Here's the code:

#!/usr/bin/perl -w
###use strict;
 use DBI;
 use CGI qw(:standard);
print "Content-type: text/html\n\n";

@referers = ('72.167.40.203','www.mywebsite.com','mywebsite.com');
&check_url;
&mail;

sub check_url {

    local($check_referer) = 0;

    if ($ENV{'HTTP_REFERER'}) {
        foreach $referer (@referers) {
            if ($ENV{'HTTP_REFERER'} =~ m|https?://([^/]*)$referer|i) 
+{
                $check_referer = 1;
                last;
            }
        }
    }
    else {
        $check_referer = 1;
    }
    if ($check_referer != 1) {&bad_referer}
}


sub bad_referer {
print "content-type: text/html\n\n";
            print <<"(END ERROR HTML)";
<html>
 <head>
  <title>Bad Referrer - Access Denied</title>
 </head>
 <body bgcolor=#FFFFFF text=#000000>
  <center>
   <table border=0 width=600 bgcolor=#9C9C9C>
    <tr><th><font size=+2>Bad Referrer - Access Denied</font></th></tr
+>
   </table>
  </center>
 </body>
</html>
(END ERROR HTML)
exit;   
     }

sub mail    {

###Get the name, email address, and profile address of the sender

my ($dbh, $sth, $count, $AccountID,$SenderFirstName, $SenderLastName, 
+$SenderEmail, $ID, $row, $View);
$dbh = DBI->connect('dbi:mysql:membersdb','ID','pw')
or die "Connection Error: $DBI::errstr\n";

my $SenderID = param('SenderID');

$sth = $dbh->prepare("SELECT FirstName,LastName,Email,View FROM member
+info WHERE AccountID='$SenderID'");
$sth->execute ();

my @row = $sth->fetchrow_array ();

$SenderFirstName= $row[0];
$SenderLastName= $row[1];
$SenderEmail= $row[2];
$SenderView= $row[3];


$sth->finish;


##Get the name & email address of the recipient

my ($dbh, $sth, $count, $AccountID,$FirstName, $LastName, $Email, $row
+);
$dbh = DBI->connect('dbi:mysql:membersdb','ID','pw')
or die "Connection Error: $DBI::errstr\n";

my $ID = param('AccountID');


$sth = $dbh->prepare("SELECT FirstName,LastName, Email FROM memberinfo
+ WHERE AccountID='$ID'");
$sth->execute ();

my @row = $sth->fetchrow_array ();


$FirstName= $row[0];
$LastName= $row[1];
$Recipient= $row[2];

$sth->finish;
$dbh->disconnect ();

use HTML::Entities;
use Mail::Sendmail 0.79; 

my $Message = param('Message');

$From="info\@mywebsite.com";

$html = <<END_HTML;

<p>$SenderFirstName $SenderLastName has sent you a message.</p>
<p>$Message</p>
<form method="POST" action="http://www.mywebsite.com/cgi-bin/global/cr
+eate_reply_mail_htm.pl?ID=$SenderID">
<p>Reply to $SenderFirstName --- <input type="submit" value="REPLY" na
+me="B1" style="color: #FFFFFF; background-color: #0000FF">
  </p>
</form></p>  

END_HTML

           %mail = (
         from => "$From",
         to => "$Recipient",
         subject => 'A Message From My Website',
         'content-type' => 'text/html; charset="iso-8859-1"',

);

$mail{body} = <<END_OF_BODY;
<html>$html</html>
END_OF_BODY

sendmail(%mail) || print "Error: $Mail::Sendmail::error\n";
###}

&redirect;

exit (0);

sub redirect    {
print "Your Message Was Sent\n\n";
    }
exit;
}
[download]

Don't depend on referer for security, Referer spoofing/Why using referer header as a security mechanism is a bad idea. You seem to be blindly including data passed from a CGI page in database queries. Bad idea. Read the DBI documentation on placeholders and bind variables, otherwise something bad may happen: xkcd://327/http://bobby-tables.com/.

Here's the sequence of events. A person has a profile page on mywebsite.com. That page has a SEND MESSAGE link which forwards the person's AccountID to the cgi which creates a "Compose Your Message" page. When the submit button is hit all the info is forwarded to the program I have shown. All this happens on a dedicated server. The check referrers code was intended to assure that the submittal to the mail program was, indeed, coming from the aforementioned form residing on mywebsite.com. Only other members who have logged on can view the profiles noted above. At least I hope that's the case!. If I don't use the check referrer code, what would you suggest I do to ensure the sequence noted above? Thanks for any input!