Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Monks, is it possible to call system function in CGI. For example as shown below.

#!C:\perl\bin\perl.exe
use CGI;

$q = new CGI;
print $q->header("text/html");

print $q->start_html(-title=>"details" -bgcolor =>"#FFEAA9");

system("test.exe");
print $q->end_html;

[download]

Is there any other way to do this?

Replies are listed 'Best First'.
Re: Calling system function in cgi
by dorko (Prior) on Dec 28, 2005 at 13:29 UTC
    Instead of: 
    system("test.exe");

    [download]
    you can try using backtics: 
    my $results = `test.exe`;

    [download]
    The screen output of running test.exe will be captured in $results.

    Although you're not doing it in your example, but if you pass any input from your CGI to the command line, make sure you untaint it first.

    Cheers,

    Brent

    -- Yeah, I'm a Delt.
[reply]
[d/l]
[select]
      instead of using the backtics, i prefer qx

      Edit - after vek slapped me :-) Well, i prefer qx over backtics because it is more readable. my $result = `test.exe`; looks too similar to my $result = 'test.exe';. Using a qx instead signals that something special is happening here.
[reply]
[d/l]
[select]

        While I'm sure you have your reasons for preferring qx/STRING/ over `STRING`, perhaps it would help the OP if you'd expand on your reply a little and explain why. What benefits would the OP get from using one over the other?

        -- vek --
[reply]
[d/l]
[select]
Re: Calling system function in cgi
by swkronenfeld (Hermit) on Dec 28, 2005 at 16:52 UTC
    A CGI script is not much different from a 'normal' Perl script, except that it's usually called from a web interface from a command line (and it has much more rigid output requirements, and a few other minor details). So it can do whatever you can do in a 'normal' script that you may write to be used on the command line.

    That said, do you want someone to be able to spawn test.exe on your web server from a web page? If test.exe takes any significant amount of resources, consider the abuse where someone bounces on the refresh button and spawns a bunch of test.exe's, happily eating away your system's performance. As long as you've thought of this and taken a measure to prevent this kind of abuse, or others that stem from executing a system program from the command line, you should be fine.

    Oh, and it was mentioned above, but just to make sure you see it: untaint any data you may pass to any system call.
[reply]
Re: Calling system function in cgi
by jbrugger (Parson) on Dec 28, 2005 at 15:47 UTC
    You can use `` or qx (Perl gets the output of the command) or perlfunc:system and perlfunc:exec, but this type of questions have been asked many times before. Why not search before ask?

    "We all agree on the necessity of compromise. We just can't agree on when it's necessary to compromise." - Larry Wall.
[reply]

Back to Seekers of Perl Wisdom