ACCC Home Page ACADEMIC COMPUTING and COMMUNICATIONS CENTER
Accounts / Passwords Email Labs / Classrooms Telecom Network Security Software Computing and Network Services Education / Teaching Getting Help
 
CGI Programming at UIC
0 Contents 1 Introduction 2 Background 3 Codewrap 4 Perlwrap
5 Perl 6 PHP Examples 7 Perl Examples A1 Related Links  

5. Perl
How to Write Scripts

 

This is the briefest of brief introductions to writing CGI scripts in perl. I won't attempt to teach you programming or teach you perl. I'll just point out some aspects of perl that are specifically relevant to CGIs.

 
   
 
     
More Info
  Even if I had time to write a perl tutorial, it's already been done better than I could ever do. I can recommend the following on the basis of first-hand experience:
  • Learning Perl by Schwartz and Christiansen
  • Programming Perl by Wall, Christiansen and Schwartz
  • Perl Cookbook by Christiansen and Torkington
  • Advanced Perl Programming by Srinivasan
  • Effective Perl Programming by Hall with Schwartz
There are certainly many others, including those specializing in CGI programming. It really is way past the scope of these pages to tell you how CGI works in too much detail, and how perl can best cope with the CGI standard. Try the books, and try the web. 		 
     
Taint Mode
 

Perl has what it calls Taint Mode, and this is turned on in perlwrap. Taint mode is perl's way of reminding you to not trust the user. If you don't understand this, you will get oddball, hard-to-debug errors.

Any value that comes in to your CGI script from the outside (from a user-submitted form or through the environment from the web server) is tainted. Any computation you do with a tainted variable will taint the result. And any time you try to use a tainted variable to influence the world outside your program (ie write to a file, or merely call another program from your CGI script), perl will cause your program to exit immediately.

Since you almost always want to use a tainted variable, what to do? Untaint it, of course. And the only way to untaint a variable is to check it for validity with a regular expression. Here is a very simple example, but it is not fully explained. If this doesn't make lots of sense, you'll have to read up on perl. 

    $a = $ENV{phone};    ## $a is tainted, 
                          #   from environment
    $a =~ /^\s*(\d+)/;   ## check for whitespace 
                          #   followed by digits
    $phone = $1;         ## $phone is not tainted, 
                          #    because $1 was checked
 
     
Browser Input -- CGI.pm
 

CGI.pm is a standard perl module. It's designed to be useful in various aspects of cgi programming. I use it whenever I have to deal with HTML form submission.

I'll let you read the man page for details, but a simple example will show why it is useful. Suppose I need to deal with an HTML form, in which there is the input box: 

     <input type=text name=myname>
Someone will type some text into this box and submit the form. My CGI script needs to know what was typed, so I do this: 
    use CGI;

    $parse = new CGI;
    $myname = $parse->param('myname');
That's it, and the perl variable $myname now contains what was typed into the web form. 		 
     
File Input/Output
 

Input and output should be simple. They're not. Remember that you have no control over when your CGI script is run; you also have no control over how many simultaneous copies are run. That means that if each invocation of your CGI script tries to write to a given file, it is quite possible that two or more invocations will write to the same file at one time. Disaster!

Be careful if you write to files, and use file locking (typically flock) wherever appropriate. Be careful of race conditions, and all the usual considerations of a multi-tasking system. I don't have the scope to write in a lot of detail. These considerations are covered in lots of books on computer science.

 
 

CGI Previous: 4 Perlwrap Next: 6 PHP Examples

2006-9-29  wwwtech@uic.edu
UIC Home Page Search UIC Pages Contact UIC