--- "Frank J. Schmuck" <[EMAIL PROTECTED]> wrote:
> As this is a "beginners" group I'll save the "best book" threads to others.
> What are the resources available on the web (tutorials, etc.) for building
> web pages with Perl and CGI?
>
> I'm running under W2k although I can boot to Redhat 7.2 as needed. I have
> both the ActiveState distribution and also IndigoPerl. The integration of
> Apache with the Indigo distribution is certainly a plus.
>
> Thanks
> Frank
I'm actually very interested in knowing an answer to this myself. I have been asked
several times
where a good online tutorial can be found and I don't have a ready answer. I've
stumbled across
*one* that looked okay, but I didn't have the time to research it (and I forgot to
bookmark it!).
Because of this, I've started to write my own
(http://www.easytreet.com/~ovid/cgi_course/).
However, even though I'm working on it -- I hope to have lesson 4 out in a week or so
-- it's
woefully incomplete and therefore not your best resource.
Since I didn't really answer your question, I'll give you some pointers on what to
check out.
Since many people looking for these courses don't know what to look for, they overlook
some
serious problems.
1. Tries to "hand-parse" the CGI data.
This is far and away the biggest problem. I've had a standing bet with everyone that
if they send
me an alternative to CGI.pm that they've written themselves, I'll find at least 5 bugs
in it (or
at least problems that will need to be dealt with). Needless to say, you *could*
write a bug-free
alternative, but I've never lost the bet.
2. Doesn't use taint checking.
Hand-rolled CGI processing is the biggest problem. This is the most serious. Taint
checking
(enabled by using the -T switch on the shebang line) tells Perl that all data from a
source
outside of the script is "tainted" and should not be used in unsafe operations unless
the
programmer "scrubs" the data.
3. Doesn't use strict.
Many, many programmers ignore this. Failure to use strict will cause you more grief
than you can
possibly realize. I honestly don't know why programmers don't use this. Consider
this code:
$oldname = "Given Name";
$somefieldname = "First Name";
while($line = <INHANDLE>) {
if $line =~ /$oldname/ {
$line =~ s/$oldname/$somefeildname/;
}
print OUTHANDLE $line;
}
Do you see the bug in that? If those lines are scattered in many other lines of code,
it can be
difficult to find. Using strict will *immediately* tell you the bug.
4. Doesn't use warnings.
Warnings probably shouldn't be turned on in production code, but you want them in
development.
There are all sorts of niggling little errors that they will catch.
The above points aren't comprehensive, but I routinely open CGI books and look for
those things.
If I don't see them, I look a little deeper and *always* discover that the book is
garbage.
Cheers,
Curtis Poe
=====
Senior Programmer
Onsite! Technology (http://www.onsitetech.com/)
"Ovid" on http://www.perlmonks.org/
__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35
a year! http://personal.mail.yahoo.com/
