If you look closely, you'll see this isn't CGI code... just VERY dirty shell code. He probably got you fooled by that $cnip = $ENV{'QUERY_STRING'}; line. Note that he's not printing any HTTP headers (which is kinda trivial for CGI scripts). I can only assume that there is actually an environment variable called QUERY_STRING. A ++ for your comments on perlier code and your fixes on his referencing attempt tho :-)

Greetz
Beatnik
... Quidquid perl dictum sit, altum viditur.