--- Kyle Babich <[EMAIL PROTECTED]> wrote:
> Sorry for bothering everyone again, but could
> someone tell me what to change
> so that I can import variables from external files
> and get them to work in
> the current file? (see original message)
>
> Thank you,
> Kyle
Copied from "perldoc CGI":
--- David vd Geer Inhuur tbv IPlib
<[EMAIL PROTECTED]> wrote:
> $data = param('data');
> $data =~ s/\/n//g;
> > Situation: I am reading into my script via
> > param() a textarea called Job Duties. When I
print
> > out that parameter in perl all of the new lines
are
> > ignored and it prints as o
Maureen,
Personally, I would just print out the raw HTML in
this case rather than try to use CGI's form function.
Something like (ignore the word wrap, please):
print p( "A paragraph with CGI.pm" );
# Now output the plain HTML tags
print "";
if( $my_first_condition ) {
print " ";
nces, be innovative, make the world a
> better place. If you want to call me arrogant for
> trying to improve my surroundings, go right ahead,
> but your tacking the wrong name on me.
>
> David
>
>
> - Original Message -
> From: "John Brooking" <[EM
After all, Hubris is one of St. Larry's Three Cardinal
Virtues! So this seems to me to be a properly Perl-ish
attitude.
- John
--- [EMAIL PROTECTED] wrote:
> ...
> minded here, I'm just the type of person who if I'm
> not perfectly happy with the way something works
> (whether programming or in
See?! Your version just expanded by 50% !! ;-)
--- Scot Robnett <[EMAIL PROTECTED]> wrote:
> Picky, picky. :)
> You're right, my bad.
>
> use CGI;
> my $q = new CGI;
> my %params = $q->Vars;
=
"Now it's over, I'm dead, and I haven't done anything that I want; or, I'm still
alive, and the
I tend to always use CGI.pm to get the parameters, but
I may or may not use it to output HTML. If it's simple
HTML, I will, because it's easier and safer, but if
it's complicated, like a lot of JavaScript in the
header, or for most form input controls, I just use
print statements, either normal on
--- Marty Landman <[EMAIL PROTECTED]> wrote:
> > ...
> >check the referer, that's no protection either! An
> >experienced programmer can easily use Perl's LWP
> >module or its equivalent in some other language to
> >make the request with a faked referer variable. So
> >really, POST variables are n
Marty,
David's explaining it pretty well, but let me take
another crack at it. I was in your position about a
year ago and got royally (and publically) flamed on
the perl beginners list by a security admin for
deigning to give CGI advice without knowing this, so I
got what you might call a cras
Ben,
I have found any of the O'Reilly books
(http://perl.oreilly.com/) to be an excellent
resource. I own _Programming Perl_ (a.k.a. "The Camel
Book") and find it's writing style to be very easy to
read (even if I still have to re-read the complicated
bits several times to really understand them)
Only way I know of is to have the variables in their
own private form somewhere on the page, such as: (HTML
tags embedded in email message here!)
Then have the link submit the form programmatically
using javascript:
Click here
You should be aware, if you are not alr
Recognizing that this is a religious issue among many
programmers, I submit for what it is worth that I use
Ultra-Edit (Windows). It has everything you ask, you
can extend the syntax for color-coding, run command
line programs and capture the output in a window, edit
remote files via FTP, record a
For users of HTML::Template, attached is a note about
a patch someone wrote to help guard against cross-site
scripting attacks when using said module. FYI.
Note: forwarded message attached.
=
"Now it's over, I'm dead, and I haven't done anything that I want; or, I'm still
alive, and there'
--- Ovid <[EMAIL PROTECTED]> wrote:
> --- Janek Schleicher <[EMAIL PROTECTED]> wrote:
> > I'm also not an expert of uploading files.
> > But you do two things to read the file:
> >
> > $file = $q->param("file$i");
> > Now $file contains a string.
> >
> > Then you use something like
> > my $uploa
Okay, I gotcha. The same script generates the form
everytime. If it has some parameters, it processes
them first, then regardless, it draws the form for the
next time.
I think the browser is "working as intended". No
matter what the current URL is, the "Refresh" button
simply re-requests it, incl
When you say that after the text is processed, the
same form is regenerated back to user, how are you
doing that? Via a redirect? Another leading question
would be what is the URL shown in the address bar the
first time you enter the form, versus subsequent
times. Is it the same? If, on subsequent
I can. (In fact, I'm about to
make my own first attempt at this, so I can tell you
more in a few days!)
- John
--- John Brooking <[EMAIL PROTECTED]> wrote:
> True. The only print statement I see here is the one
> which prints the contents of $uploaded to FILE.
> Maybe
> afte
True. The only print statement I see here is the one
which prints the contents of $uploaded to FILE. Maybe
after you do this, you want to either print out an
HTML response or redirect to another page? If so, you
need to write more code to do that.
- John
--- LinkS On WeB <[EMAIL PROTECTED]> wrot
Fred,
This is very interesting. Do you know what it does
under the covers? I'm just curious because I'm
currently getting trained in XML, and this seems like
exactly the type of thing that one uses XML for,
incorporating data from another site into your own. If
that's what this module really do
--- David T-G <[EMAIL PROTECTED]>
wrote:
> ...
>> % "Programming Perl"?) says that "comment", when
>> used as
>> % a translator keyword following "=for", is by
>
> Whoa! You found that in there?? Do you have 3e or
> 2e? I couldn't find
> any POD commands in my 2e ("Covers Perl5!") copy,
> whic
--- Felix Geerinckx <[EMAIL PROTECTED]>
wrote:
> on Mon, 10 Jun 2002 17:37:46 GMT, John Brooking
> wrote:
>
> > [...]
> > If it's something about the internals that only
> > the developer needs to know, such as more
> explanation
> > of a particula
--- drieux <[EMAIL PROTECTED]> wrote:
> ...
>
> Solving 'what should be in the pod' as opposed to
> 'in code comments'
> ...
POD doc'n in CPAN modules is basically of the "here's
how to use this code" variety, so taking that is the
model, here's what I'm thinking about that
distinction. If it's
Well, I confess that I sometimes use POD directives to
write a long comment (more than about 1/2 dozen
lines). My rationale is that I haven't really learned
POD very well yet, and so far I haven't released any
of this code publically. When I do, I intend to
revisit the code and make a better disti
Not to be pedantic, but isn't PHP a *language*, not a
database? So you could use almost any particular
database with either PHP or Perl. Or does PHP have
it's own built-in database and that's what you meant?
(I looked at PHP a little once, and I have to admit a
knee-jerk negative reaction to a la
On Wednesday, June 5, 2002, at 08:40 , Ovid wrote:
[..]
>
> First-rate mathematicians want to hang around
first-rate
> mathematicians. Second-rate mathematicians want
to hang
> around third-rate mathematicians.
>
> The reason for that is left as an exercise for the
reader :)
So, i
--- Richard Krause <[EMAIL PROTECTED]> wrote:
> I found out what the problem is. If you write
>
> $q->table({-border=>undef},
>#caption('When Should You Eat Your
> Vegetables?'),
>
> ... ...
>
> instead of
>
> print table({-border=>undef},
>caption('When Should You Eat Y
--- David T-G <[EMAIL PROTECTED]>
wrote:
> Scot, et al --
>
> ...and then Scot Robnett said...
> %
> % I don't personally share the 'HTML e-mail is evil'
> philosophy. And even if
>
> ... ...
>
> (if, in fact, he hasn't solved this already;
> Camilo's email
> intimated that he had, which mean
Actually, I may have just found it. I think it was
"Preventing Cross-site Scripting Attacks" at
http://www.perl.com/pub/a/2002/02/20/css.html. In any
case, that's good reading, and if anyone has any
others to pass along, feel free. If I get enough, I'll
publish a links page of them for future refe
Gang,
A week or three ago, someone referred to a page
that discussed security issues when using CGI input to
send out to a web page. I thought I had bookmarked the
page or saved the email, but I can't find it now.
Could whoever posted it please do so again, or maybe
just email it to me private
Octavian,
I'd be surprised if it's not possible to generate
variables of specific names on the fly in Perl, but I
personally don't know how, and the syntax might be
kind of weird. At the expense of a slightly more
complicated data structure, I *can* give you some
quick code that is hopefully s
Can you post some of the relevant code? (If it's long,
please consider putting it up as an HTML page and just
sending us the URL.)
Not that I'm promising I personally will have time to
look at it or know the answer...
--- "Hughes, Andrew" <[EMAIL PROTECTED]>
wrote:
> I need help. I inherited th
I'm sorry, I don't understand your question very well.
Can you give an example?
By "standard-Perl only", do you mean only using
modules that come with Perl?
--- Sven <[EMAIL PROTECTED]> wrote:
> Hello all!
>
> Can anyone give me a hint what I should do?
>
> I want to realize a search in the re
--- Matthew Weier O'Phinney
<[EMAIL PROTECTED]> wrote:
> I've gone through and read all the other posts in
> reply to this, and they
> all seem to ignore a very simple solution.
>
> First: strip off the \r\n:
> s/\r\n/\n/sg
>
> Then look for the pattern \n\n (which would indicate
> the existence
--- Octavian Rasnita <[EMAIL PROTECTED]> wrote:
> Hi all,
>
> I know how to open and print an html or text
> document on the screen if the
> file is on my site and I know the real path to the
> file.
> I want to open and print a document on the screen
> but it is not on my site
> and of course, I
--- drieux <[EMAIL PROTECTED]> wrote:
> ...
>
http://www.wetware.com/drieux/pbl/cgi/ParseParmsToPara.txt
>
>
> ciao
> drieux
Thanks to all who contributed to this thread. Here's
what I finally ended up using, incorporating several
of your suggestions (HTML tags in code):
my $eol = chr(13) . c
--- drieux <[EMAIL PROTECTED]> wrote:
>
> maybe I am missing something here - but isn't
> this something you would want to be using say
>
> use CGI qw/:standard/;
>
> for a specific illustration cf:
>
http://www.wetware.com/drieux/pbl/cgi/basicPagePopper.txt
Either you're missing somethi
--- Jake <[EMAIL PROTECTED]>
wrote:
>
> On my machine (linux) if I dump textarea input to a
> ascii text file like so...
>
> my $ta = $query->param('myTextArea');
> print outFile $ta;
>
> newlines are saved as cr/lf which corresponds to the
> hex characters 0D and 0A.
>
> ... [snip stuff abou
#x27;t want
those. I could remove them afterwards, but that's not
very elegant. :-)
--- Jake <[EMAIL PROTECTED]>
wrote:
>
> On Monday 20 May 2002 01:51 pm, John Brooking wrote:
> > Hello, all,
>
> > has worked so far. Everything I've tried has (1)
> added
>
Hello, all,
I'm trying to translate the value entered in a
TEXTAREA tag to one or more HTML paragraphs. That
means any newlines entered into the text box need to
be turned into P tags by the script. But I'm having
trouble coming up with a regex to do this. I know I
need multiline mode, so I've
I just happened to write exactly this the other day,
as a generic configuration file reader. Here's the
basics:
sub readINI {# argument: filename
my %params;
open( INIFILE, $_[0] )
|| die "Could not open $_[0]\n";
while() {
if(! /^#/ ) { # Allow comments
chomp;
Okay, I understand now. I guess you *could* do it with
"one script", although as someone else noted, it is
basically separate scripts, called once per page, that
just happen to be stored in the same file. Whether you
store it in one script or separate is immaterial,
IMHO.
So, now that we understa
Secure?? Have you guys been paying attention to the
Matt's Script Archive discussion? You can pass along
parameters between pages either in the URL or as
hidden fields, but NEITHER IS REALLY SECURE!! The
hidden fields only stymie the newbies. :-) Anyone
could just save the form to their hard drive
If you mean can a CGI script output both the frameset
and all of its pages simultaneously, I don't see how.
What you can do is have each frame call a CGI script
for its content, and have another to generate the
frameset. Each script then outputs its own HTML as
normal.
If this doesn't address you
I must confess I'm not intimately familiar with the
script in question, so I don't completely understand
what the code snippet that drieux included does,
therefore how it is or is not sufficiently secure.
However, I have some more general comments in the way
of clarification.
It seems to me that
Okay, what's the [2] doing? It appears to be saying to
match \d exactly two times, but I thought that would
be {2} instead. But changing your [] to {} leads to
the same problem as the original expression.
You probably know, Camilo, but since you didn't say,
let me guess at why Rafael's original R
To expand a bit from a more general persective:
The important distinction here is what is client-side
and what is server-side. HTTP is a request/response
protocol. So the interaction looks like this:
1) User (Client) requests page where your form is
2) Server delivers that page
3) User fil
Does CGI.pm have some kind of URL escape function,
similar to escapeHTML? I couldn't find any
documentation on it in "perldoc CGI", and I tried the
obvious, "escapeURL", with negative results.
I suppose that the reason there is no obvious function
for this is if you have a form submitted with GET
Connie,
I don't really know the answer to this, as I have
almost 0 experience with fork, and none within the CGI
context. If this script is called from a web page and
has to wait for something, but you don't know when it
will happen, maybe fork is a good idea, otherwise the
client browser is go
--- drieux <[EMAIL PROTECTED]> wrote:
>
> On Saturday, April 27, 2002, at 05:32 , Alex Swavely
> wrote:
>
> > This was exactly the problem. Not having dos2unix
> installed, I just
> > zipped
> > it and then ran unzip with the -a option (convert
> files) and it worked
> > smashingly.
>
> now
I haven't used SSI a lot, but my understanding, borne
out by my experience so far, is as follows. The SSI
simply pulls in the content from the included file or
command and inserts it at the place you did the
insert. So whatever HTML you would have put there
without doing SSI, is what goes in the i
Most recent editions of Perl come with the CGI module,
which is what you want. Type "perldoc CGI" at your
friendly neighborhood command prompt. The O'Reilly
book "CGI Programming with Perl" has a good overview,
as do no doubt countless other books.
The basic steps are:
use CGI;
my $cgi = new CGI
--- Todd Wade <[EMAIL PROTECTED]> wrote:
> ...
> anyone anything. My proof? perl.beginners and
> perl.beginners.cgi is a place
> where its pc to ask frequently asked questions. Over
> and over.
Is there a FAQ document for this list? I just
re-read my list welcome message and didn't see any
refe
(Sorry for the duplicate, Jamie, forgot to forward to
the list!)
--- Jamie <[EMAIL PROTECTED]> wrote:
> ...
> 2) Should i use text files for my data or dive
> straight into something
> like MySQL? I'll propably need the SQL stuff later
> on, but is there
> any general rule as regards to size/ num
Connie,
>From a technical point of view, I think that if you
submit via "post" you are not limited in size. If you
submit via "get", it adds it all to the URL in the
form of
"http://yourdomain/yourscript.pl?param1=foo¶m2=bar";
etc. and you are limited to about ~2K total length
(depending on the b
This is an aside, but does the statement you are
executing come as a parameter from the HTML form? If
so, I presume you are aware that this is a very
dangerous practice, unless you have secured the form
page somehow (behind your firewall, etc.), and even
then I wouldn't be comfortable with it. Wha
Daniel,
I'm
assuming you mean that you want your three crud
parameters passed through, in which case, your
intuition at the end of your message is correct.
Remember that HTTP is by default stateless, meaning
that when the form that was output by first() is
submitted, your script has no memory
utting them in our virtual domain? Is CGI.pm
recommended in this situation? Any other issues you would foresee me having? (I
already know I'll have to think through security at some point.) Thanks in advance for
any replies.
- John Brooking
-
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
57 matches
Mail list logo
