0

Spent better part of 3-days writing a CGI script to handle the input form data from my HTML. Used Padre as an editor but now receive this error when running the script.

  • "uncaught exception from user code: "-T" is on the #! line, it must also be used on the command line at scipt.pl"

I'd like some pointers if anyone is willing to look over my code and offer guidance. This is my first endeavor into Perl and CGI. What I desire for endstate is a form a webuser enters data and then hits submit. After validation a page is sent back to the browser with information and errors if they exist. here is my code and thanks in advance!

HTML Code: 

<html>
<head><title>My First CGI-PERL</title>
<!--Link to css for styling here-->
<link rel="stylesheet" type="text/css" href="style.css">
</head>
<body>
<header>
<h1>Welcome to my first CGI-PERL Form submission</h1></header>
<br>
<p>Please Enter the following information in the fields and click  
    SUBMIT.</p>
<hr>
<br>
<div class="container1">
   <form action="/cgi-bin/text.pl" method="post"> <!--script to process  
     this section-->
        Item Number<input type="text" name="Item"><br> <!--Cannot be blank-->
        Product Name<input type="text" name="Name"><br> <!--Cannot be    
    blank-->
        Product Cost<input type="text" name="Cost"><br> <!--must be between .50 and $1000-->
        Selling Price<input type="text" name="Price"><br> <!--price from 1.00 to 2000.00-->
        Quantity on Hand<input type="text" name="Quantity"><br> <!--cannot be negative-->
    </form></div>
    <br>
    <br>
    <hr>
    <br>
    <h2>Choose A Product Category</h2> <!--must be one of the categories-->
    <br>
    <div class="container2">
    <form action="/cgi-bin/radio.pl" method="post"> <!--name of script that handles this section-->
       <input type="radio" name="letter" value="F">F<br>
       <input type="radio" name="letter" value="H">H<br>
       <input type="radio" name="letter" value="M">M<br>
       <input type="radio" name="letter" value="C">C<br>
       <input type="radio" name="letter" value="T">T<br>
    <br>
    </form></div>   
    <hr>
    <br>
    <div class="container4">
    <form action="/cgi-bin/myfirstcgi.cgi" method="post"> <!--script to process submit and send a second page back-->
       <input type="submit" name="submit"  value="SUBMIT"><br>
    </form></div> <!--close container 2-->

    <!--Profit should be auto generated on the second page created by the script-->
    </body>
    </html>

Perl Script:

#!/usr/bin/perl 
print "Content-type: text/html\n\n";
use strict;
use warnings;
use CGI qw(:standard);

print "<html><body>";
print "Thank you for submitting the form. <br>\n";
#return to html page with form
print "To go back to the form page click"; #how can i insert a link to   the form page here


print "You chose item number ", param("Item")," \n";
print "The product name is ", param("Name"), " \n";
print "The Cost is ", param("Cost")," \n";
print "Selling Price ", param("Price")," \n";
print "Quantity on Hand is ", param("Quantity")," \n";

#scalar variables to hold form input data
my $item = param("Item");
my $name = param("Name");
my $cost = param("Cost");
my $price = param("Price");
my $category = param("Category"); #radio button chosen
my $quantity = param("Quantity");
my $profit = $cost - $price;

#radio buttons
my %categories = ("F", "H", "M", "C", "T");
#validation a category was chosen

my $categories = param("letter");
if (exists $categories{$category}) {
   print "The product Category is $category";
}
else {
   error ("You must select a category");
}  

#validate input
if ($item eq "") {
    error ("Field cannot be blank");
}
if ($name eq "") {
    error ("Field cannot be blank");
}
if ($cost < .50 && $cost > 1000) {
   error ("Invalid Entry Cost must be between $.50 and $1000");
}
if ($price < 1.00 && $cost > 2000) {
   error ("Invalid Amount Please enter Price between $1.00 and $2000");
}
if ($quantity < 0) {
   error ("Quantity cannot be negative number");
}

sub error {
my ($errormsg)  =  @_;
print  "<h2>Error</h2>\n";
print  "$errormsg<p>\n";
print "</body></html>\n";
exit;
}
allendks45
  • 339
  • 5
  • 18
  • Your script has many errors, btw I suggest you to read [this](http://perldoc.perl.org/perlsec.html#Taint-mode). run using `perl -T`. and fix all errors and share your html also in question it will be better. – Arunesh Singh Jul 12 '15 at 19:24
  • @Arunesh how do I run the perl -T? I'm using Padre (new to me as I normally use Notepad++). – allendks45 Jul 12 '15 at 20:37
  • run using cmd in windows. never used padre. – Arunesh Singh Jul 12 '15 at 20:39
  • http://stackoverflow.com/questions/12255683/can-you-pass-command-line-arguments-to-perl-program-run-from-padre-run-run-scri check this for padre – Arunesh Singh Jul 12 '15 at 20:42
  • Why do you have four separate forms on the page? And only one of them has a submit button. How do you expect the other ones to be submitted? – Dave Cross Jul 12 '15 at 21:07

2 Answers2

1

Padre runs Perl programs using a command like:

/usr/bin/perl <your_file.pl>

Taint checking requires deep changes to how the compiler works, so it needs to be turned on immediately after the compiler starts up. You have -T on the shebang line inside your program and that isn't parsed until after the compiler starts - too late for taint mode to be enabled. It would be confusing for Perl to start running your code not in taint mode when you think that taint mode has been turned on, so it halts execution with the error message that you have seen.

You can fix this by configuring Padre to run your code with as slightly different command:

/usr/bin/perl -T <your_file.pl>

In Padre choose Tools -> Preferences from the menu and then select the "Language - Perl 5" option. There is a text input labelled "Interpreter arguments". You can put your -T there and save the changes.

Also, I'll just reiterate my previous advice that using CGI in 2015 is ridiculous. Please take a look at CGI::Alternatives and switch to a more modern architecture.

Community
  • 1
  • 1
Dave Cross
  • 68,119
  • 3
  • 51
  • 97
  • I'm absolutely positive you are correct on that. Unfortunately I enrolled in a webserver class and this is the final assignment. From what I've been reading on the web this is very antiquated and has been replaced by other languages. If it were JS I'm confident I'd be done with this project. – allendks45 Jul 12 '15 at 20:59
  • Pretty grim news that there are still classes out there teaching this stuff. It's true that there are now plenty of other languages that people use to write web apps - but people still use Perl too (just with more modern tools). And I think this is the first time you've told us that we're helping you with homework :-/ – Dave Cross Jul 12 '15 at 21:03
  • Yes, final summer project did not believe that it would make a difference. Only seeking to understand the concepts within Perl as i only have 1-week to learn the language. Tall order and as you stated there are a bevy of languages that handle what I'm trying to accomplish in simpler methods. For what it is worth the instructor is a good guy and does help in limited fashion. – allendks45 Jul 12 '15 at 21:55
1

Your homework should be done by you. But Since there is lot of syntax mistakes there I will try to help you.

First of all Bind all the elements inside the html into a single form with single submit button so that it can go to server in the form of query string in a single go.

Your html should be: 

<html>
<head><title>My First CGI-PERL</title>
<!--Link to css for styling here-->
<!--<link rel="stylesheet" type="text/css" href="style.css">-->
</head>
<body>
<header>
<h1>Welcome to my first CGI-PERL Form submission</h1></header>
<br>
<p>Please Enter the following information in the fields and click  
    SUBMIT.</p>
<hr>
<br>
<div class="container1">
   <form action="action.cgi" method="post"> <!--script to process  
     this section-->
        Item Number<input type="text" name="Item"><br> <!--Cannot be blank-->
        Product Name<input type="text" name="Name"><br> <!--Cannot be    
    blank-->
        Product Cost<input type="text" name="Cost"><br> <!--must be between .50 and $1000-->
        Selling Price<input type="text" name="Price"><br> <!--price from 1.00 to 2000.00-->
        Quantity on Hand<input type="text" name="Quantity"><br> <!--cannot be negative-->
    <br>
    <br>
    <hr>
    <br>
    <h2>Choose A Product Category</h2> <!--must be one of the categories-->
    <br>
    <div class="container2">
       <input type="radio" name="letter" value="F">F<br>
       <input type="radio" name="letter" value="H">H<br>
       <input type="radio" name="letter" value="M">M<br>
       <input type="radio" name="letter" value="C">C<br>
       <input type="radio" name="letter" value="T">T<br>
    <br>
    <hr>
    <br>
    <div class="container4">
       <input type="submit" name="submit"  value="SUBMIT"><br>
    </form></div> <!--close container 2-->

    <!--Profit should be auto generated on the second page created by the script-->
    </body>
    </html>

Your cgi script I named as action.cgi and It should be like this for the above html from your approach. Whatever the error you had I tried to show it using commented lines.

#!/usr/bin/perl -T
print "Content-type: text/html\n\n";
use strict;
use warnings;
use CGI qw(:standard);

print "<html><body>";
print '<h1>"Thank you for submitting the form. <br>"\n';
#return to html page with form
print '<h2>To go back to the form page click <a 
href="/newform.html">Here</a>.</h2>';#missing quotes

print "<hr><br><br>";
print "You chose item number ",param("Item")," <br>";
print "The product name is ", param("Name"), " <br>";print "The Cost is 
", param("Cost")," \n";
print "Selling Price ", param("Price")," <br />";
print "Quantity on Hand is ", param("Quantity")," <br> ";

#scalar variables to hold form input data
my $item = param("Item");
my $name = param("Name");
my $cost = param("Cost");
my $price = param("Price");
my $category = param("Category"); #radio button chosen
my $quantity = param("Quantity");
my $profit = $cost - $price;

#radio buttons
my @categories = ("F", "H", "M", "C", "T");#better use array
#vali`dation a category was chosen
$category = param("letter");
if(grep { /$category/ } @categories) { # check if category exist in your predefined array
print "The product Category is $category \n";
}
else {
error ("You must select a category");
}
#validate input
if ($item eq "") {
error ("Field cannot be blank");
}
if ($name eq "" ){
error ("Field cannot be blank");
}
if ($cost < .50 && $cost > 1000) {
error ("Invalid Entry Cost must be between $.50 and $1000");
}
if ($price < 1.00 && $cost > 2000) {
error ("Invalid Amount Please enter Price between $1.00 and $2000");
}
if ($quantity < 0) {
error ("Quantity cannot be negative number");
}

#Error subroutine
sub error {
my  $errormsg = shift;#you shouldn't assign array to variable
print "<h2>Error</h2>\n";
print "$errormsg<p>\n";
print "</body></html>\n";
}

If you really want to learn perl after basic understanding try to learn

perldsc,perlvar,perlref,perloo,perlobj

Arunesh Singh
  • 3,489
  • 18
  • 26
  • much appreciated. I have no issues working these out and only use this medium for guidance and teaching points. Hopefully one day I will be on the other end of the keyboard helping others. I definitely like Java, JS and others more. One of my biggest questions was about proper submission of forms. How does one decide whether or not to submit in one 'action' or multiple parts? Thanks again and it was good to know once I had Padre setup correctly I could fix my errors. – allendks45 Jul 12 '15 at 22:44