote it must be quote
d with a backslash (
\
).

As it is inconvenient with simple forms, it is a big
problem for complex forms because it

is a source for hard
-
to
-
trace syntax errors.


Alternate quoting allows us to define our own quotes. This way the double quote can be

just a
si
mple character. Here is an improved version of the code above:


print qq~

<form action="/cgi
-
bin/aboutme.cgi" method="get">

<input type="submit" name="send" value="send“>

</form>



~;


Hopefully you can see the advantage of the latter approach. Please note

that in this case

we
have defined the ~ character as our alternate quote, but you are free to define one

which is
convenient at any time.


We will now change the aboutme.cgi script to be used for both producing the form as

well as
processing it.

1. Using
alternate quoting place your form code (including its formatting) in the


aboutme.cgi script as a subroutine.

2. Make sure that the form uses the POST method.

3. Add an if statement to your script which will check the HTTP method. If the method

is GET


th
e script will display the form, but if the form is POST, your script will

process

the form.

4. Test your improved script thoroughly. Make sure that you understand it completely.

You will use this approach for the entire semester to build many other script
s,


print the form from your script. While adding a separate print statement in front of each

HTML
line and quoting each line may be the instinctive direction to take, Perl provides us

with a nice
shortcut
-

alternate quoting. Alternate quoting allows us to

define our own quotes

and preserves formatting.


Have a look at the following example:

Suppose you would like to print the following HTML from your script:


<form action="/cgi
-
bin/aboutme.cgi" method="get">


<input type="submit" name="send" value="send
">

</form>


With standard quoting you would achieve this through following Perl code:

print "<form act ion=
\
"/cgi
-
bin/aboutme.cgi
\
" method=
\
"get
\
">
\
n“;

print "
\
t<input type=
\
"submit
\
" name=
\
“send
\
" value=
\
"se nd
\
">
\
n";

print "</form>
\
n";


Note, that since
a double quote (") is a string delimiter, whenever you wish to print an

actual quote it must be quoted with a backslash (
\
).

As it is inconvenient with simple forms, it is a big problem for complex forms because it

is a source for hard
-
to
-
trace syntax erro
rs.


Alternate quoting allows us to define our own quotes. This way the double quote can be

just a simple character. Here is an improved version of the code above:


print qq~

<form action="/cgi
-
bin/aboutme.cgi" method="get">

<input type="submit" name="send
" value="send“>

</form>



~;


Hopefully you can see the advantage of the latter approach. Please note that in this case

we have defined the ~ character as our alternate quote, but you are free to define one

which is convenient at any time.


We will now cha
nge the aboutme.cgi script to be used for both producing the form as

well as processing it.

1. Using alternate quoting place your form code (including its formatting) in the

aboutme.cgi script as a subroutine.

2. Make sure that the form uses the POST
method.

3. Add an if statement to your script which will check the HTTP method. If the method

is GET


the script will display the form, but if the form is POST, your script will

process the form.

4. Test your improved script thoroughly. Make sure that you

understand it completely.

You will use this approach for the entire semester to build many other scripts, including
your


project


it is very important to learn it properly.