Perl cgi which button pressed

A password field is similar to a text field, except that instead of displaying the true value of the field, the browser represents each character with an asterisk or bullet refer back to Figure 4. This field does not provide any true security; it simply provides basic protection against someone looking over the shoulder of the user.

The value is not encrypted when it is transferred to the web server, which means that passwords are displayed as part of the query string for GET requests. All the attributes that apply to text fields also apply to password fields.

Hidden fields are not visible to the user. They are generally used only with forms which are themselves generated by a CGI script and are useful for passing information between a series of forms:.

Like password fields, hidden fields provide no security. Users can view the name and value of hidden fields by viewing the HTML source in their browsers.

Checkboxes are useful when users simply need to indicate whether they desire an option. See Figure 4. The user can toggle between two states on a checkbox: checked or unchecked. The tag looks like this:. If the checkbox is not selected, neither the name nor the value is returned for the checkbox. It is possible to have multiple checkboxes use the same name. In fact, this is not uncommon. The most typical situation in which you might do this is if you have a dynamic list of related options and the user could choose a similar action for all of them.

For example, you may wish to list multiple options this way:. If, however, the CGI script does not need to know the name of each of the options in order to perform its task, you may wish to do this instead:.

The CGI script can process these multiple toppings, and you may not need to update the CGI script if you later add items to the list. Attributes for checkboxes include:. If the checkbox is not checked, then neither its name nor value will be sent. Omitting this attribute causes the checkbox to be unselected by default.

Checkboxes also take the onCheck attribute, which indicates the JavaScript code that should be executed when the checkbox is selected. Radio buttons are very similar to checkboxes except that any group of radio buttons that share the same name are exclusive: only one of them may be selected.

Browsers will generally render both as selected, but they will be unselected as soon as the user selects a different option and the user will be unable to return the form to this initial state unless it has a reset button of course. A submit button does just what the name implies. It submits the contents of the form see Figure 4. When the user clicks on a submit button, the browser runs any associated JavaScript onSubmit handler, formats an HTTP request according to the form method and form encoding type, then sends this request to the URL specified by the form action.

The result is then displayed as a new web page. Only the name and value of the submit button clicked is included in the form submission. Here are the attributes it supports:. The VALUE attribute for submit buttons specifies the text that should be displayed on the button as well as the value supplied for this element when the form is submitted. Submit buttons may have an onClick JavaScript handler, which specifies the code to execute if the user clicks the button.

Returning a false value from this code cancels the submit operation. A reset button allows users to reset the value of all the fields in a form to their default values. Because the browser accomplishes this event without consulting the web server, CGI scripts never respond to it. The HTML tag looks like this:. You may have multiple reset buttons on the same form, although this would almost certainly be redundant.

Thus, the name is only useful to JavaScript code. Like submit buttons, reset buttons may have an onClick attribute that specifies the JavaScript code to execute if a user clicks on the button; returning false from this code will cancel the reset operation. You can also have images as buttons. Image buttons function as submit buttons but give you much more flexibility over how the button looks. Keep in mind that users are generally used to having buttons displayed a particular way by the browser and operating system, and a button in a different format may be confusing to a novice.

The HTML for an image button tag looks like this:. Graphical and text-only browsers treat this element very differently. A text-only browser, such as Lynx, sends the name and value together like most other form elements:. However, a graphical browser, like Netscape and Internet Explorer, send the coordinates where the user clicked on the image in addition to the name of the button.

The value is not sent. These coordinates are measured in pixels from the upper-left corner of the image see Figure 4. The last type of button is just that—a button; it has no special function. To avoid confusing this button with the other button types, we will refer to it as a plain button. A plain button tag looks like a submit or reset button:. The name and value of a plain button is never passed to a CGI script.

The second argument -values is the list of values for the radio buttons. The values and the labels that appear on the page are identical. The optional third parameter -default is the name of the default button to turn on. You can provide a nonexistent button name, such as "-" to start up with no buttons selected.

The optional fourth parameter -linebreak can be set to 'true' to put line breaks between the buttons, creating a vertical list. The optional fifth parameter -labels is a pointer to an associative array relating the radio button values to user-visible labels to be used in the display. If not provided, the values themselves are displayed. All modern browsers can take advantage of the optional parameters -rows , and -columns. To include row and column headings in the returned table, you can use the -rowheader and -colheader parameters.

Both of these accept a pointer to an array of headings to use. The headings are just decorative. They don't reorganize the interpretation of the radio buttons -- they're still a single named unit. The first argument -name is optional. You can give the button a name if you have several submission buttons in your form and you want to distinguish between them.

The second argument -value is also optional. This gives the button a value that will be passed to your script in the query string.

The name will also be used as the user-visible label. You can use -label as an alias for -value. I always get confused about which of -name and -value changes the user-visible label on the button. Note that it restores the form to its value from the last time the script was called, NOT necessarily to the defaults. Note that this conflicts with the Perl reset built-in. Use CORE::reset to get the original reset function.

It is useful for passing state variable information from one invocation of the script to the next. The second argument is also required and specifies its value -default. In the named parameter style of calling, you can provide a single value here or a reference to a whole list. Note, that just like all the other form elements, the value of a hidden field is "sticky". If you want to replace a hidden field with some other values after the script has been called once you'll have to do it manually:.

When it's pressed the fragment of JavaScript code pointed to by the -onClick parameter will be executed. On non-Netscape browsers this form element will probably not even display.

Netscape browsers versions 1. The browser maintains a list of cookies that belong to a particular Web server, and returns them to the CGI script during subsequent interactions. The cookie will be saved and returned to your script until this expiration date is reached if the user exits the browser and restarts it. If an expiration date isn't specified, the cookie will remain active until the user quits the browser. This is a partial or complete domain name for which the cookie is valid.

The browser will return the cookie to any host that matches the partial domain name. For example, if you specify a domain name of ". Domain names must contain at least two periods to prevent attempts to match on top level domains like ". If no domain is specified, then the browser will only return the cookie to servers on the host the cookie originated from. If you provide a cookie path attribute, the browser will check it against your script's URL before returning the cookie.

If the "secure" attribute is set, the cookie will only be sent to your script if the CGI request is occurring on a secure channel, such as SSL. The name of the cookie required. This can be any string at all. Although browsers limit their cookie names to non-whitespace alphanumeric characters, CGI. The value of the cookie. This can be any scalar value, array reference, or even associative array reference.

For example, you can store an entire associative array into a cookie this way:. The optional expiration date for this cookie. The format is as described in the section on the header method:. The cookie created by cookie must be incorporated into the HTTP header within the string returned by the header method:.

To retrieve a cookie, request it by name by calling cookie method without the -value parameter:. Cookies with array and hash values can also be retrieved. The cookie and CGI namespaces are separate. If you have a parameter named 'answers' and a cookie named 'answers', the values retrieved by param and cookie are independent of each other. However, it's simple to turn a CGI parameter into a cookie, and vice-versa:. If you call cookie without any parameters, it will return a list of the names of all cookies passed to your script:.

It's possible for CGI. There are three techniques for defining new frames programmatically:. Specify your script s with appropriate parameters as the SRC for each of the frames. See the frame documentation in Netscape's home pages for details. This will tell the browser to load the output of your script into the frame named "ResultsWindow".

If a frame of that name doesn't already exist, the browser will pop up a new window and load your script's document into that. There are a number of magic names that you can use for targets. See the frame documents on Netscape's home pages for details.

When your script is reinvoked by the form, its output will be loaded into the frame named "ResultsWindow". If one doesn't already exist a new window will be created. The script "frameset. Netscape versions 2. Internet Explorer, 3. JavaScript isn't the same as Java, and certainly isn't at all the same as Perl, which is a great pity. JavaScript allows you to programmatically change the contents of fill-out forms, create new windows, and pop up dialog box from within Netscape itself.

From the point of view of CGI scripting, JavaScript is quite useful for validating fill-out forms prior to submitting them. You'll need to know JavaScript in order to use it. There are many good sources in bookstores and on the web.

Events include such things as the mouse passing over a form element, a button being clicked, the contents of a text field changing, or a form being submitted. When an event occurs that involves an element that has registered an event handler, its associated JavaScript code gets called.

There are a large number of events, and each applies only to the elements for which it is relevant. Here is a partial list:. The user has pressed the submit button of a form. This event happens just before the form is submitted, and your function can return a value of false in order to abort the submission.

Valid for:. For example, to have your validateAge JavaScript code executed every time the textfield named "age" changes, generate the field like this:. The CGI. The value of this parameter may be a scalar, in which case it is treated as the source URL for the stylesheet, or it may be a hash reference. In the latter case you should provide the hash with one or more of -src or -code. Style definitions in -code override similarly-named ones in -src , hence the name "cascading.

You may also specify the type of the stylesheet by adding the optional -type parameter to the hash pointed to by -style.

To refer to a style within the body of your document, add the -class parameter to any HTML element:. Note that you must import the ":html3" definitions to have the span method available. Here's a quick and dirty example of using CSS's. Pass an array reference to -code or -src in order to incorporate multiple stylesheets into your document.

Should you wish to incorporate a verbatim stylesheet that includes arbitrary formatting in the header, you may pass a -verbatim tag to the -style hash, as follows:. You can pass keywords like this:. To test the POST method, you may enable full debugging with the -debug pragma. This is useful for debugging purposes:. Some of the more useful environment variables can be fetched through this interface. The methods are as follows:.

Return a list of MIME types that the remote browser accepts. Glob types e. Note that the capitalization changed between version 2. Cookies have a special format, and this method call just returns the raw form?

See cookie for ways of setting and retrieving cooked cookies. You can separate it into individual cookies by splitting on the character sequence "; ". Called with the name of a cookie, retrieves the unescaped form of the cookie. Returns additional path information from the script URL.

If you use the ordinary file associations mapping, the path information will be present in the environment, but incorrect. Return the URL of the page the browser was viewing prior to fetching your script. Not available for all browsers. Use this when running with virtual hosts. Attempt to obtain the remote user's name, using a variety of different techniques. This only works with older browsers such as Mosaic.

Newer browsers do not report the user name for privacy reasons! Called with the name of an HTTP header field, returns its value. Capitalization and the use of hyphens versus underscores are not significant. Can be used to determine whether SSL is turned on.

NPH, or "no-parsed-header", scripts bypass the server completely by sending the complete HTTP header directly to the browser. This has slight performance benefits, but is of most use for taking advantage of HTTP extensions that are not directly supported by your server, such as server push and PICS headers. Many Unix servers look at the beginning of the script's name for the prefix "nph-". When in this mode, CGI. You do not need to do this manually, although it won't hurt anything if you do.

To import these into your namespace, you must import the ":push" set. It then sleeps a second, and begins again. Initialize the multipart system. The -boundary argument specifies what MIME boundary string to use to separate parts of the document. If not provided, CGI. Start a new part of the multipart document using the specified MIME type. End a part. End all parts. A potential problem with CGI. While the script attempts to allocate the memory the system may slow down dramatically. This is a form of denial of service attack.

Another possible attack is for the remote user to force CGI. The best way to avoid denial of service attacks is to limit the amount of memory, CPU time and disk space that CGI scripts can use. Some Web servers come with built-in facilities to accomplish this. In other cases, you can use the shell limit or ulimit commands to put ceilings on CGI resource usage.

These take the form of two global variables in the CGI name space:. If set to a non-negative integer, this variable puts a ceiling on the size of POSTings, in bytes.

If CGI. You should set this to a reasonably high value, such as 1 megabyte. If set to a non-zero value, this will disable file uploads completely.

Other fill-out form values will work as usual. Open up CGI. This error message is actually defined by the HTTP protocol, and is designed to be returned to the browser as the CGI script's status code.

However it isn't clear that any browser currently knows what to do with this status code. It might be better just to create an HTML page that warns the user of the problem. To make it easier to port existing programs that use cgi-lib. Porting is simple:. Like ReadParse, you can also provide your own variable. This allows you to start using the more interesting features of CGI. Address bug reports and comments to: lstein cshl.

When sending bug reports, please provide the version of CGI. If the problem is even remotely browser dependent, please provide information about the affected browers as well. For more information on module installation, please visit the detailed CPAN module installation guide. Lincoln D. LDS Lincoln D. The current version of CGI. To get around this warning, you have several choices: Use another name for the argument, if one is available. Change the capitalization, e.

You can also use a named argument style using the -name argument. For example:? This became the default in version 2. See the section on debugging for more details. The temporary directory is selected using the following algorithm: 1. HTTP defines three different possible redirection status codes: Moved Permanently Found See Other The default if not specified is , which means "moved temporarily. Guess again.

The old-style positional parameters are as follows: Parameters: 1. The title 2. For example: script. If you want to change the value of a field from its previous value, you have two choices: 1 call the param method to set it. Two values are possible: Note: This method was previously named startform , and startform is still recognized as an alias.

The standard arguments are as follows: -name The name of the field. Parameters 1. The first parameter is the required name for the field -name. The optional third parameter is the size of the field in characters -size. This is the recommended idiom.

The required first argument is the menu's name -name. Parameters: 1. The optional fourth argument is the size of the list -size. The first argument is the name of the group and is required -name.

Every form should have one of these. The first argument is required and specifies the name of this field -name. The first argument -name is required and specifies the name of this field. The second argument -src is also required and specifies the URL 3. Its parameters include: -name The name of the cookie required. There are three techniques for defining new frames programmatically: 1. With CGI.

Here is a partial list: onLoad The browser is loading the current document. The Microsoft IIS is broken with respect to the translated path as well. In the use statement Simply add the "-nph" pragmato the list of symbols to be imported into your script: use CGI qw :standard -nph By calling the nph method: Call nph with a non-zero parameter at any point after using CGI.

Here is a simple script that demonstrates server push:! Users interested in server push applications should also have a look at the CGI::Push module. Only Netscape Navigator supports server push. Internet Explorer browsers do not. You can use these variables in either of two ways. Globally for all scripts Open up CGI. PL To make it easier to port existing programs that use cgi-lib. All rights reserved. Bunce ig. MacKenzie fulcrum. Hendricks kbhend dogwood.

Like submit buttons, reset buttons may have an onClick attribute that specifies the JavaScript code to execute if a user clicks on the button; returning false from this code will cancel the reset operation. You can also have images as buttons. Image buttons function as submit buttons but give you much more flexibility over how the button looks. Keep in mind that users are generally used to having buttons displayed a particular way by the browser and operating system, and a button in a different format may be confusing to a novice.

The HTML for an image button tag looks like this:. Graphical and text-only browsers treat this element very differently. A text-only browser, such as Lynx, sends the name and value together like most other form elements:.

However, a graphical browser, like Netscape and Internet Explorer, send the coordinates where the user clicked on the image in addition to the name of the button. The value is not sent. These coordinates are measured in pixels from the upper-left corner of the image see Figure The last type of button is just that -- a button; it has no special function.

To avoid confusing this button with the other button types, we will refer to it as a plain button. A plain button tag looks like a submit or reset button:. The name and value of a plain button is never passed to a CGI script. Because a plain button has no special action, it is meaningless without an onClick attribute:. The onClick attribute specifies the code to run when the button is clicked. The code's return value has no effect because plain buttons do not cause other behavior.

It can create two different elements that look quite different but have similar function: a scrolling box or a menu also commonly referred to as a drop-down. Both elements are displayed in Figure Scrolling boxes may optionally allow the user to select multiple entries. Multiple options are encoded as separate name-value pairs, as if they had been entered by multiple form elements. The SIZE attribute determines the number of lines visible in the list. Specifying 1 for the SIZE indicates that the list should be a menu instead.

It is only possible if the SIZE attribute is assigned a value greater than 1. On some operating systems, the user may need to hold down certain modifier keys on their keyboard in order to select multiple items. Default text should be placed between the opening and closing tags. A browser will render the example above with "Default" and "text" on separate lines.

The COLUMNS attribute specifies the width of the text area, but like the size of text fields, browsers size columns differently for variable-width fonts.

The ROWS attribute specifies the number of lines that the text area should display. Text bars have scrollbars to access text that does not fit within the display area. The WRAP attribute specifies what the browser should do if the user types beyond the right margin, but note that the WRAP attribute is not implemented as uniformly as other tags and attributes.

Although most browsers support it, it is actually not included in the HTML 4. In general, specifying " virtual" as the WRAP results in the text wrapping within the text area, but it is submitted without newlines. Specifying " physical" as the WRAP also results in the text wrapping for the user, but the line breaks are submitted as part of the text. Users on different operating systems will submit different characters for end-of-line characters.

If you specify to omit the WRAP attribute or specify "none" for it, then text will typically scroll beyond the right side of the text area. All rights reserved. CGI Programming with Perl. Quick Reference to Form Tags Before we get going, Table shows a short list of all the available form tags.

Table A document can consist of multiple forms, but one form cannot be nested inside another form.