Dual-license your content for inclusion in The Perl 5 Wiki using this HOWTO, or join us for a chat on irc.freenode.net#PerlNet.

Beginners/CGI Getting Started

From PerlNet

Jump to: navigation, search

CGI Getting Started Tutorial
By: User:Shlomif

So you want to get started writing CGI scripts? For this you'll need a web-server that will let you run CGI scripts. You can install the Apache web-server on your home computer and start experimenting with it in case you don't have such a web-server.

First edit a plain HTML page that will contain a form that will invoke the script. Open a text editor on the web-server's host computer and type the following:

    <html>
    <head>
    <title>Test the CGI Script</title>
    </head>
    <body>
    <h1>Test the CGI Script</h1>
    <form action="http://perl-begin.berlios.de/cgi-bin/test-cgi/script1.pl"
          method="post">
    <input name="myvar" />
    <input type="Submit" />
    </form>
    </body>
    </html>

Substitute the URL inside the action="" property with a valid CGI URL on your web-server. Next, cd to the directory pointed by the URL and edit the file script1.pl. Type the following there:

    #!/usr/bin/perl -w
    
    use strict;
    
    use CGI;
    
    my $q = CGI->new();
    
    print $q->header();
    print "<html><body>Hello World!</body></html>";

Depending on your operating system you may need to make the script executable. (on UNIX, "chmod 755 myscript1.pl" will do just that)

Now point your browsers at the URL of the invocation HTML. Type something into the box and press the "Submit" button. If all goes well, you should see "Hello World!" on the screen.

What has happened here? "use CGI" instructs the Perl interpreter to load the CGI module. "my $q=CGI->new()" initializes a CGI instance that can be used to interact with the web-server. The "print $q->header()" command prints a CGI header. This header identifies the type of the content which will be outputed later and can do other HTTP things. In our case, it tells the web-browser that we will have HTML content.

Finally, the last command outputs the HTML.

So far, so good. Now, how do we interact with the form parameters? Let's change the script to this:

    #!/usr/bin/perl -w
    
    use strict;
    
    use CGI;
    
    my $q = CGI->new();
    
    my $value = $q->param("myvar");
    
    print $q->header();
    print "<html><body>";
    print qq{Hello, "$value"!\n};
    print "</body></html>";

Now, enter something in the box and you'll see that it outputs this value on the screen. The magic is in the statement my $value = $q->param("myvar"); The param function of a CGI instance returns the parameter with the name specified as its first argument. (if invoked with no arguments, it returns a list of all parameters given to the script). After $value gets this value we can print it to the screen.

However, there is a problem here. We can pass arbitrary HTML inside the box, and it will get outputted on screen. (try for example, typing "<h1>hello</h1>" into the box). To avoid this, let's change the script to the following:

    #!/usr/bin/perl -w
    
    use strict;
    
    use CGI;
    
    my $q = CGI->new();
    
    my $value = $q->param("myvar");
    
    print $q->header();
    print "<html><body>";
    print qq{Hello, "}, CGI::escapeHTML($value), qq{"!\n};
    print "</body></html>";

Here, before outputting, we used the CGI::escapeHTML() function to escape the special HTML characters. That way the user cannot insert arbitrary code into the page.

That's it for now. To proceed, you should take a look at the CGI man page and see what other helpful things you can find there. It may also be helpful to take a look at existing scripts and applications and see what their authors implemented.