Accepting User Inputs - WindyJ's NDC Notes

The point of Server-Side Scripts is to use input from the User to create a page. One way to do so is to pass it as a **parameter** through the URL with a question mark after your script filename, like so; `https://coding.ndcfinearts.ca/cgi-bin/firstperl.cgi?Windsor` Your script needs to receive that information. It does so through what is known as a Global Hash, meaning that it already exists on the server, so you do not need to instantiate it. The `%ENV` (usually referred to as the Environment Hash) will hold the information the User has sent to you in the `QUERY_STRING` key. You call it with `$ENV{'QUERY_STRING'}`. Consider the link above, and how `firstperl.cgi` could use the information as below; ```perl $myInput = $ENV{'QUERY_STRING'}; print "Mr. $myInput is a super geek."; ``` >CHALLENGE: Try creating a script that accepts an input from the user as a parameter, and prints something to the screen from that input. One idea is to create a script that accepts a user's name, and provides them with a "Welcome" message. # URL Parameters Have Limitations Up until now you have been relying on your users calling on your PERL scripts with appropriate browser-based parameters. This is a very unreliable strategy. - It requires that users know the exact format your script will accept - It allows for a great deal of human error that you will either have to script for, or accept. HTML Forms force your users to send data exactly the way you want it. - For every `<input>` or `<select>` you give it a name attribute. - The HTML Form, when submitted, sends both the name attribute and the value the user inputs. - You receive the information and store it in the form of a Hash. When we last did this, it directed to a script Mr. Windsor created that allowed you to send emails. This time we will be sending our forms to a script you create. ## HTML Forms Review In your HTML, your forms need to be directed to the proper script. ```html <form method="post" action="https://coding.ndcfinearts.ca/cgi-bin/YOURID/practice.cgi"> ``` The Form will POST data to the script you identify. You then create the remainder of the form in your HTML file the way you want using the following tags as some of the many options you can choose. ```html <input type="hidden" name="mySecretKey" value="WouldntYouLikeToKnow" /> <input type="text" name="name" /> <input type="checkbox" name="gimmemoney" /> <select name="house"> <option value="G">Gryffindor</option> <option value="H">Hufflepuff</option> <option value="R">Ravenclaw</option> <option value="S">Slytherin</option> </select> ``` Don’t forget to close your `<form>` tag with `</form>`! # Receiving Data from a Form When data is sent via the URL parameters (`my.cgi?these&are&parameters`), that information is stored in the Query String of the Environment Hash (`$ENV{'QUERY_STRING'}`). There is a defined end to that value that the server thinks is obvious. *Form data* is instead sent to the Standard Input (`STDIN`). - There are many ways of sending data to the Standard Input (the terminal, a stream, other server functions), and hackers know this. It's important you only accept the data you want, which is the data the user sent through a form. First, check to see if some form data was actually sent using the Content Length Environment Variable; ```perl if ($ENV{'CONTENT_LENGTH'}) { # returns 1 if there was any data, 0 if not. ``` Then read the Standard Input, but only the amount the user sends, represented by that Content Length Environment Variable, and save it to your own variable; ```perl read(STDIN, $fromUser, $ENV{'CONTENT_LENGTH'}); # reads the standard input to the length desired, saves it to your own scalar variable ``` Don't forget to close your if statement! `}` # Working with HTML Form Data Once you've received the data, you can now do many of the same things as you did before to use that data. We will first turn all the information into a **hash** that you can work with, where the *keys* will be the *names* you gave each HTML Form Element, and the values will be data entered by the user. We will write code so that the HTML element `<input type="text" name="mine">` will result in the **hash** `$USERDATA{'mine'}` being equal to whatever the user typed in. ```perl $fromUser =~ s/%20/ /g; # replace all ASCII coded spaces with actual spaces @pairs = split(/\&/,$fromUser); #split into every tag from your Form %USERDATA = (); # instantiate a hash to store it all in for (@pairs) { # for every tag from your Form ($name,$value) = split(/=/,$_); # get the name attribute & the value the user sent $USERDATA{$name} = $value; # place it in your hash } ``` Then use that information to produce an HTML page you want. ```perl print "Your name was $USERDATA{'name'}<br>\n"; if ($USERDATA{'house'} eq "R") { print "Welcome to Ravenclaw<br>\n"; } else { print "The Grey Lady will not speak to you.<br>\n"; } ```