in reply to Re^2: Howto include Perl Script into CGI script
in thread Howto include Perl Script into CGI script

The "param('no_unit')" parts (inside the backquotes) are evaluated as shell script. Set them to variables and have the variables inside the "`".

Update: Please note the dangers of "injecting" stuff like shell commands into your backquotes-eval if you use data that comes from the CGI! Use taint and/or the system() call with multiple parameters. (I.e. do system("perl", $param1, $param2);)

Replies are listed 'Best First'.
Re^4: Howto include Perl Script into CGI script
by monkfan (Curate) on May 17, 2006 at 13:28 UTC
    Use taint and/or the system() call with multiple parameters.
    I learnt so much from your replies.
    How do you actually do the "tainting", in my OP above?

    Regards,
    Edward
[reply]
      #!/usr/bin/perl -wT

      [download]
      Turns on taint checking.

      Have a look at Ovid's CGI Course, lesson 3, Basic CGI Security for a discussion on why and how to use it.

[reply]
[d/l]
        Hi wfsp,

        Thanks for the reply. I followed your suggestion. However I received this message. 
        $ perl -c  price.cgi
Too late for "-T" option at price.cgi line 1.

        [download]
        What's the meaning of it?

        Regards,
        Edward
[reply]
[d/l]

In Section Seekers of Perl Wisdom