How to create an email form with Perl

bewgrosseteteSoftware and s/w Development

Dec 13, 2013 (3 years and 10 months ago)

90 views

How to create an email form with Perl

Applies to:

Dynamic Hosting, Premium Hosting, Unlimited Hosting, Multisite hosting

Form handling in Perl can be a very involved process. Below is a step
-
by
-
step for creating a simple
feedback form. A visitor to your
website fills this out and the information is emailed to you.

Create the web form

First we need to create a simple HTML form, to start with we'll keep the form simple by just asking for
the users email address and comments. Here is our HTML form:

1.

<html>

2.

<
head>

3.

<title>
Simple Feedback Form
</title>

4.

<style>
label
{
display
:
block
;}
</style>

5.

</head>

6.

<body>

7.


8.

<form

action
=
"/cgi
-
bin/feedback_form.cgi"

method
=
"post"
>

9.


10.

<label>
Email Address
</label>

11.

<input

type
=
"text"

name
=
"email_address"

size
=
"40"
>

12.


13.

<label>
Your Feedback
<
/label>

14.

<textarea

name
=
"feedback"

cols
=
"50"

rows
=
"10"
></textarea>

15.


16.

<input

type
=
"submit"

name
=
"send"

value
=
"Submit"
>

17.


18.

</form>

19.


20.

</body>

21.

</html>

This form will send two parameters to our cgi script,
email_address

and
feedback
. Save this file as
feedback_form.html

and upload it to the
web

folder on your hosting.

Create the form script

For our script we're going to use the CGI.pm Perl module to help make writing our cgi script easier. At
the top of the script we start with the location of the perl
interpretor, then we tell Perl we want to use
the CGI.pm module and create a new cgi object:

1.

#!/usr/bin/perl

2.


3.

use

CGI
;

4.


5.

my

$cgi
=

new

CGI
;

The CGI.pm module is object
-
orientated, this means all of the CGI.pm functions and data are
accessed through an instance of CGI.pm, in our script this instance is called
$cgi
.

Lets use our CGI object to retrieve the information from the form the user fille
d in. To access the form
parameters we can use the CGI objects
param

function:

1.

my

$email_address
=

$cgi
-
>
param
(
'email_address'
);

2.

my

$feedback
=

$cgi
-
>
param
(
'feedback'
);

We store the form data in two local Perl variables,
$email_address

and
$feedback
.

Filtering user submitted data

Whenever you write a cgi

script that receives data from an unknown source you should always filter
the data to make sure it doesn't contain anything harmful. For example, if we don't filter the data in our
form it would be quite easy for a Hacker to use our cgi script to send out

spam to thousands of
people. The golden rule is never trust any data you haven't created or don't control.

To filter our user data we're going to create two filter functions:

1.

sub

filter_email_header

2.

{

3.

my

$form_field
=

shift
;

4.

$form_field
=

filter_form_data
(
$form_field
);

5.

$form_field
=~

s
/[
\
0
\
n
\
r
\
|
\
!
\
/
\
<
\
>
\
^
\
$
\
%
\
*
\
&]+
/ /
g
;

6.


7.

return

$form_field
;

8.

}

9.


10.

sub

filter_form_data

11.

{

12.

my

$form_field
=

shift
;

13.

$form_field
=~

s
/
From
:
//gi;

14.

$form_field
=~

s
/
To
:
//gi;

15.

$form_field
=~

s
/
BCC
:
//gi;

16.

$form_field
=~

s
/
CC
:
//gi;

17.

$form_field

=~

s
/
Subject
:
//gi;

18.

$form_field
=~

s
/
Content
-
Type
:
//gi;

19.


20.

return

$form_field
;

21.

}

The first filter function removes special characters which could be used to trick our script into sending
spam and is applied to the
$email_address

data.The

second filter function removes common email
headers from the data the user submitted and can be applied to both
$email_address

and
$feedback
.
We'll place the two functions at the bottom of our script.

Now we'll call the two filter functions to clean up ou
r user submitted data:

1.

$email_address
=

filter_email_header
(
$email_address
);

2.

$feedback
=

filter_form_data
(
$feedback
);

Emailing the feedback

Once we have the filtered data we need to email it back to you. Our web hosting servers run a local
mail server (
sendmail) that your cgi script can use to send email. To send the email our cgi script
opens a communication channel to the sendmail program using the pipe (|) symbol, then it prints all
the information necessary to send an email across that channel:

1.

open
(

MAIL
,

"| /usr/lib/sendmail
-
t"

);

2.

print

MAIL
"From: $email_address
\
n"
;

3.

print

MAIL
"To: you
\
@domain.com
\
n"
;

4.

print

MAIL
"Subject: Feedback Form Submission
\
n
\
n"
;

5.

print

MAIL
"$feedback
\
n"
;

6.

print

MAIL
"
\
n.
\
n"
;

7.

close
(

MAIL
);

Make sure you set your email address on line 3, you'll need to escape the @ symbol by putting a
backslash (
\
) before it because Perl uses the @ symbol to denote a special type of variable. The two
newline characters (
\
n
\
n) at the end of line 4 are used to
mark the end of the email headers ready for
the content. The
\
n.
\
n on line 6 prints a dot (.) on its own line to tell sendmail that we've finished
printing the message.

Thank the user for their feedback

Finally, when a user submits your form lets show a
page thanking them for their feedback:

1.

print

$cgi
-
>
header
(
-
type
=>

'text/html'
);

2.


3.

print

<<
HTML_PAGE
;

4.

<html>

5.

<head>

6.

<title>
Thank

You
<
/title>

7.

</
head
>

8.

<body>

9.

<h1>
Thank

You
<
/h1>

10.

<p>Thank you for your feedback.</
p
>

11.

<
/body>

12.

</
html
>

13.

HTML_PAGE

The first thing we
do is print back the HTTP header, using the CGI header function, to let the web
browser know what type of content to expect. Then we print out the HTML page.

The final script

This example script shows a very basic way to get form contents emailed to you,

it doesn't however
have the refinements of a professional script, e.g. input validation. Below is the finished script. We've
added some comments (lines beginning with #) to help make it clearer.

1.

#!/usr/bin/perl

2.


3.

use

CGI
;

4.


5.

# Create a CGI.pm object

6.

my

$cgi

=

new

CGI
;

7.


8.

# Get the form data

9.

my

$email_address
=

$cgi
-
>
param
(
'email_address'
);

10.

my

$feedback
=

$cgi
-
>
param
(
'feedback'
);

11.


12.

# Filter the form data

13.

$email_address
=

filter_email_header
(
$email_address
);

14.

$feedback
=

filter_form_data
(
$feedback
);

15.


16.

# Email the
form data

17.

open
(

MAIL
,

"| /usr/lib/sendmail
-
t"

);

18.

print

MAIL
"From: $email_address
\
n"
;

19.

print

MAIL
"To: you
\
@domain.com
\
n"
;

20.

print

MAIL
"Subject: Feedback Form Submission
\
n
\
n"
;

21.

print

MAIL
"$feedback
\
n"
;

22.

print

MAIL
"
\
n.
\
n"
;

23.

close
(

MAIL
);

24.


25.

# Print the HTTP
header

26.

print

$cgi
-
>
header
(
-
type
=>

'text/html'
);

27.


28.

# Print the HTML thank you page

29.

print

<<
HTML_PAGE
;

30.

<html>

31.

<head>

32.

<title>
Thank

You
<
/title>

33.

</
head
>

34.

<body>

35.

<h1>
Thank

You
<
/h1>

36.

<p>Thank you for your feedback.</
p
>

37.

<
/body>

38.

</
html
>

39.

HTML_PAGE

40.


41.

# Functions to
filter the form data

42.


43.

sub

filter_email_header

44.

{

45.

my

$form_field
=

shift
;

46.

$form_field
=

filter_form_data
(
$form_field
);

47.

$form_field
=~

s
/[
\
0
\
n
\
r
\
|
\
!
\
/
\
<
\
>
\
^
\
$
\
%
\
*
\
&]+
/ /
g
;

48.


49.

return

$form_field
;

50.

}

51.


52.

sub

filter_form_data

53.

{

54.

my

$form_field
=

shift
;

55.

$form_field
=~

s
/
From
:
//gi;

56.

$form_field
=~

s
/
To
:
//gi;

57.

$form_field
=~

s
/
BCC
:
//gi;

58.

$form_field
=~

s
/
CC
:
//gi;

59.

$form_field
=~

s
/
Subject
:
//gi;

60.

$form_field
=~

s
/
Content
-
Type
:
//gi;

61.


62.

return

$form_field
;

63.

}

Save this script as
feedback_form.cgi

and upload it to the cgi
-
bin on your web hosting. Make sure you
set the file permissions for the script to
755
. Follow our
How to change file permissions via FTP

guide
for instructions on h
ow to do this.

Now you're ready to test your feedback form. Load your feedback form in your browser,
http://www.domain.com/feedback_form.html, fill the form in and submit it. If everything works you
should receive an email containing what you just entered in the form. If not, try checking out our
Troubleshooting common Perl issues

guide.