Visit Jeremy's Blog.
Go Back > Forums > Non-*NIX Forums > Programming
User Name
Programming This forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.


  Search this Thread
Old 01-06-2007, 05:11 PM   #1
Registered: Apr 2004
Posts: 682

Rep: Reputation: Disabled
[Perl] - save input in .html file

I created a cgi file (test.cgi) which takes user input and shows at the bottom of test.cgi. I want the result to be saved on test.cgi or to some other .html or .cgi file until and unless it is changed by another user; so if someone goes to they would be able to see the last saved action.

Here's my code


use CGI qw(:standard);

print header;
print start_html('Test Form'),
    h1('A Test Form'),
    "What's your name? ",textfield('name'),
    "What's your favorite mail client?",
    "What's your favorite editor? ",

if (param()) {
        "Your name is",em(param('name')),
        "The keywords are: ",em(join(", ",param('words'))),
        "Your favorite editor is ",em(param('editor')),
print end_html;
here's my output


A Test Form

What's your name?

What's your favorite mail client?

mutt mail pico sylpheed

What's your favorite editor? <drop down list>

(Submit Query button)

Your name is john

The keywords are: mail, pico

Your favorite editor is cat

Last edited by noir911; 01-06-2007 at 05:14 PM.
Old 01-07-2007, 05:06 AM   #2
Senior Member
Registered: Jan 2002
Location: germany
Distribution: ubuntu, mint, suse
Posts: 1,548

Rep: Reputation: 136Reputation: 136
you could open a filehandle and print to the filehandle the html code you need to display the content including the current values of the variables. see perldoc perlfunc => "open". The html file should reside outside of the cgi-bin and be included in a frame i.e. It is a big security risk to make the cgi-bin writable for web users on production servers. good luck, r
Old 01-07-2007, 02:36 PM   #3
Registered: May 2006
Location: Karachi, Pakistan
Posts: 140

Rep: Reputation: 15
j-ray's reply seems a little confusing but essentially correct. As I see it, the security risk is by using the perl module to write the form. A normal HTML page (not in cgi-bin) is better. Then a parsing script to take the post data and write it to any file (again not a .htm file, even though it may contain HTML code) using the open statement as j-ray suggested. This file should have a weird extension that the web-server wont recognise and even a hacker wont understand. Then use javascript to insert it into a webpage.

Of course, this assumes that you have a good knowledge of perl and javascript. But that is what security is all about. Forms will always be dangerous when used by novice and even quite well experienced programmers. Why don't I like perl modules? Because, they are not needed and can expose you to security risks when you are not familiar with the inner workings.

The most important security check is to ensure that the form data really did come from the form on your server and not from somewhere else. Also that it contains ONLY the normal text that you expect, and not programming code!

Security is a pain, or fun to impliment, depending on your frame of mind. Until you get the hang of it, stay on !!!


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Perl cgi Script can`t make file.Why? ZairSadiqov Linux - Software 1 11-22-2006 07:22 AM
Perl/CGI uploader program - temp file not getting deleted anroy Programming 4 09-13-2006 02:33 AM
PERL: Can you open an HTML file from a web address? SparceMatrix Programming 3 02-07-2006 11:06 AM
htmldoc - a different input from an html file - cubax Linux - General 1 05-15-2005 11:54 PM
cgi perl : I cant get perl to append my html file... the_y_man Programming 3 03-22-2004 05:07 AM > Forums > Non-*NIX Forums > Programming

All times are GMT -5. The time now is 05:17 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration