How to get into $ENV{'QUERY

dominica1000 has asked for the wisdom of the Perl Monks concerning the following question:

I am trying to modify a job posting perl-cgi script so that a person can select more than one job to apply for. After they have selected the jobs that they want, I want this information to be placed into $ENV{'QUERY_STRING'} in this format: STXXXX+STCCC+STDDD, so that the next url looks like this: foo.com/cgi-bin/test.pl?STCCC+STXXX+STDDD+..I want these numbers to be able to be passed on as they go through the application process.. Here is an example of the first script - the form where they select the jobs:

#!/usr/local/bin/perl 

  
push (@INC, "\\foo\\cgi-bin\\hotjobs\\");
require "jobs_prefs.pl"; 

$jobdata="\\foo\\hotjobs\\data\\jobs.txt";
$sortfunction = sort_func;


print "Content-type:text/html\n\n";
print "<html><head><title>TEST</title></head><body>";
print "<FORM ACTION=/cgi-bin/pmquestion2.pl method=post>";

open(DB2,,$jobdata);
@indata = <DB2>;
close(DB2);


print "<P ALIGN=CENTER><IMG SRC=http://www.foo.com/images/stlogo.gif W
+IDTH=220 HEIGHT=73><BR>";
print "<IMG SRC=http://www.foo.com/images/stdesign.gif WIDTH=220 HEIGH
+T=47 ALT=artwork></P>";
print "<FONT FACE=Arial SIZE=2><P ALIGN=CENTER>Please click <a href=ht
+tp://www.foo.com/hotjobs.html>here</a>".
" to search our database of available jobs.</center><FONT FACE=Arial S
+IZE=2> </P>";

print "<P ALIGN=CENTER><CENTER><TABLE BORDER CELLSPACING=1 BORDERCOLOR
+=#000000 CELLPADDING=7 WIDTH=597>";
print "<TR><TD WIDTH=8% VALIGN=TOP BGCOLOR=#0000CD HEIGHT=17>";
print "<P><B><FONT FACE=Arial SIZE=2 COLOR=#ffffff>APPLY?</B></FONT></
+TD>";
print "<TD WIDTH=11% VALIGN=TOP BGCOLOR=#0000CD HEIGHT=17>";
print "<B><FONT FACE=Arial SIZE=2 COLOR=#ffffff><P>JOB #</B></FONT></T
+D>";
print "<TD WIDTH=55% VALIGN=TOP BGCOLOR=#0000CD HEIGHT=17>";
print "<B><FONT FACE=Arial SIZE=2 COLOR=#ffffff><P>TITLE (Click to rea
+d the description)</B></FONT></TD>";
print "<TD WIDTH=26% VALIGN=TOP BGCOLOR=#0000CD HEIGHT=17>";
print "<B><FONT FACE=Arial SIZE=2 COLOR=#ffffff><P>LOCATION</B></FONT>
+<FONT FACE=Arial SIZE=2></TD></TR>\n";

@reverse = reverse(@indata);

foreach $i (sort $sortfunction @reverse) {
chop($i);                    
($Index,$Date,$Title,$Category,$JobCode,$Description,$Requirements,$Co
+ntract,$field9,$field10,$field11,$field12,$City,$State,$field15) = sp
+lit("\t",$i,15);



print "<FONT FACE=Arial SIZE=2><tr>";
print "<FONT FACE=Arial SIZE=2><td><input type=checkbox name=JobID val
+ue=$JobCode></td>";
print "<FONT FACE=Arial SIZE=2><td>$JobCode</td>";
print "<FONT FACE=Arial SIZE=2><td><a href=http://www.foo.com/cgi-bin/
+hotjobs/jobs_view.pl?index=$Index>$Title</a></td>";
print "<FONT FACE=Arial SIZE=2><td>$City, $State</td>";
print "</tr>\n";
}
#print "($reverse[0]('Date'))";
#$record1 = ($Date($reverse[0]));
#print "$record1 ";
print "</table><p><center><input type=submit name=submit value=Apply F
+or Jobs></form></center></font>";
print "</body></html>";
[download]

Here is an example of the 2nd script - where the first script is posting to:


#!/usr/local/bin/perl

use CGI qw(:standard);

@jid = param('JobID');

  
  
print "Content-type: text/html\n\n";

print "<head><title>TEST SCRIPT</title>";
print "</head><font size=2 face=arial><p>";

foreach $jid (@jid) {

print "+$jid";

    }

$ENV{'QUERY_STRING'} eq (print "+$jid");
#$ENV{'QUERY_STRING'} = print "+$jid";

}


print "<p><a href=http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRI
+NG'}>http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRING'}</a><p>"
+;
print "<p><a href=http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRI
+NG'}>http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRING'}</a>";





print "</FORM><p></center></center></td></tr></table></BODY>";
[download]

This isn't working! What am I doing wrong? Is there another way to do this besides what I am trying to do? Any help would be greatly appreciated.

Comment on How to get into $ENV{'QUERY_STRING'}? Select or Download Code

Replies are listed 'Best First'.
Re: How to get into $ENV{'QUERY_STRING'}? by httptech (Chaplain) on May 10, 2000 at 01:17 UTC
$ENV{'QUERY_STRING'} is meant to be read, not written to. All you need to do is something like: `$url = "http://www.foo.com/cgi-bin/test2.pl?JobID="; $url .= join('+', @jid); print "<a href=\"$url\">$url</a>\n";` [download]	[reply] [d/l]
RE: How to get into $ENV{'QUERY_STRING'}? by Adam (Vicar) on May 10, 2000 at 01:16 UTC
Your code isn't going to compile. You have an extra } hanging out, and you have a boolean comparison in there, but nothing is using it. (thats the eq function). I didn't see any environment variable stuff in your first script, so I'm not sure where you are getting the variable from. Remember that the %ENV hash is provided to a script from the parent process, and any alterations that you make to it are local. The changes don't affect the parent, only the children. `#!/usr/local/bin/perl use CGI qw(:standard); @jid = param('JobID'); print "Content-type: text/html\n\n"; print "<head><title>TEST SCRIPT</title>"; print "</head><font size=2 face=arial><p>"; foreach $jid (@jid) { print "+$jid"; } $ENV{'QUERY_STRING'} eq (print "+$jid"); #$ENV{'QUERY_STRING'} = print "+$jid";` [download] `}` # This bracket shouldn't be here. `print "<p><a href=http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRI +NG'}>http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRING'}</a><p>" +; print "<p><a href=http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRI +NG'}>http://www.foo.com/cgi-bin/test2.pl?$ENV{'QUERY_STRING'}</a>"; print "</FORM><p></center></center></td></tr></table></BODY>";` [download]	[reply] [d/l] [select]
Re: How to get into $ENV{'QUERY_STRING'}? by chromatic (Archbishop) on May 10, 2000 at 01:16 UTC
What would happen if you were to do something like this: `my $new_query = $ENV{QUERY_STRING} . (join "+", @jid);` and then use $new_query in your href tags? I don't know if CGI.pm is destructive to QUERY_STRING or not. Other ways to do this might involve building a form, and submitting the previous values as hidden fields. That's how the Everything Engine maintains some state. Other options include cookies or databases.	[reply] [d/l]
SECURITY RISK by Anonymous Monk on May 10, 2000 at 02:32 UTC
Hi, You need to parse your string for ssl commands $var =~ s/ < ! - - ( . \| \ n ) * - - >//g; don't include all the spaces in between < ! and so on until - >	[reply]
RE: SECURITY RISK by merlyn (Sage) on May 10, 2000 at 03:34 UTC
There's no security risk here in most systems, because the output of CGI is not generally parsed for SSI. Methinks you have a hair-trigger on that. `:)` Even having said that, `$var =~ s/ < ! - - ( . \| \ n ) * - - >//g;` [download] is poor performing code. You want something like this instead: `$var =~ s/<!--.*?-->//gi;` [download]	[reply] [d/l] [select]