in reply to Sending Data

I think what Joost is saying is that your example has so many things wrong with it that it's probably better for you to read a CGI tutorial than for someone here to try to explain/correct it. I did a little search and this looks like a good start:

A Tour of HTML Forms and CGI Scripts

Also, the CGI.pm documentation:

http://stein.cshl.org/WWW/software/CGI/

Briefly, though, your two main problems are:
- no actual form input elements in your HTML page (only data in an <input> element will actually get passed to your CGI)
- once you get that sorted out, you can read the values of those fields in your script like so:

$query = new CGI;
my $datefile = $query->param('datefile');
my $datajoin = $query->param('datajoin');

[download]

-b

Replies are listed 'Best First'.
Re^2: Sending Data
by Mr_Jon (Monk) on Aug 12, 2004 at 21:08 UTC
    I would add a third - you are not correctly untainting user input. Specifically: 
    open (BOBIN, ">>$datefile") ...

    [download]
    is not a good idea when 'datefile' is extracted from a form field, since this gives users the ability to write to any file on your file system via the classic backwards directory traversal trick (e.g. what if the input was "..\..\etc\passwd" ?). Whether or not the field is "hidden" is irrelevant.

    Equally, echoing user input on your confirmation page verbatim leaves you open to Cross Site Scripting attacks (e.g. what if the input contained <script> ... </script> tags?).

    A recent cautionary tale along these lines can be found here.
[reply]
[d/l]
      Actually, '$datefile' is a filename I make up from the current date. If today is 08/13/04, I name the file 20040813.txt, it has nothing to do with user input, other than it is the date that is submitted.

      Joseph A. Ruffino
      Automated Systems Assistant
      Gail Borden Public Library District
      270 N. Grove Ave
      Elgin, Il, 60120
      847-742-2411 x5986
[reply]

In Section Seekers of Perl Wisdom