------_=_NextPart_001_01C4D71E.7D18C9E0
Content-Type: text/plain;
charset="iso-8859-1"

Hi All,

Can someone please recommend a book for me. I do some web administration w/
perl scripts. I would like to create a web page w/ drop down menus... and
depending on the selection criteria, run that script. I searched on Google
a little, but not really sure what I'm looking for. :~)

Thanks!

Brian Volk
HP Products
317.298.9950 x1245
<mailto:bvolk [at] hpproducts.com> bvolk [at] hpproducts.com



------_=_NextPart_001_01C4D71E.7D18C9E0--

O'Reilly is your friend (IMHO). You need a good HTML book, and Musciano is
its author. You need the "Camel book" ("Learning Perl", Schwartz et al),
and probably the "Llama book" ("Programming Perl", Wall et al). I'm happy
with them all. I haven't yet found a definitive Apache/CGI book, but you
will need one! I usually take an afternoon to go to my local decent book
shop (here, Barnes & Noble in State College PA), and just plain browse...
And ordering them online will probably save a few bucks too.

HTH, G.


-----Original Message-----
From: Brian Volk [mailto:BVolk [at] HPProducts.com]
Sent: Tuesday, November 30, 2004 3:52 PM
To: Beginners (E-mail)
Subject: Running Perl Scripts Via A Web Page

Hi All,

Can someone please recommend a book for me. I do some web administration w/
perl scripts. I would like to create a web page w/ drop down menus... and
depending on the selection criteria, run that script. I searched on Google
a little, but not really sure what I'm looking for. :~)

Thanks!

Brian Volk
HP Products
317.298.9950 x1245
<mailto:bvolk [at] hpproducts.com> bvolk [at] hpproducts.com



--
To unsubscribe, e-mail: beginners-unsubscribe [at] perl.org
For additional commands, e-mail: beginners-help [at] perl.org
<http://learn.perl.org/> <http://learn.perl.org/first-response>

G'day...

> Can someone please recommend a book for me. I do some web
> administration w/ perl scripts. I would like to create a web
> page w/ drop down menus... and depending on the selection
> criteria, run that script. I searched on Google a little,
> but not really sure what I'm looking for. :~)


The main module that you need to know about is CGI (it seems like the
defacto module everyone uses - and for good reason), and I personally
also use CGI::Untaint (for reading in form data).

Take a look at the package on CPAN - go to http://search.cpan.org/ and
search for CGI - read the documentation. (Sorry, this may seem like the
long way around, but reading it for the purpose of something you're
working on may help.)

I've also read the ORA book on this subject, but I don't know if I'd
recommend it that highly - you may wish to check it out for yourself
before purchasing it.

It also sound like some of what your doing may require client-side
processing rather than server-side processing i.e. using JavaScript. (I
could be wrong on this though.) It's what you want if you want to
modify the appearance of a web page whilst a user is viewing it.

Anyway, check out CGI and CGI::Untaint - now I'm wondering what others
on this list would recommend regarding CGI::Untaint(?). :)


All the best!

Regards,


Michael S. E. Kraus
Software Developer
Wild Technology Pty Ltd
_______________________________
ABN 98 091 470 692
Level 4 Tiara, 306/9 Crystal Street, Waterloo NSW 2017, Australia
Telephone 1300-13-9453 | Facsimile 1300-88-9453
http://www.wildtechnology.net

The information contained in this email message and any attachments may
be confidential information and may also be the subject of client legal
- legal professional privilege. If you are not the intended recipient,
any use, interference with, disclosure or copying of this material is
unauthorised and prohibited. This email and any attachments are also
subject to copyright. No part of them may be reproduced, adapted or
transmitted without the written permission of the copyright owner. If
you have received this email in error, please immediately advise the
sender by return email and delete the message from your system.

--
To unsubscribe, e-mail: beginners-unsubscribe [at] perl.org
For additional commands, e-mail: beginners-help [at] perl.org
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Michael Kraus wrote:
> now I'm wondering what others on this list would recommend regarding
> CGI::Untaint(?). :)

Didn't know it existed until you mentioned it.

My philosophy, when running a program in taint mode, is that validating
form data and untainting are two separate things: I validate much of the
data to prevent that my app stores bad data and/or generates bad output,
while I only untaint those variables that are used for system interaction.

The (very) quick look I had at the CGI::Untaint POD leaved the
impression that it's designed for untainting all CGI data. If that's the
case, I have to ask what the point is. Isn't it even more secure to
leave user provided data, that are not used in system operations, tainted?

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

--
To unsubscribe, e-mail: beginners-unsubscribe [at] perl.org
For additional commands, e-mail: beginners-help [at] perl.org
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Gunnar Hjalmarsson wrote:
> Michael Kraus wrote:
>
>> now I'm wondering what others on this list would recommend regarding
>> CGI::Untaint(?). :)
>
>
> Didn't know it existed until you mentioned it.

Me either :)

> My philosophy, when running a program in taint mode, is that validating
> form data and untainting are two separate things: I validate much of the

I second that also, the docs say:

"If any of the validation rules change, you often have to alter them
in many different places. And, if you want to operate taint-safe, then
you're just adding even more headaches."

So if you use this module and it changes you'd probably have to change
it in as many places just different places.

> data to prevent that my app stores bad data and/or generates bad output,
> while I only untaint those variables that are used for system interaction.
>
> The (very) quick look I had at the CGI::Untaint POD leaved the
> impression that it's designed for untainting all CGI data. If that's the
> case, I have to ask what the point is. Isn't it even more secure to
> leave user provided data, that are not used in system operations, tainted?

Yeah I think also, why run in taint moe if you just want to untaint it
all basically blindly. Just turn off taint mode :)

You still need to validate that the input is what you want, and as
Gunner said validation and untainting are better off as seperate things
even if they do overlap sometimes in use.

So I think for what it does (as least as far as I understand it form the
docs CGI::Validate would be a better name for it...

Just my .02 ;p

--
To unsubscribe, e-mail: beginners-unsubscribe [at] perl.org
For additional commands, e-mail: beginners-help [at] perl.org
<http://learn.perl.org/> <http://learn.perl.org/first-response>

JupiterHost.Net wrote:
>
>
> Gunnar Hjalmarsson wrote:
>
>> Michael Kraus wrote:
>>
>>> now I'm wondering what others on this list would recommend regarding
>>> CGI::Untaint(?). :)

While thinking about this again, one reason I'm not sure I like it is it
sounds like more a pragma

like use streict; no strict;

It *seems* like it should turn off tainting if you have it on.

I think, CGI::Validate would have been a better name since it describes
what its supposed to be doing better and if it happens to untaint data
in the process so be it.
(Maybe have an untaint function that untaints all theinput but agian why
have taint mode on at all if you're doing that?)

The way it is, first glance tells me its only usefull if the cgi is
running intaint mode.

I don't like things that make it difficult to maintain code :)

Ok, I'm done :)

--
To unsubscribe, e-mail: beginners-unsubscribe [at] perl.org
For additional commands, e-mail: beginners-help [at] perl.org
<http://learn.perl.org/> <http://learn.perl.org/first-response>

JupiterHost.Net wrote:
> I think, CGI::Validate would have been a better name since it describes
> what its supposed to be doing better and if it happens to untaint data
> in the process so be it.

You have a point there. If the module enforces validation of form data,
it does a good thing. All too many scripts out there don't validate the
data properly. Forcing people to think is good. :)

> (Maybe have an untaint function that untaints all theinput but agian why
> have taint mode on at all if you're doing that?)

The idea seems to be to combine validating and untainting, and like you
I question that idea. Most user data never need to be untainted, and I
think it's good that you think twice before using such data in system
operations.

OTOH, since only validated data get untainted, maybe it does not hurt
too much.

Comments from others would be appreciated. Michael, what's your thinking
behind using CGI::Untaint?

--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl

--
To unsubscribe, e-mail: beginners-unsubscribe [at] perl.org
For additional commands, e-mail: beginners-help [at] perl.org
<http://learn.perl.org/> <http://learn.perl.org/first-response>