Passing a form parm and a url reference to a different script

mnlight has asked for the wisdom of the Perl Monks concerning the following question:

I have the first page set up.
This page captures the login id using the remote_user() function.
It displays the days that are available for signup and
gives them a link to click on which passes the user, date,
and volunteer number to a second script that
updates the database. It also has the user identify themselve as the Father or Mother of the player.
This is done using a form (radio_group()). I have been able to pass all parms to the second script except for the name parm from the form

#!/usr/bin/perl -w
#Volunteer.pl - Sign up sheet for Volunteers

use strict;
use DBI;
use CGI qw(:standard);
use CGI::Pretty;
use CGI::Cookie;

my $query = CGI::Pretty->new;
#my $query = CGI::new;
my ($dbh, $sth);
my @val= ();
my $user = $query->remote_user();

$dbh = DBI->connect ("DBI:mysql:host=localhost;database=<database>",
"mnlight","<password>",
{PrintError=> 0, RaiseError=> 1});

$sth = $dbh->prepare ("SELECT * FROM Volunteer where Volunteer = 'TBD'
+");

$sth->execute ();

print header(), start_html ("Volunteer SignUp Form");
print "<body bgcolor=#FFFFF1>";
print "<p><hr><p>";
print "<CENTER>";
print "<TABLE WIDTH='100%'BORDER='1' CELLSPACING='1' CELLPADDING='7'>"
+;
print "<TR>";
print "<TH bgcolor='#9933FF'><font size='5'color='#FFFFFF'><center><st
+rong>MN LIGHTNING 90 SignUp Sheet</font></strong></center>
<br><font size='2'color='#FFFFFF'><center>To sign up for a time simply
+ select the botton indicating if you are the players Mothe
r or Father.<br> Then click the TBD link in the Volunteer column and y
+our name will appear on the verification form.</font></cen
ter></th>";
print "</TR>";
print "</TABLE>";

print $query->start_form('POST','./Signup.pl');
print $query->radio_group( -name =>'Parent',
                           -value =>["Father", "Mother"],
                           -default=>["NO DEFAULT"],
                           -linebreak=>'true',
                           -columnheader=>'Parent');
print $query->end_form();

while (my @val = $sth->fetchrow_array ())
{
  print "<TR>";
  print "<TH WIDTH='10%' VALIGN='TOP' BGCOLOR='#99FF99'>";
  print "<FONT SIZE='2' COLOR='#9933FF'>";
  # Signup2.pl still needs work...
  print "<A HREF=./Signup.pl?$user&$val[2]&$val[3]>$val[0]</th>";
  print "<TH WIDTH='10%' VALIGN='TOP' BGCOLOR='#99FF99' align='center'
+>";
  print "<FONT SIZE='2' COLOR='#9933FF'>$val[1]</th>";
  print "<TH WIDTH='10%' VALIGN='TOP' BGCOLOR='#99FF99' align='center'
+>";
  print "<FONT SIZE='2' COLOR='#9933FF'>$val[2]</th>";
  print "<TH WIDTH='10%' VALIGN='TOP' BGCOLOR='#99FF99' align='center'
+>";
  print "<FONT SIZE='2' COLOR='#9933FF'>$val[3]</th>";
  print "</TR>";
}
[download]

Do I need to pass name from the form to the reference in the table before it gets passed to the script? What is missing?

Comment on Passing a form parm and a url reference to a different script Download Code

Replies are listed 'Best First'.
Re: Passing a form parm and a url reference to a different script by TomK32 (Monk) on Dec 23, 2001 at 01:40 UTC
I'm not sure if I truely understood you, but maybe you are searching for hidden form elements. `<input type="hidden" name="secret" value="notdisplayed">` But I must say that this is a very dangerous way of transporting informations because the user can read the HTML source and modify the variables quite easy. You have to insert a view methods to check the values or better you save the informations you've allready got. `-- package Lizard::King; sub can { do { 'anything'} };` [download]	[reply] [d/l] [select]
Re: Re: Passing a form parm and a url reference to a different script by mnlight (Scribe) on Dec 23, 2001 at 11:51 UTC
It makes sense that the second script would be able to get the user id from the remote_user() since it is handled by the server. However could you please explain what a less dangerous way to pass 2 variables to a different script would be. I am not understanding how the hidden form element works.	[reply]
Re: Re: Re: Passing a form parm and a url reference to a different script by TomK32 (Monk) on Dec 23, 2001 at 13:21 UTC
hidden form elements are simply not shown to the user although he can open the source and find them. You can use them like nomal `<input>-field` except that their `type=hidden`. The normal and less dangerous way is to save the data you've got (maybe into a database (mark the entry it temporary) or a temporary file) and reread the data in the second script. `-- package Lizard::King; sub can { do { 'anything'} };` [download] TomK32 - just a geek trying to change the world	[reply] [d/l] [select]