Well, I was able to reproduce the error message. Even removing the 'line feeds' from the ".SEQ" file had no effect, the same error message appeared in the log file. I have no idea why this problem has suddenly appeared, as the Perl script hasn't been changed in months, and we have had orders go through since then ? Hmm, I'll check out the web hosts, to see if they, ........yikes ....

"Perl has been upgraded to version 5.8.1 from version 5.6.1"

This was done 2 days prior to the error msg appearing, so I have to assume that Perl 5.8.1 is, like a lot of new versions, "stricter" with how it handles data, especially tainted, if that correct ??

I didn't really know where to place the line to do the untaint, but here is the new sub

sub create_order_file {
        
my (undef, undef, undef, $day, $month, $year, @rest) = localtime(time)
+;
    $month = $month + 1;    #localtime returns mth as 0 to 11
    $outfile = sprintf "%s/%4d-%2.2d-%2.2d-", $base_dir, 
                $year + 1900, $month, $day;
            
    umask(); -d $base_dir || mkdir $base_dir, 0700;
    
my $got_lock;
use Fcntl;   # to get constants for O_CREAT | O_EXCL | O_RDWR
for ( 0 .. 5 ) {
    if ( sysopen(my $fh, "$base_dir/.lock", O_CREAT | O_EXCL | O_RDWR,
+ 0600) ) {
        $got_lock = 1;
        close $fh;
      last;
    }
    sleep 2;
}
diehtml("Lock error $!\n") unless $got_lock;    
        
    # create unique suffix
    if (-f "$base_dir/$seq_file") {
        open(SEQ, "+<$base_dir/$seq_file")
            or diehtml("Error opening seq file: $!\n");
        $seq = <SEQ>;
        seek SEQ, 0, 0;
    } else {
        open(SEQ, ">$base_dir/$seq_file")
            or diehtml("Error creating seq file: $!\n");
        $seq = 0;
    }
    
    ($seq) = $seq =~ /(\d+)/;     # Just grab the first run of digits
    $outfile .= sprintf "%7.7d", $seq;
    $ordernumber = $seq;    #store this order no. before 'next' is cal
+c.
    print SEQ ++$seq;
    close SEQ or warn "Something wrong closing seq: $!\n";
    unlink "$base_dir/.lock" or diehtml("Unlock error: $!\n");

use Fcntl;   # to get constants for O_CREAT | O_EXCL | O_RDWR
    
        sysopen(ORDERFILE, $outfile, O_WRONLY | O_EXCL | O_CREAT)
            or diehtml("Can't open order records: $!\n");

    print ORDERFILE @_;
    close ORDERFILE or warn "Something fishy with closing the order: $
+!\n";
    
}
[download]

The line added is ($seq) = $seq =~ /(\d+)/; # Just grab the first run of digits, hopefully that was the right place to put it. Anyway, the script worked just fine this time. :)

What I didn't understand though, is when I reproduced the error, it crashed at the same line, where sysopen is, but the browser just had a blank page, nothing displayed at all ? I would have thought I'd see:

"Can't open order records:" displayed, but nothing was ??

The sub "diehtml" is

sub diehtml {
    print start_html('Error processing order'), @_, end_html(), "\n";
    exit 1;
}
[download]

I have no idea why there was no message, maybe something to do with using CGI::Carp ??

Thanks to everyone for your help. Possibly I'd better warn other people on the web hosts about the potential problem

Peter