Keeping Programs Trim with CGI_Lite
If we know that we want to put one or more of the form elements into scalar variables (and not keep them in the hash), we can do so by calling the method create_variables. For instance, in our example above, we first had to use parse_form_data in order to get the form elements into the hash %FORM. Then we had to assign $firstname in a separate step. If we had wanted to assign 10 variables based on the contents of the form, we would have needed to make 10 separate assignments, which is rather inefficient.
To get around this problem, we can use the create_variables method, which automatically creates local variables for us. If we want to turn each form element into its own variable, we can simply invoke:
When this method returns, we have a new variable defined for each element that was in the submitted form. Thus, if we have a form element named firstname, the value associated with that element is now available via the variable $firstname. The backslash in front of %FORM gives us a reference to the hash, a new feature in Perl 5 documented in great detail in the Perl manual pages (available by typing man perlref on most Linux systems).
There is one potential problem with create_variables, namely, your program might define variables with the same names as one or more form elements. For example, Listing 3 is a version of hello.pl in which we give the variable $firstname a value and call create_variables on the submitted form that included an element named firstname.
When $firstname is set to the value NOT CHANGED, as in Listing 3, the value of the HTML form element firstname is ignored when we call create_variables, and we get a greeting to NOT CHANGED, rather than the user's first name. If we comment out the line defining $firstname as NOT CHANGED, create_variables does its job just fine, creating a variable named $firstname and giving it the value that the user provided. This behavior is a good idea in terms of web security, but the silent failure of one or more variable assignments strikes me as a possible pitfall.
CGI.pm offers similar functionality with its import_names method. In this case, the authors encourage users to import names into a separate name space, ensuring that there are no name conflicts with existing variables.
Notice that in the Listing 3 version of hello.pl, I have removed the use strict line. This was to avoid possible conflicts when commenting out the line that defines a default value for $firstname. The strict module requires that you define variables before using them; however, if we are referencing variables that are created by create_variables, this is impossible.
CGI_Lite.pm is smart enough to grab form elements passed by either of the two methods: GET or POST. POST is generally considered to be the better method of the two, since it passes the contents of the form to a CGI program via standard input (stdin), rather than as part of the URL. However, if we were interested in passing a name to hello.pl as part of the URL, we could do so as follows:
Of course, if you are testing this program from a computer other than the web server, you need to replace localhost with the name of a server. For example, if your server runs on www.fictional.edu, you could use:
http://www.fictional.edu/cgi-bin/hello.pl?firstname=ReuvenNotice how we can set the variable's value after the question mark, known in CGI lingo as the “query string”. The query string is part of the URL, and URLs may not contain white space or other “dangerous” characters that might be misinterpreted by the browser and/or the server. For these reasons, certain characters must be sent in “percent-hex” format, in which the character's ASCII value in hexadecimal is prefaced by a percent sign. Obviously, the percent sign itself (ASCII value 0x25) must be encoded in this way. Thus, if my “first” name were actually two names, I could send the string as follows:
http://www.fictional.edu/cgi-bin/hello.pl?firstname=J%20EdgarSince the “space” character is ASCII 0x20 (32 in decimal), we can insert a space into the URL by sending a %20. CGI_Lite.pm automatically translates the percent-hex encoding into the ASCII codes we want.
|Using Salt Stack and Vagrant for Drupal Development||May 20, 2013|
|Making Linux and Android Get Along (It's Not as Hard as It Sounds)||May 16, 2013|
|Drupal Is a Framework: Why Everyone Needs to Understand This||May 15, 2013|
|Home, My Backup Data Center||May 13, 2013|
|Non-Linux FOSS: Seashore||May 10, 2013|
|Trying to Tame the Tablet||May 08, 2013|
- Making Linux and Android Get Along (It's Not as Hard as It Sounds)
- RSS Feeds
- New Products
- Using Salt Stack and Vagrant for Drupal Development
- Drupal Is a Framework: Why Everyone Needs to Understand This
- A Topic for Discussion - Open Source Feature-Richness?
- Home, My Backup Data Center
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Tech Tip: Really Simple HTTP Server with Python
- Ahh, the Koolaid.
2 hours 37 min ago
- git-annex assistant
8 hours 37 min ago
- direct cable connection
9 hours 3 sec ago
- Agreed on AirDroid. With my
9 hours 10 min ago
- I just learned this
9 hours 14 min ago
9 hours 44 min ago
- not living upto the mobile revolution
12 hours 35 min ago
- Deceptive Advertising and
13 hours 11 min ago
- Let\'s declare that you have
13 hours 12 min ago
- Alterations in Contest Due
13 hours 13 min ago
Enter to Win an Adafruit Prototyping Pi Plate Kit for Raspberry Pi
It's Raspberry Pi month at Linux Journal. Each week in May, Adafruit will be giving away a Pi-related prize to a lucky, randomly drawn LJ reader. Winners will be announced weekly.
Fill out the fields below to enter to win this week's prize-- a Prototyping Pi Plate Kit for Raspberry Pi.
Congratulations to our winners so far:
- 5-8-13, Pi Starter Pack: Jack Davis
- 5-15-13, Pi Model B 512MB RAM: Patrick Dunn
- Next winner announced on 5-21-13!
Free Webinar: Linux Backup and Recovery
Most companies incorporate backup procedures for critical data, which can be restored quickly if a loss occurs. However, fewer companies are prepared for catastrophic system failures, in which they lose all data, the entire operating system, applications, settings, patches and more, reducing their system(s) to “bare metal.” After all, before data can be restored to a system, there must be a system to restore it to.
In this one hour webinar, learn how to enhance your existing backup strategies for better disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible bare-metal recovery solution for UNIX and Linux systems.