homepage Welcome to WebmasterWorld Guest from 54.205.122.62
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
Forum Library, Charter, Moderators: coopster & jatar k & phranque

Perl Server Side CGI Scripting Forum

    
Whats the best way to make a form?
Rightz

5+ Year Member



 
Msg#: 4421 posted 4:24 pm on Mar 30, 2006 (gmt 0)

Hi,

I'm new to this so I apologise if I'm asking something that has been asked before. Basically I want a form on my site but I know that mailto is no longer supported.

So whats the easiest way to do a form?

I have checked out [nms-cgi.sourceforge.net...] but found it very confusing. I did matt's form script years ago but have now totally forgot even where to put each file etc.

Where is the best place to start?

Many thanks

 

MichaelBluejay

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4421 posted 7:32 pm on Apr 2, 2006 (gmt 0)

The first line of your script will look something like this:

<form action=myscript.cgi method=post>

Change "myscript.cgi" to the name of whatever script you download. Some webhosts let you put the script anywhere, some require it go in a cgi-bin folder. If it's the latter then your form will say action=/cgi-bin/myscript.cgi.

Matt's script is well documented, just read the help that's freely provided.

SeanW

10+ Year Member



 
Msg#: 4421 posted 12:45 pm on Apr 3, 2006 (gmt 0)

Look at CGI.pm, it's easy and safe to use, and there is probably an example of what you want in the man page.

Sean

MichaelBluejay

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4421 posted 9:39 pm on Apr 5, 2006 (gmt 0)

Be careful about rolling your own script. Unless you know what you're doing, spammers will hijack it to send out spam. [webmasterworld.com ]

BananaFish

5+ Year Member



 
Msg#: 4421 posted 10:50 pm on Apr 14, 2006 (gmt 0)

Be careful about rolling your own script

Like Matt's formmail hasn't been hijacked more than Air Israeli, you'd be better off programming your own and filtering out all the nonsense.

MichaelBluejay

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4421 posted 2:19 am on Apr 20, 2006 (gmt 0)

Do I think a homegrown script from a novice programmer will be more vulnerable than a public script that's been constantly updated to make it more secure? Absolutely. Doesn't mean that the more popular formmail scripts are bullet-proof, but the're a LOT more secure than someone's first cobbled-together effort, for sure.

markanthony

10+ Year Member



 
Msg#: 4421 posted 5:12 pm on Apr 21, 2006 (gmt 0)

Use -T on your shebang line.

This is taint mode. While it requires some extra knowledge you will benefit from being forced to learn some new tricks.

Rightz

5+ Year Member



 
Msg#: 4421 posted 5:19 pm on Apr 21, 2006 (gmt 0)

Sorry Mark I have absolutely no clue what you are talking about.... call me blonde!

markanthony

10+ Year Member



 
Msg#: 4421 posted 5:27 pm on Apr 21, 2006 (gmt 0)

TAINT mode puts a Perl script into "PARANOID" mode.

All user supplied data is considered unsafe...

google 'perl taint mode'

webgo2

5+ Year Member



 
Msg#: 4421 posted 6:06 pm on May 4, 2006 (gmt 0)

You could use a free script until you learn some regular expressions, then you could allow only what inputs you wanted.

For instance:

In a name input you'd probably only want letters & spaces:

if ($name!~ m/^[a-zA-Z\s]+$/) {
error
}
else {
ok
}

In an email input you'd probably want the format correct:
I didn't write this, I found it a couple years ago & it seems to work well

if ($email!~ /^[A-Z0-9][_\-\.A-Z0-9]*\@\[?[\-\.A-Z0-9]+\.([A-Z]{2,4}¦[0-9]{1,3})\]?$/i) {
error
}
else {
ok
}

Also - you could limit the inputs to a certain character length for names, email addresses, phone numbers, etc:

$inputLENGTH = length ($input);
if (($inputLENGTH < $my_min_value)¦¦($inputLENGTH > $my_max_value)) {
error
}
else {
ok
}

MichaelBluejay

WebmasterWorld Senior Member 10+ Year Member



 
Msg#: 4421 posted 8:56 pm on May 4, 2006 (gmt 0)

Don't forget that some people have apostrophes in their names (O'Hanlon), periods and commas (Carlos Santana, Jr.), and special characters (Mötley Crûé). If you're error-checking, don't disallow these.

evaddnomaid

5+ Year Member



 
Msg#: 4421 posted 3:38 pm on May 10, 2006 (gmt 0)

If you are looking to verify email addresses, you may be best served by offloading the task to a Web service. That way you can not only assure that the format of the address is correct but also check the host portion of the address against DNS. Try a Web search for "verify email address Web service", or check out this article to learn more:

[informationweek.com...]

perl_diver

5+ Year Member



 
Msg#: 4421 posted 6:33 pm on May 10, 2006 (gmt 0)

The Email::Valid module does the DNS and other checks on emails.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / Perl Server Side CGI Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved