Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Oh Great Monkish Ones, Whose Wisdom is Likened to That of a Very Wise One,

I'm sure that this has to be one of the most common questions among those new to perl. Perhaps someone could write it up into a step-by-step howto? (I'll do it myself if I figure out how... right now, a google search turned up much info, but nothing exactly like what I needed)

What I'm looking to do seems relatively simple: I want to have a page on the internet with a form. When this form is filled out and the submit button is pressed, the information will be appended to a file on the server. Server is not owned by me, but I have full access to one directory on it.

My questions:

  1. What's the quick-and-dirty way to get this done, with Perl?
  2. What web server must be running? Is this OS-specific? Any quirks?
  3. What security risk does this pose, and how can that be avoided? Assume a win9x or NT system. Or assume a linux system. But please tell me which you mean :-)
  4. What's a good way of organizing the database for both human readability and data munging?
I thank you for sharing your wisdom.

- Anonymous Cowar- er... Monk.

Replies are listed 'Best First'.
(Ovid) Re: Web form -- File
by Ovid (Cardinal) on May 23, 2001 at 02:35 UTC
    He who must not be named wrote:
    ...the information will be appended to a file on the server.

    Appended how? The following meets your specs, but is probably useless:

    #!/usr/bin/perl -wT
use strict;
use CGI;
use Fcntl qw/ :DEFAULT :flock /;
use Data::Dumper;

my $q = CGI->new;
my $log_file = 'some_file.log';
my %params = map { $_, [ $q->param( $_ ) ] } $q->param;

open LOG, ">>", $log_file    or die "Can't open $log_file for appendin
+g: $!";
flock LOG, LOCK_EX           or die "Can't get an exclusive lock on $l
+og_file: $!";
print LOG Dumper( \%params ) or die "Can't print to $log_file: $!";
close LOG                    or die "Can't close $log_file: $!";

    [download]

    Your questions:

    • What's the quick-and-dirty way to get this done, with Perl?

      See near useless code above

    • What web server must be running? Is this OS-specific? Any quirks?

      Doesn't really matter. CGI is not platform specific and all Web servers should recognize it.

    • What security risk does this pose, and how can that be avoided? Assume a win9x or NT system. Or assume a linux system. But please tell me which you mean :-)

      Security risks? Practically none, but here are some questions:

      • How much data would get written out? If you have too much data written to the log, your disk space could fill up.
      • What do you plan to do with the log? Who will see it and how? If you plan to have an HTML log and serve it directly, you could have issues with SSIs (though I think it's unlikely you would do this).
      • What data is stored there? Is it sensitive?
      • Your users can't specify the log filename, can they?
    • What's a good way of organizing the database for both human readability and data munging?

      That really depends upon the data you are planning to log. Could you give us some samples?

    Not trying to be too flippant here. If you can give us more info, that would help.

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
[d/l]
Re: Web form -- File
by Anonymous Monk on May 23, 2001 at 03:48 UTC
    Thanks for your help so far!
    To be more specific:

    • How much data would get written out? If you have too much data written to the log, your disk space could fill up. I'm not worried about disk space... although I suppose it would be trivial to have it check for abuse of that kind
      Each new entry (appendage?) would be about 1k at most, methinks.
    • What do you plan to do with the log? Who will see it and how?
      The form is basically just a registration form. It will take in name, email address, as well as a few items from checkboxes and radioboxes. This information need only be seen by myself and the system admins, although I'm not worried about preventing others from seeing it.
    • If you plan to have an HTML log and serve it directly, you could have issues with SSIs (though I think it's unlikely you would do this).
      Uh... while I don't entirely understand that, I'm inclined to agree
    • What data is stored there? Is it sensitive?
      As above, names, email addresses, etc. Not sensitive.
    • Your users can't specify the log filename, can they?
      That's not needed... unless you think there's a benefit?
    Basically,the file will hopefully look something like this: 
    **************************
Person #1
Name: John Doe
Email: Johndoe@hotmail.com
Entry3: This is some value
**************************
Person #2
Name: Jane Doe
Email: wifeofjoe@hotmail.com
Entry3: Blah blah... blah?
***************************

    [download]
    You get the idea. Thanks again for any help you can offer!
[reply]
[d/l]
      Check out "AlienForm" at any of the online Per archives. This package is ideally suited for simple CGI interface and is pretty easy to configure and get up and running. Additionally, once you get better at Perl, you can read the code and learn from it.

      I also recommed a book called "CGI Programming 101". It's a great primer designed to get you up and running with Perl and CGI. (Don't be fooled by its small page count, it's very concise and usefull)
      --
      Filmo the Klown

[reply]
Re: Web form -- File
by Beatnik (Parson) on May 23, 2001 at 11:59 UTC
    Try something like : 
    use CGI;

my $query = CGI->new();
print $query->header();
print "form saved";
open(FILE,">>output") || die $!;
$query->save(FILE);
close(FILE);

    [download]
    which basically dumps the form data into a file... if you need the separators, you can always add a print FILE "+"x30; :)

    Greetz
    Beatnik
    ... Quidquid perl dictum sit, altum viditur.
[reply]
[d/l]
[select]
Re: Web form -- File
by murphya (Sexton) on May 23, 2001 at 18:44 UTC
    I have done something very similar. The easiest way (ie if you just want something to work very quickly) is to set up a CGI script to write the data for each record on one text line, delimited by semi-colons or similar. This will allow you to import it into Excel with the columns set up automatically.

    The data in the file will be not too easy for humans to read, but Excel will love it:

    NAME1;ADDRESS1;DATE1;OTHER STUFF1
    NAME2;ADDRESS2;DATE2;OTHER STUFF2
    ....

    Remember to add some lock mechanism so that only one write action can be carried out at one time. I suggest creating a lock file during write and then delete it when you are done. This is the stupid mans way of doing it, but is very quick and easy. There may be a problem with storing it this way when you have large numbers of records coming in, but will probably be ok for what you want.

    I'll post some code to help you if I can find it again.

    Good luck.

    Andrew.

[reply]

Back to Seekers of Perl Wisdom