passing user input to script

peterbrandt has asked for the wisdom of the Perl Monks concerning the following question:

Hello; first post on this wonderful site. I need to pass user input ($userid) from a from to the script. The script runs a system function and returns data. I am stuck, it returns nothing! Any help would be greatly appreciated.

##Program: beta.pl

use CGI qw(:standard);
$ENV{'PATH'} = '/usr/bin:/s/sirsi/Unicorn/Bin'; $ENV{'UPATH'} = '/s/si
+rsi/Unicorn/Config/upath';

print header,
        start_html('Simple Example'),
        h1('Simple Example'),
        start_form,
        "What is your Library Card Number? ",textfield('libcardno'),p,
        submit,
        end_form,
        hr;

   if (param()) {
    $user_id = param("libcardno");
    print "Your card is: ",em(param('libcardno')),p,
$dbpin = `echo $user_id | /s/sirsi/Unicorn/Bin/seluser -iB -ow 2>/dev/
+null`;
print "Your pin is: $dbpin",
             hr;
print "<BODY>\n";
print "<HR>\n";
print "<H3>Environment Variables</H3>\n";
print "<UL>\n";
foreach $key (keys %ENV) {
  print "<LI>$key = $ENV{$key}\n";
  }
print "</UL>\n";
print "</BODY>\n";

   } 

end_html();
[download]

20090326 Janitored by Corion: Added formatting, code tags, as per Writeup Formatting Tips

Comment on passing user input to script Download Code

Replies are listed 'Best First'.
Re: passing user input to script by Fletch (Bishop) on Mar 26, 2009 at 17:46 UTC
Just remember when your sysadmin comes hunting for your head after a scriptkiddie has their way with your webserver that perhaps passing input from users with no validation at all (`$user_id`) through a shell (via the backticks two lines hence) wasn't the best of ideas. The cake is a lie. The cake is a lie. The cake is a lie.	[reply] [d/l]
Re: passing user input to script by linuxer (Curate) on Mar 26, 2009 at 16:26 UTC
Please put `<code>`-Tags around your code, so it can be displayed correctly. `<code> #! /usr/bin/perl # just an example use strict; use warnings; print "Hello World!\n"; </code>` [download] Also have a look at Writeup Formatting Tips. Thanks. Updated questions and hints which came first to my mind: You wrote: The script runs a system function and returns data. I am stuck, it returns nothing! So, what is returning nothing? Your CGI-Script or the system call? It looks like you're not using strict and warnings. Please use them, they help you to write better code. You use `start_body` and `end_html` from the CGI module; they already provide the opening and the closing `body` tags.	[reply] [d/l] [select]
Re: passing user input to script by Anonymous Monk on Oct 16, 2011 at 13:15 UTC
anyone know how to limit this 'seluser -oBw p"PROFILENAME" >userlist.txt' further by user status "OK,DELINQUENT" ?	[reply]
Re^2: passing user input to script by Anonymous Monk on Oct 17, 2011 at 06:24 UTC
Hi, new questions go in Seekers Of Perl Wisdom because peterbrandt, whom you asked a question, hasn't been here in 3 years. The node to which you replied is over 2 years old. The node topic doesn't relate either "limits" or "seluser". It isn't clear what seluser (some program maybe) nor how the question is related to perl. Welcome, see The Perl Monks Guide to the Monastery, see How do I post a question effectively?, Where should I post X?	[reply]
Re^3: passing user input to script by jdporter (Paladin) on Oct 17, 2011 at 16:19 UTC
thank you, clue-by-four-bot! :-)	[reply]