Kaye and Geoff's web page documentation 

Read and display the guestbook entries

To keep the process of writing to the guestbook fairly simple, the HTML is in three separate files, so we need to read it using a form and a CGI, rather than linking to an HTML page with an anchor (A) tag.

The header file has the appropriate HTML (including the MIME text at the top of the header) which is required before we get to the guestbook entries. The file contains the guestbook entries with HTML code included by the CGI which appends the entries. The footer file just completes the HTML. By taking advantage of Unix operating system calls, the reading CGI can be quite simple:

#!/usr/bin/perl # # CGI to display the guestbook # print `cat /docs/guestbook.head`; print `cat /docs/guestbook`; print `cat /docs/guestbook.tail`; exit;

However, we have included an option where the user can select all the entries, or a specified number of the most recent. This makes things a little bit more complex, but as above we can take advantage of Unix:

#!/usr/bin/perl # # CGI to display the guestbook with a choice of entries # $paramstr = <STDIN>; foreach $item (split(/&/, $paramstr)) { ($name, $value) = split (/=/, $item); if ($name eq "nentries") {$nentries = $value}; } $nentries =~ s/[\D]//g; if (!$nentries) { $nentries = 0; } print (`cat guestbook.head`); if ($n < 1) { print (`cat guestbook`); } else { print (`tail $nentries guestbook`); } print (`cat guestbook.tail`); exit;

Reading the information passed from the form uses similar code as in previous examples. We must ensure that the number of entries is in fact a number since it is used as a parameter in the Unix "tail" command - remember that anything might be entered in the form field. The backquoted strings contain system commands which return the value of the command. "cat" lists the contents of a file and "tail" lists the specified number of lines from the end of the file.

In passing, note that using values entered via the web in a system command can be a very dangerous thing to do in Unix, although as it happens in the above example the filtering on the number field should make it safe. Perl's 'taint' mode is a powerful aid in detecting possible security weaknesses in your code, but you should also take other precautions as appropriate - for example stripping any input of debatable characters (especially backslashes with Unix servers) and generally avoiding using any input data in any system context.