reading STDIN with Perl on Linux / Apache

Discussion in 'Perl Misc' started by John Smith, Sep 22, 2003.

  1. John Smith

    John Smith Guest

    I hope I am not posting this to the wrong group, as it deals with HTML and
    PERL.


    I had a script that read information from the QUERY_STRING environment
    variable, such as:
    $temp=$ENV{'QUERY_STRING'};

    It received this information from an HTML document that used the GET method
    to send its form data to the perl script, such as:
    <FORM method="get" action="/cgi-bin/script.pl">

    This worked fine, but the form data ends up as part of the URL, such as:
    http://domainname/cgi-bin/script.pl?year=2003&pwd=12345

    This would not be too bad except that part of the information sent to the
    perl script is a password.
    I would prefer that this information not be part of the URL.

    As it turns out, an HTML document can also use the POST method to send its
    form data to a perl script, such as:
    <FORM method="post" action="/cgi-bin/script.pl">

    Using this method, the data is apparently sent via the STDIN.
    From what I can find on the Internet, a perl script would read this info
    something like this:
    read(STDIN, $temp, $CONTENT_LENGTH);

    When I submit my form data from the HTML document using the POST method, the
    CONTENT_LENGTH environment variable does reflect the amount of information I
    am sending, but the read statement doesn't store that data to the $temp
    variable, the $temp variable is just empty.

    Here is a look at part of my script.

    #!/usr/bin/perl

    use CGI qw:)standard);
    my $query = new CGI;
    print"Content-type: text/html\n\n";

    $cl=$ENV{'CONTENT_LENGTH'};
    if ($cl > 0)
    {
    read(STDIN, $temp, $cl); # Read POST data from STDIN
    print" 11.. temp = $temp <br>\n";
    }
    else
    {
    $temp=$ENV{'QUERY_STRING'}; # Get info submitted from
    HTML form
    print" 12.. temp = $temp <br>\n";
    }

    The script will print the following
    11.. temp=

    The server belongs to my ISP.
    It's a Linux server with apache (I guess the Apache is for the Perl to work
    or something).
    John Smith, Sep 22, 2003
    #1
    1. Advertising

  2. John Smith

    John Smith Guest

    Oops, by the way, my name is not John Smith, it's Guy Doucet :)
    John Smith, Sep 22, 2003
    #2
    1. Advertising

  3. John Smith

    Bob Smith Guest

    John Smith wrote:

    > I hope I am not posting this to the wrong group, as it deals with HTML and
    > PERL.
    >
    > I had a script that read information from the QUERY_STRING environment
    > variable, such as:
    > $temp=$ENV{'QUERY_STRING'};
    >
    > It received this information from an HTML document that used the GET method
    > to send its form data to the perl script, such as:
    > <FORM method="get" action="/cgi-bin/script.pl">
    >
    > This worked fine, but the form data ends up as part of the URL, such as:
    > http://domainname/cgi-bin/script.pl?year=2003&pwd=12345
    >
    > This would not be too bad except that part of the information sent to the
    > perl script is a password.
    > I would prefer that this information not be part of the URL.
    >
    > As it turns out, an HTML document can also use the POST method to send its
    > form data to a perl script, such as:
    > <FORM method="post" action="/cgi-bin/script.pl">
    >
    > Using this method, the data is apparently sent via the STDIN.
    > From what I can find on the Internet, a perl script would read this info
    > something like this:
    > read(STDIN, $temp, $CONTENT_LENGTH);
    >
    > When I submit my form data from the HTML document using the POST method, the
    > CONTENT_LENGTH environment variable does reflect the amount of information I
    > am sending, but the read statement doesn't store that data to the $temp
    > variable, the $temp variable is just empty.
    >
    > Here is a look at part of my script.
    >
    > #!/usr/bin/perl
    >
    > use CGI qw:)standard);
    > my $query = new CGI;


    print header;

    >
    > print"Content-type: text/html\n\n";
    >
    > $cl=$ENV{'CONTENT_LENGTH'};
    > if ($cl > 0)
    > {
    > read(STDIN, $temp, $cl); # Read POST data from STDIN


    use this:
    my $parameter = param('name_of_the_parameter_you_want');
    print "parameter value is:$parameter";


    >
    > print" 11.. temp = $temp <br>\n";
    > }
    > else
    > {
    > $temp=$ENV{'QUERY_STRING'}; # Get info submitted from
    > HTML form
    > print" 12.. temp = $temp <br>\n";
    > }
    >
    > The script will print the following
    > 11.. temp=
    >
    > The server belongs to my ISP.
    > It's a Linux server with apache (I guess the Apache is for the Perl to work
    > or something).
    Bob Smith, Sep 22, 2003
    #3
  4. John Smith

    John Smith Guest

    Well, as it turns out, it appears to work for some reason!
    What I don't understand is why.
    I don't even have to read the STDIN such as:
    read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});

    So does Apache or something else automatically assign the STDIN parameters
    to param?
    I guess it's not that important if it works!

    Thanks for all,
    Guy Doucet

    > use this:
    > my $parameter = param('name_of_the_parameter_you_want');
    > print "parameter value is:$parameter";
    John Smith, Sep 22, 2003
    #4
  5. John Smith

    dw Guest

    > > use this:
    > > my $parameter = param('name_of_the_parameter_you_want');
    > > print "parameter value is:$parameter";

    >
    > Well, as it turns out, it appears to work for some reason!
    > What I don't understand is why.
    > I don't even have to read the STDIN such as:
    > read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});
    >
    > So does Apache or something else automatically assign the STDIN parameters
    > to param?
    > I guess it's not that important if it works!
    >


    CGI.pm does that for you. If you submit the form using GET, it gets its
    data from the URL. If you submit using POST, it gets its data from STDIN.
    dw, Sep 22, 2003
    #5
  6. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    "John Smith" <> wrote in
    news:pLDbb.13752$:

    > I hope I am not posting this to the wrong group, as it deals with HTML
    > and PERL.
    >
    >
    > I had a script that read information from the QUERY_STRING environment
    > variable, such as:
    > $temp=$ENV{'QUERY_STRING'};
    >
    > It received this information from an HTML document that used the GET
    > method to send its form data to the perl script, such as:
    > <FORM method="get" action="/cgi-bin/script.pl">
    >
    > This worked fine, but the form data ends up as part of the URL, such
    > as:
    > http://domainname/cgi-bin/script.pl?year=2003&pwd=12345
    >
    > This would not be too bad except that part of the information sent to
    > the perl script is a password.
    > I would prefer that this information not be part of the URL.


    Why not? It's not really any less secure than transmitting it via POST
    method.


    > Here is a look at part of my script.
    >
    > #!/usr/bin/perl
    >
    > use CGI qw:)standard);
    > my $query = new CGI;
    > print"Content-type: text/html\n\n";
    >
    > $cl=$ENV{'CONTENT_LENGTH'};
    > if ($cl > 0)
    > {
    > read(STDIN, $temp, $cl); # Read POST data from
    > STDIN print" 11.. temp = $temp <br>\n";
    > }
    > else
    > {
    > $temp=$ENV{'QUERY_STRING'}; # Get info submitted
    > from
    > HTML form
    > print" 12.. temp = $temp <br>\n";
    > }



    Why go to all this work? CGI.pm does all of this for you, and more.
    You're already using CGI.pm. Just ask it what the query parameters are.
    Don't parse it all out yourself.

    - --
    Eric
    $_ = reverse sort $ /. r , qw p ekca lre uJ reh
    ts p , map $ _. $ " , qw e p h tona e and print

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

    iQA/AwUBP29OxGPeouIeTNHoEQLG8gCg/unzlxZu6KEfiO89fLwUSB5jMN4An1Ix
    zePkKlXie2cFZIuwH1zXXmlK
    =ykXY
    -----END PGP SIGNATURE-----
    Eric J. Roode, Sep 22, 2003
    #6
  7. John Smith

    Juha Laiho Guest

    "Eric J. Roode" <> said:
    >"John Smith" <> wrote in
    >news:pLDbb.13752$:
    >> It received this information from an HTML document that used the GET
    >> method to send its form data to the perl script, such as:
    >> <FORM method="get" action="/cgi-bin/script.pl">
    >>
    >> This worked fine, but the form data ends up as part of the URL, such
    >> as:
    >> http://domainname/cgi-bin/script.pl?year=2003&pwd=12345


    Ok, change to method="POST", and adapt your script appropriately, and
    you're done.

    >Why not? It's not really any less secure than transmitting it via POST
    >method.


    The difference is that you don't see POST data from server logs, whereas
    GET data will be logged. It's not a major difference, but at least I
    feel more comfortable browsing server logs when the logs do not contain
    passwords.

    >> Here is a look at part of my script.

    ....
    >Why go to all this work? CGI.pm does all of this for you, and more.
    >You're already using CGI.pm. Just ask it what the query parameters are.
    >Don't parse it all out yourself.


    Heartily agreed.
    --
    Wolf a.k.a. Juha Laiho Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
    PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)
    Juha Laiho, Sep 23, 2003
    #7
  8. -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Juha Laiho <> wrote in
    news:bkppjk$ki2$-int:

    > "Eric J. Roode" <> said:

    ....
    > Ok, change to method="POST", and adapt your script appropriately, and
    > you're done.
    >
    >>Why not? It's not really any less secure than transmitting it via
    >>POST method.

    >
    > The difference is that you don't see POST data from server logs,
    > whereas GET data will be logged. It's not a major difference, but at
    > least I feel more comfortable browsing server logs when the logs do
    > not contain passwords.


    Mmmm, I *suppose*... but if you're worried about your sysadmins snooping
    passwords from the apache logs, you've got bigger problems. :)

    - --
    Eric
    $_ = reverse sort $ /. r , qw p ekca lre uJ reh
    ts p , map $ _. $ " , qw e p h tona e and print

    -----BEGIN PGP SIGNATURE-----
    Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

    iQA/AwUBP3D2TWPeouIeTNHoEQJM3gCg6QBdZijrDUwVQV0yK7mBcvf33GgAn2RY
    d3Ao1tT+k2XU+Rb++5TQTsnF
    =+fzH
    -----END PGP SIGNATURE-----
    Eric J. Roode, Sep 24, 2003
    #8
  9. John Smith

    Juha Laiho Guest

    "John Smith" <> said:
    >Well, as it turns out, it appears to work for some reason!
    >What I don't understand is why.
    >I don't even have to read the STDIN such as:
    > read(STDIN, $temp, $ENV{'CONTENT_LENGTH'});
    >
    >So does Apache or something else automatically assign the STDIN parameters
    >to param?
    >I guess it's not that important if it works!


    Responding late, hope you still follow this thread.

    Please DO read the CGI.pm documentation -- it'll contain a number
    of other helpful tools for you as well.

    http://www.perldoc.com/perl5.6.1/lib/CGI.html

    --
    Wolf a.k.a. Juha Laiho Espoo, Finland
    (GC 3.0) GIT d- s+: a C++ ULSH++++$ P++@ L+++ E- W+$@ N++ !K w !O !M V
    PS(+) PE Y+ PGP(+) t- 5 !X R !tv b+ !DI D G e+ h---- r+++ y++++
    "...cancel my subscription to the resurrection!" (Jim Morrison)
    Juha Laiho, Sep 27, 2003
    #9
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Johnathan Doe

    peek at stdin, flush stdin

    Johnathan Doe, May 15, 2004, in forum: C Programming
    Replies:
    5
    Views:
    24,830
    Chatoyer
    May 17, 2013
  2. Charlie Zender

    Reading stdin once confuses second stdin read

    Charlie Zender, Jun 19, 2004, in forum: C Programming
    Replies:
    6
    Views:
    768
    Dan Pop
    Jun 21, 2004
  3. Markus Mayer

    Linux: Unbuffered reading from stdin

    Markus Mayer, Oct 22, 2007, in forum: C Programming
    Replies:
    7
    Views:
    1,429
    David Thompson
    Nov 4, 2007
  4. Ben
    Replies:
    2
    Views:
    1,326
    jacob navia
    Aug 29, 2009
  5. Stefano Sabatini
    Replies:
    6
    Views:
    285
    Stefano Sabatini
    Jul 29, 2007
Loading...

Share This Page