#!/usr/bin/perl -wT
use strict;
use DBI;
use CGI;

my $cgi = CGI->new();          
print $cgi->header(),       # Print header etc.
      $cgi->start_html();


if($cgi->param()) {    # something was submitted
     my $name =    $cgi->param("name") || "Anonymous";
     my $message = $cgi->param("message") || "";

     if($message)  {   # If they submitted some message

          # Make a connection to the database.
          my $dbh = DBI->connect("DBI:mysql:host=localhost;database=my_db",
                    "my_id", "my_pass",
                    {AutoCommit => 1,   # commit immediately
                     PrintError => 0,   
                     RaiseError => 1
                     ShowErrorStatement => 1
                    }
          );

          # Prepare the SQL so we can then use it to insert
          # into the database.  Notice that we use ?s instead
          # of actual values.  This means that we can get
          # DBI to do our actual quoting and saves us a lot
          # of bother.
          my $sth = $dbh->prepare("INSERT INTO guestbook  
                    (name, message, date) VALUES (?,?,?)");

          # Now we execute the SQL.  We pass in one value
          # for each question mark that we put into the 
          # prepare statement up there.  DBI will make sure
          # that our values are properly escaped.
          $sth->execute($name, $message, scalar(localtime(time)));

          # This entry has now been added to the database.
          # Since we (probably) don't need the database 
          # handle anymore, we tidy up by disconnecting.
          $dbh->disconnect();

          # Print something for the user to see.
          print "Thankyou for your addition to the guestbook.";

     }
     print "I think you forgot to add a message";
}

print_guestbook();     # You'll have to fill this one out.
print_addtoguestbook();# You'll have to fill this one out too.

print $cgi->end_html;