reading STDIN with Perl on Linux / Apache

[John Smith]

I hope I am not posting this to the wrong group, as it deals with HTML and
PERL.


I had a script that read information from the QUERY_STRING environment
variable, such as:
$temp=$ENV{'QUERY_STRING'};

It received this information from an HTML document that used the GET method
to send its form data to the perl script, such as:
<FORM method="get" action="/cgi-bin/script.pl">

This worked fine, but the form data ends up as part of the URL, such as:
http://domainname/cgi-bin/script.pl?year=2003&pwd=12345

This would not be too bad except that part of the information sent to the
perl script is a password.
I would prefer that this information not be part of the URL.

As it turns out, an HTML document can also use the POST method to send its
form data to a perl script, such as:
<FORM method="post" action="/cgi-bin/script.pl">

Using this method, the data is apparently sent via the STDIN.
From what I can find on the Internet, a perl script would read this info
something like this:
read(STDIN, $temp, $CONTENT_LENGTH);

When I submit my form data from the HTML document using the POST method, the
CONTENT_LENGTH environment variable does reflect the amount of information I
am sending, but the read statement doesn't store that data to the $temp
variable, the $temp variable is just empty.

Here is a look at part of my script.

#!/usr/bin/perl

use CGI qwstandard);
my $query = new CGI;
print"Content-type: text/html\n\n";

$cl=$ENV{'CONTENT_LENGTH'};
if ($cl > 0)
{
read(STDIN, $temp, $cl); # Read POST data from STDIN
print" 11.. temp = $temp <br>\n";
}
else
{
$temp=$ENV{'QUERY_STRING'}; # Get info submitted from
HTML form
print" 12.. temp = $temp <br>\n";
}

The script will print the following
11.. temp=

The server belongs to my ISP.
It's a Linux server with apache (I guess the Apache is for the Perl to work
or something).

 

[John Smith]

Oops, by the way, my name is not John Smith, it's Guy Doucet

 

[Bob Smith]

I hope I am not posting this to the wrong group, as it deals with HTML and
PERL.

I had a script that read information from the QUERY_STRING environment
variable, such as:
$temp=$ENV{'QUERY_STRING'};

It received this information from an HTML document that used the GET method
to send its form data to the perl script, such as:
<FORM method="get" action="/cgi-bin/script.pl">

This worked fine, but the form data ends up as part of the URL, such as:
http://domainname/cgi-bin/script.pl?year=2003&pwd=12345

This would not be too bad except that part of the information sent to the
perl script is a password.
I would prefer that this information not be part of the URL.

As it turns out, an HTML document can also use the POST method to send its
form data to a perl script, such as:
<FORM method="post" action="/cgi-bin/script.pl">

Using this method, the data is apparently sent via the STDIN.
From what I can find on the Internet, a perl script would read this info
something like this:
read(STDIN, $temp, $CONTENT_LENGTH);

When I submit my form data from the HTML document using the POST method, the
CONTENT_LENGTH environment variable does reflect the amount of information I
am sending, but the read statement doesn't store that data to the $temp
variable, the $temp variable is just empty.

Here is a look at part of my script.

#!/usr/bin/perl

use CGI qwstandard);
my $query = new CGI;

print header;

print"Content-type: text/html\n\n";

$cl=$ENV{'CONTENT_LENGTH'};
if ($cl > 0)
{
read(STDIN, $temp, $cl); # Read POST data from STDIN

use this:
my $parameter = param('name_of_the_parameter_you_want');
print "parameter value is:$parameter";

 

[John Smith]

Well, as it turns out, it appears to work for some reason!
What I don't understand is why.
I don't even have to read the STDIN such as:
read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});

So does Apache or something else automatically assign the STDIN parameters
to param?
I guess it's not that important if it works!

Thanks for all,
Guy Doucet

 

[dw]

use this:

Well, as it turns out, it appears to work for some reason!
What I don't understand is why.
I don't even have to read the STDIN such as:
read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});

So does Apache or something else automatically assign the STDIN parameters
to param?
I guess it's not that important if it works!

CGI.pm does that for you. If you submit the form using GET, it gets its
data from the URL. If you submit using POST, it gets its data from STDIN.

 

[Eric J. Roode]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I hope I am not posting this to the wrong group, as it deals with HTML
and PERL.


I had a script that read information from the QUERY_STRING environment
variable, such as:
$temp=$ENV{'QUERY_STRING'};

It received this information from an HTML document that used the GET
method to send its form data to the perl script, such as:
<FORM method="get" action="/cgi-bin/script.pl">

This worked fine, but the form data ends up as part of the URL, such
as:
http://domainname/cgi-bin/script.pl?year=2003&pwd=12345

This would not be too bad except that part of the information sent to
the perl script is a password.
I would prefer that this information not be part of the URL.

Why not? It's not really any less secure than transmitting it via POST
method.

Here is a look at part of my script.

#!/usr/bin/perl

use CGI qwstandard);
my $query = new CGI;
print"Content-type: text/html\n\n";

$cl=$ENV{'CONTENT_LENGTH'};
if ($cl > 0)
{
read(STDIN, $temp, $cl); # Read POST data from
STDIN print" 11.. temp = $temp <br>\n";
}
else
{
$temp=$ENV{'QUERY_STRING'}; # Get info submitted
from
HTML form
print" 12.. temp = $temp <br>\n";
}

Why go to all this work? CGI.pm does all of this for you, and more.
You're already using CGI.pm. Just ask it what the query parameters are.
Don't parse it all out yourself.

- --
Eric
$_ = reverse sort $ /. r , qw p ekca lre uJ reh
ts p , map $ _. $ " , qw e p h tona e and print

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP29OxGPeouIeTNHoEQLG8gCg/unzlxZu6KEfiO89fLwUSB5jMN4An1Ix
zePkKlXie2cFZIuwH1zXXmlK
=ykXY
-----END PGP SIGNATURE-----

 

[Juha Laiho]

Ok, change to method="POST", and adapt your script appropriately, and
you're done.

Why not? It's not really any less secure than transmitting it via POST
method.

The difference is that you don't see POST data from server logs, whereas
GET data will be logged. It's not a major difference, but at least I
feel more comfortable browsing server logs when the logs do not contain
passwords.

....
Why go to all this work? CGI.pm does all of this for you, and more.
You're already using CGI.pm. Just ask it what the query parameters are.
Don't parse it all out yourself.

Heartily agreed.

 

[Eric J. Roode]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"Eric J. Roode" <[email protected]> said: ....
Ok, change to method="POST", and adapt your script appropriately, and
you're done.


The difference is that you don't see POST data from server logs,
whereas GET data will be logged. It's not a major difference, but at
least I feel more comfortable browsing server logs when the logs do
not contain passwords.

Mmmm, I *suppose*... but if you're worried about your sysadmins snooping
passwords from the apache logs, you've got bigger problems.

- --
Eric
$_ = reverse sort $ /. r , qw p ekca lre uJ reh
ts p , map $ _. $ " , qw e p h tona e and print

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP3D2TWPeouIeTNHoEQJM3gCg6QBdZijrDUwVQV0yK7mBcvf33GgAn2RY
d3Ao1tT+k2XU+Rb++5TQTsnF
=+fzH
-----END PGP SIGNATURE-----

 

[Juha Laiho]

Well, as it turns out, it appears to work for some reason!
What I don't understand is why.
I don't even have to read the STDIN such as:
read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});

So does Apache or something else automatically assign the STDIN parameters
to param?
I guess it's not that important if it works!

Responding late, hope you still follow this thread.

Please DO read the CGI.pm documentation -- it'll contain a number
of other helpful tools for you as well.

http://www.perldoc.com/perl5.6.1/lib/CGI.html