Serving Perl Pages to the Web - Learning MySQL

Databases Reference

In-Depth Information

$dbh->disconnect();

print

hr().

a({-href=>"http://www.ora.com"}, "O'Reilly Media").

end_html;

The bulk of this script consists of two blocks executed on different runs of the script.

The first block follows the if(!param( )) statement; this block runs when the user first

calls up the URL without parameters, and it simply displays the form with the initial

animal listing. The second block follows the else statement; this block runs after the

user has filled out the form and submitted it.

The page includes a horizontal rule ( hr ) and link to the O'Reilly Media home page at

the bottom.

A Note on mod_perl

The mod_perl Apache module moves the processing of Perl scripts into the Apache web

server itself. This has two advantages. First, it's more efficient, because the Perl inter-

preter doesn't need to be started each time a script is called. Second, you don't need to

include the path to the Perl interpreter on an initial #! line at the top of each file.

We won't go into the details of mod_perl here, but we recommend you use it for any

production site that uses Perl CGI scripts running on an Apache web server. You can

find more information on this at perl.apache.org ( http://perl.apache.org ) and in partic-

ular on the http://perl.apache.org/docs/2.0/user/intro/start_fast.html web page.

Perl Security

Programmers often assume that their script will be used in a particular way and that

users will behave as expected. When writing a script, you should always keep in mind

that everybody makes mistakes, and some people deliberately try to break things. For

example, if your script expects the number 2 but the user types two , what will happen?

This is particularly important if you make your scripts available via the Web. You

should never trust user input and use it directly for sensitive operations such as opening

files or running commands on the server.

Perl has a taint mode that warns you if the script injects user input directly into a sensitive

operation. You can turn on the Perl taint mode by adding the -T switch after the path

to the Perl interpreter at the top of your script, for example:

#!/usr/bin/perl -T

Unfortunately, this taint mode does not recognize variables passed to the script from

a web form via the param( ) function, so you'll need to manually check that the user

Search WWH ::

Custom Search

Home