[Web4lib] CGI Forms: checkboxes and stringing of multiple fields

Cloutman, David DCloutman at co.marin.ca.us
Mon Dec 10 16:06:04 EST 2007


My knowledge of PERL is pretty limited, but I'll make some educated
guesses. 

First, unless you have embedded PERL scripts (like Mason) or server-side
includes, in the .htm file that contains your form, you should be able
to preview the look and feel aspects of your application. However, you
cannot test your PERL script without setting up a web hosting
environment on your machine that mimics your hosting environment. You're
probably better off setting up a separate directory on your web server
for the purposes of testing and then securing it with htaccess, or the
equivalent offered in your hosting environment. That way you are testing
against the PERL installation that the live script is working against.
There are TONS of ways to do Web scripting in PERL, and many libraries
your script could be dependant upon. It is possible to set up a
development environment on your desktop, if you have the time and
skills, and have the necessary knowledge of how your target system is
configured.

Your solution to the phone number change _looks_ correct:

print MESSAGE "Phone#: $FORM{AreaCode}-$FORM{Prefix}-$FORM{Number}\n";

You need to test it on the server, however, before putting this into
production. Code that looks like it will work often does not. 

This line of code will definitely not work:

if ($FORM{ckeckbox} = "yes") {

I _think_ it may always evaluate as true. The single equals sign is an
assignment operator. What your code says is "Assign $FORM{checkbox]} the
string value, 'yes'," rather than comparing the two values. Unlike
languages such as BASIC, where the single equals sign is used for both
assignment and comparison, depending on context, many languages,
especially PERL, use different operators for assignment and comparison.
In PERL there are different comparison operators based of the _type_ of
data as well. Strings can be compared with the eq operator, while
numbers use the double equals ==. Your code should probably read
something like:

if ($FORM{ckeckbox} eq "yes") {

Comparison operators in PERL are described here in far more clarity than
I can give here:

http://www.perlmeme.org/howtos/syntax/comparing_values.html

Finally, since you're not an expert in CGI scripting (yet), make sure
you understand the risk of a header injection attack. Web forms that
interface with email are inherently risk and are suceptable to a common
exploit. Make sure that your script thoroughly tests user input and / or
does not write any user input to the mail header. This includes user
submitted data that goes into the To or Subject lines. Not checking this
data can turn your form into a convinient tool for sending spam. If
you're not certain what you're doing, consider using a script from a
source like Matt's Script Archive. Other people have already written
email scripts that have been testing for security issues, and may be
easier to configure than writing the PERL code yourself.

Good luck,

- David

---
David Cloutman <dcloutman at co.marin.ca.us>
Electronic Services Librarian
Marin County Free Library 

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Baker, Tammy K
Sent: Monday, December 10, 2007 11:20 AM
To: web4lib at webjunction.org
Subject: RE: [Web4lib] CGI Forms: checkboxes and stringing of multiple
fields


I'm using perl (but I'm certainly not an expert in it). Also, I don't
have the webform or the script on the web server yet but was wondering
if there's anyway to test their functionality on a PC (if I have .htm
files on my C:\ drive, I can open them with browsers to get a preview of
how they look but I'd like to know if there's something similar to test
cgi scripts).

Thank you again,

Tammy K. Baker

-----Original Message-----
From: Cloutman, David [mailto:DCloutman at co.marin.ca.us] 
Sent: Monday, December 10, 2007 1:08 PM
To: Baker, Tammy K; web4lib at webjunction.org
Subject: RE: [Web4lib] CGI Forms: checkboxes and stringing of multiple
fields

Can you tell us which particular email script / scripting language you
are working with? We will need to know that to answer your question.

---
David Cloutman <dcloutman at co.marin.ca.us> Electronic Services Librarian
Marin County Free Library 

-----Original Message-----
From: web4lib-bounces at webjunction.org
[mailto:web4lib-bounces at webjunction.org] On Behalf Of Baker, Tammy K
Sent: Monday, December 10, 2007 10:37 AM
To: web4lib at webjunction.org
Subject: [Web4lib] CGI Forms: checkboxes and stringing of multiple
fields


Greetings everyone,

I'm working on interlibrary loan request forms and I'm seeking some
insight since I'm really rusty and not much of a programmer. First, it
was decided that phone numbers would be in separate fields rather than
one field; so we went from this:

Phone# <input name="Phone" type="text" size="13">

to this:

Phone# ( 

<input name="AreaCode" type="text" size="3">

) 

<input name="Prefix" type="text" size="3">

- 

<input name="Number" type="text" size="4">

The part of the cgi script pertaining to the phone number had 

print MESSAGE "Phone#: $FORM{Phone}\n";

Now I have to string three fields together and wanted to know if the
following would work (to display something like 832-555-1212): 

print MESSAGE "Phone#: $FORM{AreaCode}-$FORM{Prefix}-$FORM{Number}\n";

Second, I have never seen information on how checkboxes are treated with
cgi. For example, the following on the form:

Did you check the library catalog to determine whether the item is
available locally? <input type="checkbox" name="checkbox"
value="checkbox">

I'm not sure how to get the results of the checkbox from the webform to
the email recipient. I'm probably way off but would something like the
following work:

if ($FORM{ckeckbox} = "yes") {

print MESSAGE "I checked the library catalog before submitting.\n";

}

else {

print MESSAGE "I did not check the library catalog before
submitting.\n";

}

Thank you so much in advance for any insight.

Sincerely,

Tammy K. Baker, Technology Librarian
Automated Library Services
District Services and Training Center
North Harris Montgomery Community College District 5000 Research Forest
Drive The Woodlands, Texas 77381-4356 USA
 
Telephone:            (832) 813-6652
Facsimile:              (832) 813-6614
Electronic mail:      tammy.k.baker at nhmccd.edu
<mailto:tammy.k.baker at nhmccd.edu> 
 
NHMCCD is becoming
Lone Star College System
 
_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/

Email Disclaimer: http://www.co.marin.ca.us/nav/misc/EmailDisclaimer.cfm

_______________________________________________
Web4lib mailing list
Web4lib at webjunction.org
http://lists.webjunction.org/web4lib/


More information about the Web4lib mailing list