Greetings cal,
Fortunately (from a security perspective) you can't just run Perl subs via HTML. You'll need to pass your action request via HTTP to your CGI that will interpret it and run the function that you desire.
The HTML might look something like:
<FORM action="yourscript.cgi" method=post>
<INPUT type=hidden name=action value="storeevent">
...
Then you're Perl might something look like:
#!/usr/bin/perl -wT
use strict;
use CGI;
$CGI::DISABLE_UPLOADS = 1;
$CGI::POST_MAX = 1024;
my $cgi = new CGI;
my $action = $1 if $cgi->param('action') =~ /^(\w+)+/;
&store_event if ($action eq 'storeevent');
Whatever you do, don't be tempted to do something like:
my $action = $cgi->param('action');
&$action;
UPDATE: The above assumes two things: first that you'll print out the HTTP header elsewhere in your script before sending HTML, and second that the "action" CGI parameter is always defined. If it's not, then you'll get a warning. In such cases, you could use:
my $action = (defined $cgi->param('action')) ?
($cgi->param('action') =~ /^(\w+)+/) ? $1 : '' : '';
This just makes sure that the parameter is defined. If it isn't or if it is and contains badness, then $action results in an empty string.
gryphon
code('Perl') || die;
|