#!/usr/bin/perl -T # always use -T for CGI stuff. read perlsec

use strict; use warnings;
use CGI qw(:standard); # this pulls in param(), header() and start_html()
use DBI;

my @query_results;
my $error;
my $name;
# if we have a 'name' param, check it...
if (param('name')) {
    if (param('name') =~ /^(\w+)$/) {
        $name = $1;
    }
    # ...and if name param is ok query the DB
    if ($name) {
        my $dbh = DBI->connect(
            "DBI:mysql:database=test",
            'testuser', # username - change to your setup
            'secretpw', # password - change to your setup
            {RaiseError => 1},
        ) or $error = "could not connect to database";
        my $sth = $dbh->prepare(
            "select name, age from persons where name = ?"
        );
        $sth->execute($name);
        while(my $row = $sth->fetchrow_arrayref) {
            push @query_results, $row;
        }
    }
} else {
    $error = "please enter a valid name\n";
}
print header(), start_html('SQL Query');
print <<EOH;
<html>
<head><title>SQL</title></head>
<body>
<h1>SQL Query</h1>
<form method="POST" action="/cgi-bin/sql.cgi">
<input id="name" name="name"/>
</form>
<hr>
<table border=1>
<thead><tr><td>Name</td><td>Age</td></tr></thead>
<tbody>
EOH
foreach my $row (@query_results){
    my ($name, $age) = @$row;
    print "<tr><td>$name</td><td>$age</td></tr>\n";
}
print "</tbody>\n</table>\n";
print "<b>$error</b>" if $error;
print "</body></html>\n";