Creating a Web-based BBS, Part 2

Mr. Lerner continues to look at the bulletin board system, examining the code that works with individual messages.

Last month, I demonstrated how to build a small bulletin-board system (BBS) on the Web using Perl and a relational database. Such a bulletin board is another useful tool for bringing people together on a web site. This month, I will show you how to write several different programs, including ones that create and list the current messages.

Before continuing, let's review the two tables that contain the information in our BBS. I used SQL to define the tables, which means that while I wrote the database using MySQL, most of these definitions should work with other relational databases as well. The code to create these two tables is shown in Listing 1.

Listing 1. Table Creation Code

These two tables will enable a number of tricks to be performed with threads (i.e., message groups) and messages. Each message belongs to one thread. Each message (and thread) is contained in a single database row includes the author's name, her e-mail address, a subject heading and the text of the message.

Pointers to additional information about relational databases in general or MySQL in particular can be found in “Resources”, which also includes information about Perl's vendor-independent database interface (DBI).

Creating a Thread with Cookies

Last month I wrote a program,, to list the threads (discussion topics) currently defined, and one to create a new thread, However, I didn't provide an HTML form for use with, because that form must be produced within a CGI program. The program that performs this function is in Listing 2 in the archive file. Listings 2 through 5 are not printed here due to space considerations, but are available by anonymous download in the file

Why use a CGI program rather than a static form? To be honest, the only reason is to provide a bit of functionality I particularly like. I order many items on the Web, often returning to the same vendor multiple times. I dislike having to enter my name and e-mail address every time I fill out an HTML form on the Web. I decided to make life a bit easier for people using our bulletin board system by automatically filling in the “name” and “email” fields with information the user had posted in a previous transaction.

If I were to use a templating system such as Embperl or ePerl, I could use a file that looks closer to standard HTML without burying the HTML inside of a CGI program. For a variety of reasons, including the fact that my web-space provider had not made mod_perl available as of this writing, I decided to use CGI programs rather than templates.

Regardless of whether CGI programs or templates are used, inserting a value from a previous form submission requires keeping track of state across HTTP transactions. HTTP is a stateless protocol; that is, each connection occurs without any memory from previous ones. How, then, can data be retrieved from a previous form submission?

The answer is HTTP cookies, a clever hack that has become a cornerstone of commerce and transaction on the Web. A cookie is a name,value pair, somewhat like a variable or an entry in a hash table. The cookie is stored by the user's browser, however, meaning that it is available across multiple transactions.

A site can set a cookie as part of an HTTP response, with a “Set-cookie” header. Whenever the user visits a site that previously set a cookie, it includes a “Cookie” header in its HTTP request. Thus, the cookie's value can be used to automatically fill in the “value” attribute of the “name” and “email” fields in the HTML form. When the user submits the form to create a new thread, the program sends headers that set the “name” and “email” cookies on the user's browser. The next time the user visits the site, those values are sent as part of the HTTP headers and can be retrieved and used within our program.

Perl's module allows us to easily work with cookies, using the “cookie” method. The following code is put in the form-creation program:

my $email = $query->cookie(-name => "email") ||
print "<TR>\n";
print "<TD>Your e-mail address</TD>\n";
print "<TD><input type=\"text\"
size=\"50\" ";
print "value=\"$email\"
print "</TR>\n\n";

which assigns $email the value of the “email” cookie or the empty string. The empty string could be ignored, since Perl automatically assigns the empty string to a variable the first time its value is retrieved. However, this would produce a warning message, since the program would be using the value of an undefined variable. It is safest to assign the empty string when possible.

The value of the text field is set to the current value of the cookie or the empty string; that is, either the user's e-mail address or nothing at all. A similar method is used for the user's name, so that she doesn't have to enter her name multiple times.

The form is submitted to, which we examined last month. That program uses the elements of the submitted HTML form to create an SQL query that inserts an appropriate row into the ATFThreads table. Because we have defined the ID column of ATFThreads with the AUTO_INCREMENT attribute, we can be sure every thread will have its own automatically generated ID number that we can reference in our programs.

When the form is submitted, our CGI program creates two new cookies, one named “email” and another named “name”. We can then retrieve the values with's “cookie” method, as demonstrated above. Creating the cookies is almost as easy as retrieving them:

my $namecookie = $query->cookie(-name => "name",
  -value => $query->param("name"),
  -expires => "+1y");
my $emailcookie = $query->cookie(-name => "email",
  -value => $query->param("email"),
  -expires => "+1y");

Once we create $namecookie and $emailcookie, we can send them to the user's browser, thus setting the cookie values, by incorporating them into the HTTP header:

print $query->header(-type => "text/html",
 -cookie => [$namecookie, $emailcookie]);

Since both cookies are set to expire one year (+1y) after they are created, the user's browser should continue to send the name and e-mail address whenever visiting the site in the future.