Looking at the code, you're using some very outdated (and problematic) constructs:
1. You're not using warnings / -w or strict. That will hurt you when your script grows any larger than this. It's also cumbersome to retro-actively make scripts strict-compliant. You should make it a habit to start any script you write with
#!/usr/bin/perl -w use strict;
2. Calling subroutines as &sub_name; passes the current argument list to the called sub. That's almost never what you want. To be safe you should call subroutines with parentheses, i.e. sub_name( possible arguments here )
3. You should probably not parse CGI parameters by hand. For one thing, your code doesn't handle multi-part encoded forms or the - suggested but not required by the standard - use of ";" instead of "&" as a parameter separator. The canonical module to handle CGI parameters is CGI from the standard distribution.
4. You don't check if your open() call succeeds. Also, using the 3-argument form of open is clearer and has less "issues". See the link. Something like open (FILE,">>",$UserDB) or die "Can't open $UserDB: $!"; is a better way of handling this.
5. It looks like your password file is accessible to outsiders via the webserver. You should probably put it somewhere outside the document root.
Sidenote: You're writing passwords to a file, but you don't seem to be checking if the current user has permission to do that. Note that ANYONE who opens the url "http://yourhost/yourscript.cgi?password=mypassword&companycode=mycompanycode" can currently add a password.
You're also not using the passwords anywhere else. Is this part of a larger system?
In reply to Re: Get Form Data/Write to Text File
by Joost
in thread Get Form Data/Write to Text File
by ckluver
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |