Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature may not be available in some browsers.
#!/usr/bin/perl -w
use CGI;
my $q = new CGI;
my $page = $q->param ("page");
open (PAGE, "./private/pages/$page\.txt");
my @data = <PAGE>;
close (PAGE);
chomp @data;
print $q->header;
print join ("\n",@data);
open (PAGE, "./private/pages/../users/admin.txt");
#!/usr/bin/perl -w
use CGI;
my $q = new CGI;
my $page = $q->param ("page");
[color blue]# Remove potential abuse in the page name.
$page =~ s~(/|\.|\\)~~g; # remove /, ., and \[/color]
open (PAGE, "./private/pages/$page\.txt");
my @data = <PAGE>;
close (PAGE);
chomp @data;
print $q->header;
print join ("\n",@data);
#!/usr/bin/perl -w
use CGI;
my $q = new CGI;
my $expr = $q->param ("expr");
print $q->header;
# Calculate the expression.
if ($expr) {
my $result = eval ($expr);
print "$expr = $result";
}
print qq~<form action="calc.cgi">
<input type="text" name="expr">
<input type="submit" name="Calculate!">
</form>~;
$expr =~ s/[^0-9\+\-\*\/ ]//g;
#!/usr/bin/perl -w
use CGI;
use DBI;
my $zip = $q->param("zipcode");
# connect to the DB
my $dbh = DBI->new(...);
# run a query
my $query = $dbh->prepare (
"SELECT name FROM cities WHERE zip=$zip"
);
$query->execute();
# give results
print $q->header();
if (my $row = $query->fetchrow_hashref) {
print "The city's name is $row->{name}.";
}
else {
print "That wasn't in the database.";
}
SELECT name FROM cities WHERE zip=[color blue]90230[/color]
SELECT name FROM cities WHERE zip=[color red]90230; DROP TABLE cities[/color]
my $query = $dbh->prepare (
"SELECT name FROM cities WHERE zip=?"
);
$query->execute($zip);
my $query = $dbh->prepare (q~
UPDATE users SET password=? WHERE username=?
~);
$query->execute($password, $username);
$CGI::POST_MAX
If set to a non-negative integer, this variable puts a ceiling on the size of POSTings, in bytes. If CGI.pm detects a POST that is greater than the ceiling, it will immediately exit with an error message. This value will affect both ordinary POSTs and multipart POSTs, meaning that it limits the maximum size of file uploads as well. You should set this to a reasonably high value, such as 1 megabyte.
$CGI::DISABLE_UPLOADS
If set to a non-zero value, this will disable file uploads completely. Other fill-out form values will work as usual.
#!/usr/bin/perl -w
use CGI;
my $q = new CGI;
# allow updates
if ($q->param) {
my $name = $q->param("name");
my $comment = $q->param("comment");
open (GUESTBOOK, ">guestbook.txt");
print GUESTBOOK "<b>From:</b> $name<br>\n"
. "<b>Comment:</b> $comment<p>\n\n";
close (GUESTBOOK);
}
# read the guestbook
open (READ, "guestbook.txt");
my @gb = <READ>;
close (READ);
chomp @gb;
my $guestbook_html = join("\n",@gb);
# print the page
print $q->header();
print <<EOF;
<html>
<body>
<h1>My Guestbook</h1>
$guestbook_html
<h1>Add an Entry</h1>
<form action="guestbook.pl" method="post">
Name: <input type="text" name="name"><br>
Message: <textarea cols="50" rows="10" name="comment"></textarea><br>
<input type="submit" value="Post!">
</form>
EOF
# allow updates
if ($q->param) {
my $name = $q->param("name");
my $comment = $q->param("comment");
[color blue]# don't let 'em use HTML
$name =~ s/</</g;
$name =~ s/>/>/g;
$comment =~ s/</</g;
$comment =~ s/>/>/g;[/color]
open (GUESTBOOK, ">guestbook.txt");
print GUESTBOOK "<b>From:</b> $name<br>\n"
. "<b>Comment:</b> $comment<p>\n\n";
close (GUESTBOOK);
}