Trouble passing values through hidden fields

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I posted a question a few days ago because I was having trouble with a script that was supposed to send an e-mail and insert a record into a database within the same script. Because I haven't been able to fix it or figure it out, I decided that I was going to just pass the values of the first form to hidden inputs in my first script, send my e-mail, and then redirect to a second script where I would grab the values of the hidden inputs from the first script and insert them into the DB. For some reason, I am unable to get the values of the hidden fields passed. When I try and print a variable I should have gotten for that form, I get nothing. Can anyone see what I'm doing wrong?? The first script (the "hidden2" at the hidden inputs are intended just for this post, so that my code will show up):

#!/usr/local/bin/perl5.005
use lib '../lib';
use strict;
use CGI qw(:standard);

my $query = new CGI;

#Grab the evaluation responses from the form
my $cdsid = $query->param('cdsid');
my $title = $query->param('Title');
my $author = $query->param('Author');
my $book_review = $query->param('book_review');
my $post_review = $query->param('post_review');
my $use_name = $query->param('use_name');

my $sendmail = '/usr/lib/sendmail';
my $recipient = 'mbelang3@ford.com';
my $sender = 'e-Books Feedback <plskills@ford.com>';
my $site_name = 'e-Courses';
my $site_url = '../e-course.html';
my $site_name2 = 'e-Books';
my $site_url2 = '../e-books.html';
my $value;
my $field;
my $email;
my $name;

my $mail_body = '';

print "Content-type: text/html\n\n";

print <<"eof";
<input type=hidden2 name="cdsid" value="$cdsid">
<input type=hidden2 name="title" value="$title">
<input type=hidden2 name="author" value="$author">
<input type=hidden2 name="book_review" value="$book_review">
<input type=hidden2 name="post_review" value="$post_review">
<input type=hidden2 name="use_name" value="$use_name">
eof

foreach $field (sort ($query->param)) {
    foreach $value ($query->param($field)) {
    $mail_body .= "$field: $value\n";
    }
}

if (($email = $query->param('07_email')) and
    ($query->param('07_email') =~ /@/)) {
   if ($name = $query->param('cdsid')) {
    $name =~ s/"//g;
    $sender = "\"$name\" <$email>";
      } else {
    $sender = "$email";
      }
}

open(MAIL, "|$sendmail -oi -t") or die "Can't open pipe to $sendmail: 
+$!\n";
print MAIL "To: $recipient\n";
print MAIL "From: $sender\n";
print MAIL "Subject: e-Books Feedback\n\n";
print MAIL "$mail_body";
close(MAIL) or die "Can't close pipe to $sendmail: $!\n";

print    "<html><body>"
         "<script language='JavaScript'>".
           "window.location='http://wwwdev.pl.ford.com/L2e/cgi-bin/ebo
+ok_insert_2.cgi'".
           "</script></body></html>";

</pre>

Which sends you to the second script:
<pre>
#!/usr/local/bin/perl5.005
use lib '../lib';
use DBI(0.90);
use strict;
use Database;
use CGI qw(:standard);

Database::->db_info_path("../lib/db.cfg");
my $dbh = new Database;

#Grab the evaluation responses from the form
my $cdsid = param('cdsid');
my $title = param('title');
my $author = param('author');
my $book_review = param('book_review');
my $post_review = param('post_review');
my $use_name = param('use_name');


print "Content-type: text/html\n\n";

#Declare variables for insertion constants
my $plselect = "u"; 
my $updt = "L2e Init";

#Insert the e-Book review and book information into il2e009_bk_review
if ($book_review)
{
my %review = 
    ('il2e009_book_title_x' => $title,
    'il2e009_book_author_x' => $author,
    'il2e009_eval_cds_id_c' => $cdsid,
    'il2e009_pl_select_f' => $plselect,
    'il2e009_post_rev_f' => $post_review,
    'il2e009_post_name_f' => $use_name,
    'il2e009_review_x' => $book_review,
    'il2e009_last_updt_c' => $updt
    );
foreach my $key (keys %review)
{
   print "$key = $review{$key}\n";
}
print "Attempting insert....\n";
$dbh->insert_row('il2e009_bk_review',\%review);
}

print $cdsid;

$dbh->disconnect;
[download]

HELP! I'm pretty sure it doesn't work because I need to submit the form with the hidden fields rather than just redirect the page. Can I submit that automatically and skip the redirect? I don't want the user to have to click anything, this should happen behind the scenes.

Comment on Trouble passing values through hidden fields Download Code

Replies are listed 'Best First'.
(Ovid) Serious trouble in CGI script by Ovid (Cardinal) on Aug 21, 2000 at 19:48 UTC
If you use <CODE></CODE> tags around your post, your code will show up much cleaner. Just glancing through your stuff, I can see some serious problems. The first thing you need to do is change your shebang line to: `#!/usr/local/bin/perl5.005 -Tw` [download] The -w turns on warnings, but it's the -T that you should really pay attention to here. Specifically, read about security to appreciate the security hole that you have opened up here. As it stands right now, you've allowed someone to pass server side includes into the first Web page generated above. There may be other security problems (I'm not terribly conversant with sendmail issues, but I'd be nervous about tainted data in the `To:` and `From:` lines. merlyn mentions this danger on a response to your previous post. Your javascript redirect is not going to work if the person has javascript turned off (and some browsers are just plain flaky). You can redirect in Perl with the CGI module doing the following: `print $query->redirect('http://wwwdev.pl.ford.com/L2e/cgi-bin/ebook_in +sert_2.cgi');` [download] The last time you posted, turnstep made a suggestion that you apparently did not try: `$dbh->insert_row('il2e009_bk_review',\%review) or die "Insert failed: +$DBI::errstr\n";` [download] If you are getting this far in your script and it fails here, this will print a short failure message which should give you more information about the error. This is one of the many things that you should never attempt without checking the return code (other things are opens, switching directories, and things that you have minimal control over). Hope this helps! Cheers, Ovid	[reply] [d/l] [select]
Re: Trouble passing values through hidden fields by BigJoe (Curate) on Aug 21, 2000 at 16:45 UTC
I would make sure you are using a post method. In the form tag put method=post action="script2.pl">. Because you seem to have left that out. Another thing I would try is after `use CGI;` [download] create this object `my $q = new CGI;` [download] then grabbing the fields would look like `my foo = $q->param('foo');` [download] That is the way it is documented at CPAN. It looks like you did that on the first script and not on the second one. --BigJoe Learn patience, you must. Young PerlMonk, craves Not these things. Use the source Luke.	[reply] [d/l] [select]
Re: Trouble passing values through hidden fields by chromatic (Archbishop) on Aug 21, 2000 at 19:56 UTC
Ovid is right about security matters. Taint checking will flag lots of things in the scripts as shown, but once you correct them things will be more robust. Everything else looks like it should work, on my brief perusal of your scripts. Perhaps you could reply and post code from the first form -- the one that sends data to the first script you've posted here. There may be something incorrect there, preventing anything from being posted to your script.	[reply]
Re: Trouble passing values through hidden fields by t0mas (Priest) on Aug 21, 2000 at 16:47 UTC
As I see it, you can do this in 2 ways (or more). 1 way: Place the form inside the body tags of your html, and your form should have method="post" and action="http://wwwdev.pl.ford.com/L2e/cgi-bin/ebook_insert_2.cgi". The javascript should do a document.form1.submit() to send the data to the second script and should be placed after the form. 2 way: Assemble the key1=value1&key2=value2 pairs, put it after the url, like this http://wwwdev.pl.ford.com/L2e/cgi-bin/ebook_insert_2.cgi?key1=value1&key2=value2 and do the window.location javascript stunt. Remember to escape any spaces in values first. /brother t0mas	[reply]
RE: Trouble passing values through hidden fields by princepawn (Parson) on Aug 21, 2000 at 19:33 UTC
It is very easy to pass hidden fields, and do any of the other tasks that are common to Web Application Development if you use a Perl framework designed for this, namely, HTML::Mason or HTML::Embperl. Of these two, to pass hidden data in Embperl is a snap. Your HTML documents become dynamic and to simply take the data from a POST/GET to the current page, the current page simply need do the following: `<FORM> ... [$ hidden $] </form>` [download] and for every key-value pair sent to the current page via POST/GET, an appropriate hidden field is created. Read more about Mason and Embperl they are APIs offering a simple and powerful interface to all common web tasks.	[reply] [d/l]