Can we see your updated form code? I've fixed the problems curtis described
below in a copy here, and called a perl script that just accepts the params
and prints them, and it works fine. It may be a misplaced operation, that
would be obvious to a new pair of eyes (hey, I can never see MY bugs: I see
what I MEANT to type, every time).
> -----Original Message-----
> From: Abel Lucano [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, June 14, 2001 12:02 PM
> To: Curtis Poe
> Cc: [EMAIL PROTECTED]
> Subject: Re: calling a external cgi from a form passing parameters
>
>
> On Wed, 13 Jun 2001, Curtis Poe wrote:
>
> >
> > There are a few problems with your script.
> >
> > First, as mentioned earlier, Perl will not interpret values
> in strings in single quotes. You'll
> > need double quotes.
> >
> > Second, you have not assigned values to those variables
> (lines 17 and 18) until *after* you tried
> > to use them (line 11). Had you used 'strict', you would
> have been warned about trying to use a
> > global variable without an explicit package name.
> >
> > Third, if your variable contain character with special
> meaning in a query string, then the
> > resulting 'action' attribute will have problems. You need
> to escape those characters with
> > URI::Escape. Try this:
> >
> > #!/usr/bin/perl -wT
> > use strict;
> > use CGI;
> > use CGI::Carp 'fatalsToBrowser';
> > use URI::Escape;
> >
> > my $q = new CGI;
> > my $uri_chars = "\0-\377";
> > my $usuario = uri_escape( $q->param('username'), $uri_chars );
> > my $contrasena = uri_escape( $q->param('passwd'), $uri_chars );
> >
> > print $q->header,
> > $q->start_html({bgcolor=>"white"}, 'Check users'),
> > $q->h1('Check users'),
> > $q->br,
> >
> >
> $q->start_form(-action=>"http://external-server/cgi-bin/checku
> ser.cgi?user=$usuario&pass=$contrasena"),
> > $q->h3('type user name'),
> > $q->textfield(-name=>'username', -size=>20),
> > $q->p(),
> > $q->h3('type user password'),
> > $q->password_field(-name=>'passwd', -size=>20),
> > $q->p(),
> > $q->submit(-name=>'Check'),
> > $q->end_form, $q->hr,
> > $q->end_html;
> >
> > The $uri_chars variable will cause *everything* to be
> uri_escaped. If you only want to escape
> > those characters that might pose a problem in the URL, try
> the following line:
> >
> > my $uri_chars =
> '\x00-\x29\x2b\x2c\x2f\x3a-\x40\x5b-\x5e\x60\x7b-\xff';
> >
> > Cheers,
> > Curtis Poe
> >
>
>
> Good points Curtis and thanks for your answers; I've applied (and
> understood) all your advices but when I fill the forms with
> valid entries,
> the submit is still passing wrong parameters to
> checkuser.cgi, like this:
>
> http://external-server/cgi-bin/checkuser.cgi?user=%5Cx00-%5Cx2
9%5Cx2b%5Cx2c%5Cx2f%5Cx3a-%5Cx40%5Cx5b-%5Cx5e%5Cx60%5Cx7b-%5Cxff&pass=%5Cx00
-%5Cx29%5Cx2b%5Cx2c%5Cx2f%5Cx3a-%5Cx40%5Cx5b-%5Cx5e%5Cx60%5Cx7b-%5Cxff
Note:
if i type
http://external-server/cgi-bin/checkuser.cgi?user=abel&pass=prueba
the script works fine.
But not through the form. :(
I've used both
my $uri_chars = "\0-\377";
and
my $uri_chars = '\x00-\x29\x2b\x2c\x2f\x3a-\x40\x5b-\x5e\x60\x7b-\xff';
Am I missing something else?
Thanks in advance,
Abel Lucano
Decode SA
email: [EMAIL PROTECTED]
http://www.decode.com.ar
