Okay, I played around with your code a bit, and got it to work (using the ls command anyway, I changed it back to your vmquery when I was done). Just to qualify this -- I changed enough of your code to make it function, and I altered the formatting just a bit in some areas. But there very well may be other issues left in your code which need worked out :-)

I changed several things. I added an "if" statement at the beginning that checks to see if the form is being submitted, or if the page is being loaded for the first time. If the page is being loaded for the first time, we just need to display the form. If the form was submitted, we need to run the command, and display the output.

As was mentioned, the -action line needed to be changed to -value. Also, $mediaID was never initialized, I think you meant to grab it from the CGI parameter. And the sub vmquery didn't yet exist. I created that, and have it executing your command.

Before the vmquery command is executed, it's now calling a sub named check_param. It's job is to validate the parameter sent to you by the user. I recommend spending a lot of time in that function, making sure to develop a good regex to verify that the paramter that the user sent you is valid. But without further ado:

#!/usr/local/bin/perl -w 
                         
use strict;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use diagnostics;
$|++;

my $query = new CGI;

print $query->header;

# Where we sent the mediaID parameter?
if (defined $query->param('mediaID')) {
    vmquery($query);
}   
            
# If we weren't sent the mediaID parameter, just display the form.
else {              
    $query->start_html ( -title => "Tape Pull Process Tool"
                         -bgcolor => "ffffff" ),
    $query->h1 ("Process Tape Pulls" ),
    $query->hr;

    print_prompt($query);
    makeEnd($query);
}

sub print_prompt {
    my $query = shift;

    my $cmd = "default_value";

    print   $query->start_form;
    print   $query->p("Beginning: Date & Time"),
            $query->textfield (
                    -name=>"from",
                    -size=>22,
                    -maxlength=>19Ü
            );

     print  $query->p("End: Date & Time"),
            $query->textfield (
                    -name =>"to",
                    -size =>22,
                    -maxlength=>19Ü
            );

    print   $query->p("Tape ID"),
            $query->textfield (
                    -name=>"mediaID",
                    -value => "$cmd",
                    -size =>25,
                    -maxsize =>25Ü
            );
    print   "             \@mitre.org";
    print   "<p>", $query->reset;
    print   $query->submit('action','submit');
    print   $query->end_form;
    print   "<hr>";
}

sub makeEnd {
    my ($query) = shift;

    print   $query->end_html;
}

# Sub which executes the vmquery command
sub vmquery {
    my $query = shift;

    my $cmd_param = check_param( $query->param('mediaID') );
    my $cmd = "/opt/openv/volmgr/bin/vmquery -m $cmd_param";

    print "Running the command: $cmd<br>";
    print `$cmd`;
}

# Verify that the parameters sent from the browser are sane
sub check_param {
    my $param = shift;

    # You need to do some serious parameter checking here, you probabl
+y want to
    # put something better than this in
    $param =~ m/^(\w+)$/;

    return $1;
}
[download]

--
Lucy: "What happens if you practice the piano for 20 years and then end up not being rich and famous?"
Schroeder: "The joy is in the playing."