homepage Welcome to WebmasterWorld Guest from 54.161.247.22
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Visit PubCon.com
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Whats the best way to make a form?
Rightz




msg:434741
 4:24 pm on Mar 30, 2006 (gmt 0)

Hi,

I'm new to this so I apologise if I'm asking something that has been asked before. Basically I want a form on my site but I know that mailto is no longer supported.

So whats the easiest way to do a form?

I have checked out [nms-cgi.sourceforge.net...] but found it very confusing. I did matt's form script years ago but have now totally forgot even where to put each file etc.

Where is the best place to start?

Many thanks

 

MichaelBluejay




msg:434742
 7:32 pm on Apr 2, 2006 (gmt 0)

The first line of your script will look something like this:

<form action=myscript.cgi method=post>

Change "myscript.cgi" to the name of whatever script you download. Some webhosts let you put the script anywhere, some require it go in a cgi-bin folder. If it's the latter then your form will say action=/cgi-bin/myscript.cgi.

Matt's script is well documented, just read the help that's freely provided.

SeanW




msg:434743
 12:45 pm on Apr 3, 2006 (gmt 0)

Look at CGI.pm, it's easy and safe to use, and there is probably an example of what you want in the man page.

Sean

MichaelBluejay




msg:434744
 9:39 pm on Apr 5, 2006 (gmt 0)

Be careful about rolling your own script. Unless you know what you're doing, spammers will hijack it to send out spam. [webmasterworld.com ]

BananaFish




msg:434745
 10:50 pm on Apr 14, 2006 (gmt 0)

Be careful about rolling your own script

Like Matt's formmail hasn't been hijacked more than Air Israeli, you'd be better off programming your own and filtering out all the nonsense.

MichaelBluejay




msg:434746
 2:19 am on Apr 20, 2006 (gmt 0)

Do I think a homegrown script from a novice programmer will be more vulnerable than a public script that's been constantly updated to make it more secure? Absolutely. Doesn't mean that the more popular formmail scripts are bullet-proof, but the're a LOT more secure than someone's first cobbled-together effort, for sure.

markanthony




msg:434747
 5:12 pm on Apr 21, 2006 (gmt 0)

Use -T on your shebang line.

This is taint mode. While it requires some extra knowledge you will benefit from being forced to learn some new tricks.

Rightz




msg:434748
 5:19 pm on Apr 21, 2006 (gmt 0)

Sorry Mark I have absolutely no clue what you are talking about.... call me blonde!

markanthony




msg:434749
 5:27 pm on Apr 21, 2006 (gmt 0)

TAINT mode puts a Perl script into "PARANOID" mode.

All user supplied data is considered unsafe...

google 'perl taint mode'

webgo2




msg:434750
 6:06 pm on May 4, 2006 (gmt 0)

You could use a free script until you learn some regular expressions, then you could allow only what inputs you wanted.

For instance:

In a name input you'd probably only want letters & spaces:

if ($name!~ m/^[a-zA-Z\s]+$/) {
error
}
else {
ok
}

In an email input you'd probably want the format correct:
I didn't write this, I found it a couple years ago & it seems to work well

if ($email!~ /^[A-Z0-9][_\-\.A-Z0-9]*\@\[?[\-\.A-Z0-9]+\.([A-Z]{2,4}¦[0-9]{1,3})\]?$/i) {
error
}
else {
ok
}

Also - you could limit the inputs to a certain character length for names, email addresses, phone numbers, etc:

$inputLENGTH = length ($input);
if (($inputLENGTH < $my_min_value)¦¦($inputLENGTH > $my_max_value)) {
error
}
else {
ok
}

MichaelBluejay




msg:434751
 8:56 pm on May 4, 2006 (gmt 0)

Don't forget that some people have apostrophes in their names (O'Hanlon), periods and commas (Carlos Santana, Jr.), and special characters (Mötley Crûé). If you're error-checking, don't disallow these.

evaddnomaid




msg:434752
 3:38 pm on May 10, 2006 (gmt 0)

If you are looking to verify email addresses, you may be best served by offloading the task to a Web service. That way you can not only assure that the format of the address is correct but also check the host portion of the address against DNS. Try a Web search for "verify email address Web service", or check out this article to learn more:

[informationweek.com...]

perl_diver




msg:434753
 6:33 pm on May 10, 2006 (gmt 0)

The Email::Valid module does the DNS and other checks on emails.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved