On Tue, 17 Jul 2001 [EMAIL PROTECTED] wrote:
> At this point I have a Perl script that parses a text file and creates
> a number o fHTML files according to command line arguments like date,
> file_output, and so on.
> I want a person to fill out a form, submit it, which then activates
> the file creation script.
Why not adapt the file creation script to include the cleaning up of form
input, and use it directly? You can then specify that script in the form
tag e.g. <form action="/foo/bar/creation.cgi" method=post>
Don't forget to use -wT and untaint all the input using regexes. If
you have the O'Reilly book 'CGI Programming with Perl' make sure to read
the chapter on security. Even though *this* script is just for use
internally, and you feel sure you can trust this particular user not to be
malicious:
* he/she may make mistakes
* this script may be reused in another context
If you stick to best practice now, you will make your life easier in the
future.
Best wishes,
Rachel Coleman
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
