use strict;
use cgi;

my $query = new CGI;

my $email = $query->param('email');
[download]

Obviously I'm extremely new to Perl & CGI. Your PATIENCE and WILLINGNESS to help me learn here will never be forgotten. (O.K...'nuf groveling) I'm really trying to understand something. My basic "Contact Us" form is an .html document; so I need one .PL file to give it "action"; AND one cgi.pm file to "collect" the data from the form???(I'm 30 years old and just starting with Perl/CGI so I really appreciate the time you're taking here)

No problem, cgi.pm - the pm part stands for perl module, and in this case it is a standard module. This means that it should be installed already on the machine that has perl on it.
In some cases references will be made to non-standard modules, but this particular case you don't need to worry too much. Just put use cgi; at the top of your code and the perl interpreter will know where to look for it.

If you are interested, there are plenty of nodes on installing modules etc, right here at the monastery.

Hope this helps, Gerard.
Update: in short, yes you do need both files, but you should already have cgi.pm there.

I'm not a web guru, but there are a few things to note. One, you'll want to read up on tainting. This script is leaving big security holes on your server. Taint mode can be read about via the perldoc perlsec command on your system. This isn't a short subject, but I think it's important.

I'd also suggest looking into the CGI module to make your life easier. Ovid has a very good CGI course.

Edit: I should also note that I didn't really address your question at all with the above info. But it seems to me that b1om covered that already.

The best solution to your current problem is NMS formmail. You will find a variety of well written Perl CGI widgets (including NMS formmail) ready to go here: http://nms-cgi.sourceforge.net/ DO NOT UNDER ANY CIRCUMSTANCES USE THE NON NMS VERSION OF FORMMAIL.

At the very least it will point you towards the basis of good Perl coding, but you will find that the formail does exactly what you are trying to do in a reliable and secure way. The main functional issue with your script as it exists is that you don't GET the form input into the formdata hash anywhere. You have been shown how to use the CGI module to do this above.

#!perl -wT
use strict;
use CGI;

# Basic CGI.pm form usage.

my $query = new CGI;

print $query->header;
print $query->start_html("CGI.pm Basic form.");

print $query->start_form;
print "<b>To:</b>";
print $query->textfield('to');
print "<b>From:</b>";
print $query->textfield('from');
print "<b>Message:</b>";
print $query->textfield('body');
print "<p>",$query->reset;
print $query->submit('Action','Stumbit');
print $query->endform;
print "<hr>";
print "YOUR potential business is VERY IMPORTANT  .... etc";


print $query->end_html;

# Later on parse your $to $from etc from $query->param('nameofvalues')
+ instead of $formdata{'nameofvalues'}
# and do your mailing, prefferably with a module from CPAN
[download]

UPDATE:Just a note, that code is un-tested.

First, as others have mentioned, use the CGI.pm module.

To do that, you'll start your program off like this:

#!/usr/bin/perl

use strict;        # This is almost always a good idea.
use warnings;      # ...as is this, particular when developing code.
use CGI;           # This causes the CGI.pm module to be used.
[download]

But just including CGI.pm is only part of the story. You should definately have a look at the POD (that's monkspeak for 'Plain Old Documentation') for CGI.pm. Follow the highlighted link, or, find it on your own system as well. If you have Perl, you have CGI.pm. And if you have CGI.pm, you have the POD for it too.

CGI.pm does a lot of the dirty work for you; the stuff nobody in his right mind would bother re-inventing himself when there is already a good implementation out there. (That's my opinion, by the way.) What CGI.pm is really good at is figuring out how to decipher the CGI parameters passed to your script via either GET or POST method. If you try to do it yourself, you (the collective "you"'s in the world, which includes me) usually get it wrong, or fall short of a robust implementation. CGI.pm is your friend for this sort of thing.

As for the mail script itself.... You might be tempted to allow the HTML document to tell the CGI script what email address the mail should be sent to. Even if the end user isn't supposed to be able to name the email address to which the message is being sent, you might be tempted to pass it as a hidden field from the form on the HTML page to the CGI script. That is usually not a good idea. The reason is one of security. Just because your HTML page doesn't give the user the ability to manipulate the destination email address doesn't mean that a malicious user (or a spammer) couldn't just write his own HTML page that does send whatever destination email address he wants to your CGI script.

For that reason, it's a very good idea to control the destination email address yourself, never accepting it as a CGI parameter. Hardwire it into the CGI script, or store it in a configuration file that your script reads. That will prevent spammers from trying to use your mail-to form as a spam relay.

The next issue is that of keeping tainted data away from the shell, away from the OS, and away from anywhere that it might do harm. Start by using the "-T" switch on the shebang line of your CGI script. That will help you to identify where some of your problems with tainted data may be found. Properly untainting data and handling it safely is another lecture. ;)

Others' have referred you to Ovid's online CGI tutorial. I want to also recommend a book published by O'Reilly and Associates called CGI Programming with Perl, 2nd Ed. If you're going to be doing more than just a little CGI tinkering, the book will come in handy. Either buy a copy or check it out at the library. It's commonly known as The Mouse Book.

That book has a chapter that deals with mail form scripts. It also has a lot of good discussion on security concerns. It is a common error to think, "This is just for my personal use. Security isn't that important." But unless you operate in a vacuum, security should always be a concern. That small personal-use script could easily bring a server to its knees if a security hole is exploited. Unless you're the only one using that server, a mistake can cause trouble for lots of people. (Not to scare you or anything...)

Good luck on your dive into the Perl world. Welcome to the monastery. We're always happy to have a new face around here.

People have explained what's wrong with your web code. Now I'll explain what's wrong with your mail code!

An SMTP message is made up of a series of headers, followed by a blank line, followed by the body of the message. Just putting a blank line in your Perl source code is not sufficient to put a blank line in the e-mail message...

By and large, you should avoid talking to sendmail directly. Use a Perl module instead to save you from having to worry about the nitty-gritty details. Here's how you could send the message with Mail::Sendmail:

use Mail::Sendmail;

sendmail(
  To      => $to,
  From    => $from,
  Subject => $subject,
  Body    => <<END_OF_BODY,
Name: $name
EMail: $email
Address_line_1: $address1
Address_line_2: $address2
City: $city
State: $state
Zip: $zip
Home_Phone: $homephone
Work_Phone: $workphone
Type_of_Business: $business
Goals: $goals
Comments: $comments
END_OF_BODY
) or print "Failed to send message [$subject] to [$to]: $Mail::Sendmai
+l::error\n";
[download]

Hope this helps.

update: corrected a silly bug in the heredoc syntax (forgot the <<).

Grinder is right on with this advice. I went through this same learning curve earlier in the week in this node and am loving Mail::Sendmail, thanks to him.

You use of $formdata looks strangely like what I used to do when using someone's handrolled form parser (this bad practice is propagated in The Perl and CGI Visual QuickStart Guide for one). Don't do it! Listen to the good monks here. Use CGI!!! And if you are doing much web work, I have one module for you: HTML::Template. It's wonderful.

You will see lots of encouragement to use strict; use warnings; etc. All a bit daunting at first, but learnable with the help of the folks here at the monastery. I have found lurking around here invaluable.

You will also see lots of references to Learning Perl and Programming Perl. I also recommend Programming CGI (all aforementioned are O'Reilly books).


—Brad
"A little yeast leavens the whole dough."

An SMTP message is made up of a series of headers, followed by a blank line, followed by the body of the message. Just putting a blank line in your Perl source code is not sufficient to put a blank line in the e-mail message...

This is correct, but he does have two \n 's after his subject line, which would be sufficent. Otherwise excellent advice.
Regards,

Gerard

Any particular advantage to Mail::Sendmail as opposed to Mail::Mailer? I started using Mail::Mailer after reading the FAQ on mail (I'm not sure which section it's in, I found it via peroldoc -q mail). I'm not familiar enough with either module to make a decent comparison.

1. use CGI to handle all things forms
2. use MIME::Lite to send the email
3. use abstraction ... let Perl do the work

use strict;
use warnings;
use CGI::Pretty qw(:standard);
use MIME::Lite;

my @FIELD = qw(
   name email address1 address2 city state zip
   homephone workphone business goals comments
);

print header;

if (param('mail_it')) {
   my $data = join('', map "$_: " . param($_) . "\n", @FIELD);
   my $msg  = MIME::Lite->new(
      From     => 'webmaster@prowebdesigner.net',
      To       => 'webmaster@prowebdesigner.net',
      Subject  => 'Website Design Request',
      Data     => $data,
   );

   if ($msg->send) {
      print start_html('The Thank You'),
         p('
            YOUR potential business is VERY IMPORTANT to
            PRO WEB DESIGN. We will respond as soon as we can.
         '),
      ;

      print p('Here is what you submitted:'),
         ul( li[map b("\u$_\E: ") . param($_), @FIELD]),
      ;
   } else {
      print start_html('The Oopsie'),
      p('whoops! something went wrong!'),
   }
} else {
   print start_html('The Form'),
      start_form,
      (map "$_: ".textfield($_).br, @FIELD),
      submit('mail_it'),
      end_form,
   ;
}

print end_html;
[download]

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)