Passing Data using CGI

budman has asked for the wisdom of the Perl Monks concerning the following question:

Hi, I was working on a cgi script that reads database log output files, displays on a web page, and has the option to forward as mail including the log output.

Everything works smoothly, until the log content contains a greater-than sign, single quote, or double quote.

First off, I read the log contents into a list @LogData.

On the display page, I open the <TEXTAREA> and then print the log contents into the area. Sometimes, this breaks the <TEXTAREA> causing to be displayed adhoc. I think this is due to the greater-than sign cause the browser to think the textarea was closed.

Second, on the email page, when the LogContents is forwarded to the page via the HIDDEN INPUT variable, if the data contains greater-than sign it also causes a problem with the logdata.

I pass the data as: print "<INPUT TYPE=HIDDEN NAME=LOGDATA VALUE=\"@LogData\">";

Should the data in @LogData be encoded first?
Should the greater-than signs in the log content be changed to HTML equivalents?

I print the Log Data in the TextArea using:
print "$line\r\n";

How do you stop the contents of $line from being interperted?

Thanks for your help.
budman

Comment on Passing Data using CGI

Replies are listed 'Best First'.
Re: Passing Data using CGI by Juerd (Abbot) on Jan 04, 2002 at 15:31 UTC
Should the data in @LogData be encoded first? Should the greater-than signs in the log content be changed to HTML equivalents? Yes. You can do so by using HTML::Entities. Note: You should also do that for <textarea>'s, because if you don't, `</textarea>` will end the thing :) `2;0 juerd@ouranos:~$ perl -e'undef christmas' Segmentation fault 2;139 juerd@ouranos:~$` [download]	[reply] [d/l]
Re: Re: Passing Data using CGI by Anonymous Monk on Jan 05, 2002 at 12:50 UTC
Thanks very much. It worked like a charm (after a few tests). The sample with the bad chrs "\200-\377" wasn't encoding. When I removed that arg, the encoding worked fine. It fixed the problem. budman	[reply]
Re: Passing Data using CGI by hakkr (Chaplain) on Jan 04, 2002 at 17:32 UTC
Using CGI to output your hidden field might be a good idea as well. `$q->hidden(-name => 'LOGDATA', -value => "$LogData");` You'll also find if @LogData contains any " or <> the ouput of your print statement will be messed up. Use map or a loop to go through your array and substitute(encode) any dodgy characters . Use single quotes to stop variables being interpreted i.e `print '$line\r\n';` As Juerd says HTML entities should be useful you might also find the quotemeta function useful.	[reply] [d/l] [select]
Re: Re: Passing Data using CGI by budman (Sexton) on Jan 05, 2002 at 01:05 UTC
Thanks for you suggestions. I'll try them out. budman	[reply]