Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Programming > Perl > Perl Misc > reading STDIN with Perl on Linux / Apache

Reply
Thread Tools

reading STDIN with Perl on Linux / Apache

 
 
John Smith
Guest
Posts: n/a
 
      09-22-2003
I hope I am not posting this to the wrong group, as it deals with HTML and
PERL.


I had a script that read information from the QUERY_STRING environment
variable, such as:
$temp=$ENV{'QUERY_STRING'};

It received this information from an HTML document that used the GET method
to send its form data to the perl script, such as:
<FORM method="get" action="/cgi-bin/script.pl">

This worked fine, but the form data ends up as part of the URL, such as:
http://domainname/cgi-bin/script.pl?year=2003&pwd=12345

This would not be too bad except that part of the information sent to the
perl script is a password.
I would prefer that this information not be part of the URL.

As it turns out, an HTML document can also use the POST method to send its
form data to a perl script, such as:
<FORM method="post" action="/cgi-bin/script.pl">

Using this method, the data is apparently sent via the STDIN.
From what I can find on the Internet, a perl script would read this info
something like this:
read(STDIN, $temp, $CONTENT_LENGTH);

When I submit my form data from the HTML document using the POST method, the
CONTENT_LENGTH environment variable does reflect the amount of information I
am sending, but the read statement doesn't store that data to the $temp
variable, the $temp variable is just empty.

Here is a look at part of my script.

#!/usr/bin/perl

use CGI qw(:standard);
my $query = new CGI;
print"Content-type: text/html\n\n";

$cl=$ENV{'CONTENT_LENGTH'};
if ($cl > 0)
{
read(STDIN, $temp, $cl); # Read POST data from STDIN
print" 11.. temp = $temp <br>\n";
}
else
{
$temp=$ENV{'QUERY_STRING'}; # Get info submitted from
HTML form
print" 12.. temp = $temp <br>\n";
}

The script will print the following
11.. temp=

The server belongs to my ISP.
It's a Linux server with apache (I guess the Apache is for the Perl to work
or something).



 
Reply With Quote
 
 
 
 
John Smith
Guest
Posts: n/a
 
      09-22-2003
Oops, by the way, my name is not John Smith, it's Guy Doucet


 
Reply With Quote
 
 
 
 
Bob Smith
Guest
Posts: n/a
 
      09-22-2003
John Smith wrote:

> I hope I am not posting this to the wrong group, as it deals with HTML and
> PERL.
>
> I had a script that read information from the QUERY_STRING environment
> variable, such as:
> $temp=$ENV{'QUERY_STRING'};
>
> It received this information from an HTML document that used the GET method
> to send its form data to the perl script, such as:
> <FORM method="get" action="/cgi-bin/script.pl">
>
> This worked fine, but the form data ends up as part of the URL, such as:
> http://domainname/cgi-bin/script.pl?year=2003&pwd=12345
>
> This would not be too bad except that part of the information sent to the
> perl script is a password.
> I would prefer that this information not be part of the URL.
>
> As it turns out, an HTML document can also use the POST method to send its
> form data to a perl script, such as:
> <FORM method="post" action="/cgi-bin/script.pl">
>
> Using this method, the data is apparently sent via the STDIN.
> From what I can find on the Internet, a perl script would read this info
> something like this:
> read(STDIN, $temp, $CONTENT_LENGTH);
>
> When I submit my form data from the HTML document using the POST method, the
> CONTENT_LENGTH environment variable does reflect the amount of information I
> am sending, but the read statement doesn't store that data to the $temp
> variable, the $temp variable is just empty.
>
> Here is a look at part of my script.
>
> #!/usr/bin/perl
>
> use CGI qw(:standard);
> my $query = new CGI;


print header;

>
> print"Content-type: text/html\n\n";
>
> $cl=$ENV{'CONTENT_LENGTH'};
> if ($cl > 0)
> {
> read(STDIN, $temp, $cl); # Read POST data from STDIN


use this:
my $parameter = param('name_of_the_parameter_you_want');
print "parameter value is:$parameter";


>
> print" 11.. temp = $temp <br>\n";
> }
> else
> {
> $temp=$ENV{'QUERY_STRING'}; # Get info submitted from
> HTML form
> print" 12.. temp = $temp <br>\n";
> }
>
> The script will print the following
> 11.. temp=
>
> The server belongs to my ISP.
> It's a Linux server with apache (I guess the Apache is for the Perl to work
> or something).


 
Reply With Quote
 
John Smith
Guest
Posts: n/a
 
      09-22-2003
Well, as it turns out, it appears to work for some reason!
What I don't understand is why.
I don't even have to read the STDIN such as:
read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});

So does Apache or something else automatically assign the STDIN parameters
to param?
I guess it's not that important if it works!

Thanks for all,
Guy Doucet

> use this:
> my $parameter = param('name_of_the_parameter_you_want');
> print "parameter value is:$parameter";



 
Reply With Quote
 
dw
Guest
Posts: n/a
 
      09-22-2003
> > use this:
> > my $parameter = param('name_of_the_parameter_you_want');
> > print "parameter value is:$parameter";

>
> Well, as it turns out, it appears to work for some reason!
> What I don't understand is why.
> I don't even have to read the STDIN such as:
> read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});
>
> So does Apache or something else automatically assign the STDIN parameters
> to param?
> I guess it's not that important if it works!
>


CGI.pm does that for you. If you submit the form using GET, it gets its
data from the URL. If you submit using POST, it gets its data from STDIN.


 
Reply With Quote
 
Eric J. Roode
Guest
Posts: n/a
 
      09-22-2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

"John Smith" <(E-Mail Removed)> wrote in
newsLDbb.13752$(E-Mail Removed):

> I hope I am not posting this to the wrong group, as it deals with HTML
> and PERL.
>
>
> I had a script that read information from the QUERY_STRING environment
> variable, such as:
> $temp=$ENV{'QUERY_STRING'};
>
> It received this information from an HTML document that used the GET
> method to send its form data to the perl script, such as:
> <FORM method="get" action="/cgi-bin/script.pl">
>
> This worked fine, but the form data ends up as part of the URL, such
> as:
> http://domainname/cgi-bin/script.pl?year=2003&pwd=12345
>
> This would not be too bad except that part of the information sent to
> the perl script is a password.
> I would prefer that this information not be part of the URL.


Why not? It's not really any less secure than transmitting it via POST
method.


> Here is a look at part of my script.
>
> #!/usr/bin/perl
>
> use CGI qw(:standard);
> my $query = new CGI;
> print"Content-type: text/html\n\n";
>
> $cl=$ENV{'CONTENT_LENGTH'};
> if ($cl > 0)
> {
> read(STDIN, $temp, $cl); # Read POST data from
> STDIN print" 11.. temp = $temp <br>\n";
> }
> else
> {
> $temp=$ENV{'QUERY_STRING'}; # Get info submitted
> from
> HTML form
> print" 12.. temp = $temp <br>\n";
> }



Why go to all this work? CGI.pm does all of this for you, and more.
You're already using CGI.pm. Just ask it what the query parameters are.
Don't parse it all out yourself.

- --
Eric
$_ = reverse sort $ /. r , qw p ekca lre uJ reh
ts p , map $ _. $ " , qw e p h tona e and print

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP29OxGPeouIeTNHoEQLG8gCg/unzlxZu6KEfiO89fLwUSB5jMN4An1Ix
zePkKlXie2cFZIuwH1zXXmlK
=ykXY
-----END PGP SIGNATURE-----
 
Reply With Quote
 
Juha Laiho
Guest
Posts: n/a
 
      09-23-2003
"Eric J. Roode" <(E-Mail Removed)> said:
>"John Smith" <(E-Mail Removed)> wrote in
>newsLDbb.13752$(E-Mail Removed):
>> It received this information from an HTML document that used the GET
>> method to send its form data to the perl script, such as:
>> <FORM method="get" action="/cgi-bin/script.pl">
>>
>> This worked fine, but the form data ends up as part of the URL, such
>> as:
>> http://domainname/cgi-bin/script.pl?year=2003&pwd=12345


Ok, change to method="POST", and adapt your script appropriately, and
you're done.

>Why not? It's not really any less secure than transmitting it via POST
>method.


The difference is that you don't see POST data from server logs, whereas
GET data will be logged. It's not a major difference, but at least I
feel more comfortable browsing server logs when the logs do not contain
passwords.

>> Here is a look at part of my script.

....
>Why go to all this work? CGI.pm does all of this for you, and more.
>You're already using CGI.pm. Just ask it what the query parameters are.
>Don't parse it all out yourself.


Heartily agreed.
--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
 
Reply With Quote
 
Eric J. Roode
Guest
Posts: n/a
 
      09-24-2003
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Juha Laiho <(E-Mail Removed)> wrote in
news:bkppjk$ki2$(E-Mail Removed)-int:

> "Eric J. Roode" <(E-Mail Removed)> said:

....
> Ok, change to method="POST", and adapt your script appropriately, and
> you're done.
>
>>Why not? It's not really any less secure than transmitting it via
>>POST method.

>
> The difference is that you don't see POST data from server logs,
> whereas GET data will be logged. It's not a major difference, but at
> least I feel more comfortable browsing server logs when the logs do
> not contain passwords.


Mmmm, I *suppose*... but if you're worried about your sysadmins snooping
passwords from the apache logs, you've got bigger problems.

- --
Eric
$_ = reverse sort $ /. r , qw p ekca lre uJ reh
ts p , map $ _. $ " , qw e p h tona e and print

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP3D2TWPeouIeTNHoEQJM3gCg6QBdZijrDUwVQV0yK7mBcv f33GgAn2RY
d3Ao1tT+k2XU+Rb++5TQTsnF
=+fzH
-----END PGP SIGNATURE-----
 
Reply With Quote
 
Juha Laiho
Guest
Posts: n/a
 
      09-27-2003
"John Smith" <(E-Mail Removed)> said:
>Well, as it turns out, it appears to work for some reason!
>What I don't understand is why.
>I don't even have to read the STDIN such as:
> read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});
>
>So does Apache or something else automatically assign the STDIN parameters
>to param?
>I guess it's not that important if it works!


Responding late, hope you still follow this thread.

Please DO read the CGI.pm documentation -- it'll contain a number
of other helpful tools for you as well.

http://www.perldoc.com/perl5.6.1/lib/CGI.html

--
Wolf a.k.a. Juha Laiho Espoo, Finland
(GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
"...cancel my subscription to the resurrection!" (Jim Morrison)
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
peek at stdin, flush stdin Johnathan Doe C Programming 5 05-17-2013 04:30 PM
How to pass stdin of a C++ program to the stdin of a process createdwith ShellExecute() Ben C Programming 2 08-29-2009 09:47 PM
Linux: Unbuffered reading from stdin Markus Mayer C Programming 7 11-04-2007 11:02 PM
Reading from stdin then launching a program that reads from stdin strange behaviour Stefano Sabatini Perl Misc 6 07-29-2007 10:38 PM
Reading stdin once confuses second stdin read Charlie Zender C Programming 6 06-21-2004 01:39 PM



Advertisments