Also, it's not realy safe to rely on javascript alone to validate a form. You can read and test input with the CGI module's param() method.

update: and you should print the end_html() at the end of the html, not immediately after the start. :-)

The mantra around the monastery is always "don't trust Javascript." That is true if a server-side check is omitted altogether, but Javascript can provide a very fast preliminary client-side check that doesn't require the long trip to the server. The JS validation protects the user with a fast check, while the server side protects the internals.

I think both can work in tandem, with the understanding that the server-side validation will always be there.


—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

The excellent book Beginning Perl also has an Introduction to CGI which doesn't mention javascript but is still pretty useful.

I think the biggest problem is your invalid submit element:

When you're making any sort of CGI program, especially one that uses JavaScript, you should do the following to debug:

1. Connect to the CGI
2. View the source.
3. Look over the source for properly formed and valid HTML.
4. Look over the enclosed JavaScript for proper validity. (or run it through a browser that will give good error messages on javascript problems)

That being said, you can never depend on a user having javascript turned on. If there is some sort of validation going on in the form, you should also validate it in the form backend, to make sure that the values are what you expect. (it may be that someone has JS turned off, or someone may be malicious and connect directly to your backend to try to force bad data on you).

Look over the source for properly formed and valid HTML.

But don't just eyeball it. There are tools to test it for you that are far less likely to miss things.

Good point -- I shouldn't assume that everyone's using an editor that does syntax highlighting and validation.

Some of the browsers have syntax coloring builtin when you view source, and there are a few that have built-in validators (iCab comes to mind). I've personally reset my source viewer with my text editor (BBEdit, as I'm a mac user). For those who haven't been writing HTML for more than a decade (damned <br> tag -- should've just made <address> preserve line endings)

Anyway, there is a validation add-on for Mozilla, and there are even some validators in CPAN, like HTML::Validator and HTML::Tidy

It might be overkill for you, but you might like CGI::FormBuilder.

I've had good experience with this module. Clean, object-oriented design. It supports both client- and server- side validation, in tandem, although personally I only use the server-side stuff. A lot of work went into version 3, although I have not used this either, and it is pretty new.

#!perl
use CGI qw(:standard);
use strict ;
use warnings;
my $query = new CGI;


print $query->header;
print start_html(-title=>"hello world", -bgcolor=>"#BOE0E6" );


my $js =<<JS;

<SCRIPT Language="javascript">
function check_answer()
  {    
        if(document.hello.empcode.value==false)
        {
         alert("Please enter the Software");
         document.hello.empcode.focus();    
          return false;
        } 
        return true;
    }    

</SCRIPT>
JS

print "$js \n\n";
print $query->startform(-method=>"POST",-action=>"mycgi.cgi",-onSubmit
+=>'return check_answer()',-name=>'hello');

print $query->textfield(-name=>'empcode',
                        -size=>20,
                        -maxlength=>20);
                        
print $query->submit(-name=>'submit',
                -value=>'submit');
print $query->reset    ;            
                        
print $query->endform;
[download]

And as other Monks have mentioned, you really should look at using the param method of CGI.pm. It makes life a lot easier when doing this type of thing.