Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid

Writing CGI Applications with Perl

by footpad (Monsignor)
on Apr 12, 2001 at 00:45 UTC ( #71856=bookreview: print w/ replies, xml ) Need Help??

Order Writing CGI Applications with Perl

Item Description: An Introduction to Perl CGI scripting.

Review Synopsis: Wonderful introduction to CGI scripting with Perl, with security concerns and good practices showcased immediately. Nicely complements other respected titles.


Writing CGI Applications with Perl
by Kevin Meltzer and Brent Michalski

Published: February 2001 by Addison-Wesley
ISBN: 0201710145
List Price: $34.95 U.S., $51.95 CAN
Edition Reviewed: First edition, first printing

Review Contents


If you've been around the Monastery for any length of time, you've probably noticed that we're pretty hard on books and tutorials designed to quickly teach you the basics of Perl CGI scripting. This happens because most titles repeat the same mistakes:

  • Security, if discussed at all, is usually little more than a vague warning tacked on as an afterthought.
  • Basic details, such as how to use the documentation provided with Perl, are omitted.
  • Highly regarded modules, such as CGI, DBI, and CPAN, are often ignored.
  • Complete solutions or applications, when presented, are either too trivial to be useful or too contrived to expand into production quality code.
  • The author(s)' knowledge of idiomatic Perl is often questionable.

In short, most introductory Perl CGI titles fail because the authors fail to cover the most important elements: security, modules, effective design, and good Perl.

When defending these titles, supporters usually respond with something along the lines of, "We can't showcase the best practices because we want to keep the examples simple and we're writing for people who don't know how to program." When reviewing one of the least successful attempts to do so, Ovid offered an interesting challenge to writers of such materials,

"When we have a book that is specifically aimed at new programmers, what better time to teach them good habits?"

It seems Kevin Meltzer and Brent Michalski accepted this challenge when designing Writing CGI Applications with Perl (WCA, for short), for they quickly introduce and demonstrate the advice we often repeat when responding to CGI-related nodes posted by initiates and newbies alike. Some of the first topics discussed include:

  • How to use perldoc
  • CPAN and its module
  • Obtaining the version of Perl you're using
  • Configuring Apache to run Perl CGI scripts
  • Properly setting Unix Permissions
  • Taint mode and laundering tainted data
  • Fixing PATH and @ENV
  • Installing scripts using FTP
  • Basic troubleshooting
  • CGI::Carp and (including the offline mode)
  • The diagnostics module.

All this takes place in forty pages. In that time, WCA answers many of the most common Perl CGI questions we see posted on a regular basis. (This isn't entirely surprising since one author is a member of our Order and other runs well-regarded Perl web site, sadly neglected of late.) Given the fact that most introductory titles don't even discuss many of these issues, this is pretty impressive.

All Sorts of Goodness

WCA builds from there, borrowing a style similar to a certain columnist. Each chapter covers a specific topic and provides example scripts that are discussed line by line. In general, each chapter is devoted to building a useful framework for solving a common real-world need. Chapter 3, for example, discusses the environment and how to build a web client visitor log (so you can learn which browsers your visitors are actually using). When doing this, you learn how to:

  • Create a simple environment lister that also demonstrates how to sort keys in a hash.
  • Create and use custom environment variables under Apache.
  • Create a package.
  • Use DBI to connect to, create, update, and query a MySQL database table.
  • Learn how to create HTML forms the hard way (by hand) and the easy way (using
  • Use pack/unpack to encode/decode URI's.
  • Convert an IP address to its host name.
  • Parse a QUERY_STRING by hand, should that be necessary

All of this takes place in 22 pages.

You'd think that such density would be difficult to read. It's not. As noted earlier, each line is presented and discussed carefully, with appropriate references to other documentation as needed. In addition, chapters generally end by summarizing the major points, providing exercises to extend the scripts in useful ways, and complete listings of the scripts built during the chapter. As a result, those taking the time to enter and run the examples learn not only the basic topics, but are also exposed to new, interesting, and (perhaps most importantly) effective ways to use Perl.

This continues throughout the book. For example:

  • Chapter 5, Introduction to Cookies, discusses security issues and briefly introduces ways to provide personalization to a web site.
  • Chapter 6, Access Counters, also includes file-locking, LWP::UserAgent, and the GD module.
  • Chapter 9, Using mod_perl, covers configuration of that module, Apache::Registry, simple templating with Apache::Sandwich, a photo album, and authentication with Apache::AuthDBI.
  • Chapter 12, Ties variables demonstrates a really cool use of the Tie::Scalar module (which I won't reveal, hoping to induce you into buying the book) and how to build a shopping cart that doesn't suffer the same flaws as certain freely-available ones.

The authors have carefully selected 90% of the CGI applications that people want to build and then show skeletal solutions that can be expanded into more complete examples. Like the Monastery's inhabitants, WCA expects you to do some of your own thinking.

In short, this book gives you a very solid grounding with Perl, the best of CPAN, and CGI scripting techniques. It's example-driven, hands-on approach is very effective.


The book is not perfect, however.

As you might expect from the first printing of a new book (a 1.0 release, if you will), there are several typographic errors, especially in the earliest chapters. This is unfortunate, because these tend to detract from the confidence one has in the material. I expect these will be reduced or eliminated in future printings.

While the prose is generally effective and easy to read, there are a couple of tortured sections. For example, when describing why you should avoid manual decoding of CGI data, the authors say,

Writing your own decoding routines should only be done in limited situations, such as to learn more about CGIs and how they work or, if you know everything about how CGIs work, to write a streamlined routine that handles data better than

It's an accurate statement, but horribly comma-spliced. It might be more effective as three separate sentences. (Yes, this is a nit, but remember that I've been a technical writer and these things tend to leap out at me.) Also, some of the writing could be made more active.

Granted, these are things that a good editor will likely pick up on. (Personally, I suspect these glitches are due, in part, to deadline constraints.)

There is, however, one problem that's not an editorial glitch. Chapter 7, Web-Based File Uploading, provides an excellent grounding with uploads, multi-part forms, MIME type handling and so forth. However, nowhere do the authors mention the upload() method, which the CGI documentation describes as the "recommended idiom,"

To be safe, use the upload() function (new in version 2.47). When called with the name of an upload field, upload() returns a filehandle, or undef if the parameter is not a valid filehandle.

Given the quality of the rest of the book, the fact that the upload() function isn't even discussed is a little startling. Again, I would hope that a future printing will correct this.

Treading Among Giants

Given its popularity in our community, it seems appropriate to briefly compare WCA to O'Reilly's CGI Programming with Perl (the so called "Rat" book), a title we commonly recommend.

Given the fact that both books are trying to cover pretty much the same ground, it's clear that WCA's authors took care not to duplicate material Rat book provides in detail. For example, where Rat provides a thorough introduction to the CGI process, HTTP, and so on, WCA provides just the details you need to know to understand the examples in the book. As another example, WCA doesn't provide a web site search engine, presumably because Rat's Chapter 12 discusses the subject in depth.

(Personally, I found the lack of a web site search engine discussion disappointing. Rat's discussion is good, however, it's beginning to look a little long in the tooth and it would be nice to see an alternate point of view on the subject. To be fair, WCA does cover searching to some degree, though in the context of a SQL query.)

For some people, Rat's depth can be counter-productive. Earlier, for example, I noted where you feel like you're really learning productive skills right away in WCA. When reading the Rat book, I didn't get that feeling under well after page 100. (This isn't a criticism of Rat; it's just the way I felt while reading it.) Rat's detail is helpful, useful, and necessary. However, if you don't have the time to learn it at the moment, WCA's hands-on approach is just the ticket.

WCA also covers material that Rat doesn't. In Chapter 6, HTML Templates, the Rat book discusses HTML::Mason in a little more than half a page. WCA, on the other hand, devotes an entire Chapter on it, showing how you can use Mason to quickly and easily create a template driven web site.

WCA's examples complement other O'Reilly titles, such as Programming the Perl DBI, Mastering Regular Expressions, and so on. Again, WCA does not (and should not) replace these books; its examples help you see the trees in the forest of details.

It's clear that WCA's authors tried very carefully to avoid re-inventing wheels that other well respected titles have already nailed. Some duplicate coverage is to be expected, however, WCA manages to complement such efforts. This is a good thing, for you can see working applications and let the other titles to fill in the blanks.

WCA does (and should) replace other less successful titles, such as the less than stellar The CGI/Perl Cookbook (read that title again, please), Perl and CGI for the World Wide Web, and other wastes of time.


Be aware that WCA is not designed as a Perl tutorial, per sé. In fact, the author's clearly state, "This book will not teach you Perl." Those with no grounding in Perl should consider either Learning Perl or Learning Perl on Win32 (depending on your operating system background).

(Note: According to rumor, these last two titles will be combined in the Third Edition. If you're reading this much after its original post date, look for the combined title.)

I think, though, the authors give themselves too little credit. They carefully explain what they do. Again, there's great advantage and benefit to seeing good code in action.

Here's who I think can benefit from this book:

  • Programmers experienced in another language wanting to learn Perl CGI scripting.
  • Developers who had projects dropped in their laps and need to get something completed quickly.
  • Those frustrated with a poorer tutorial and now want to learn it right
  • Those wanting to see great CPAN modules in action.
  • Those who would like to see specific examples of good Perl CGI scripts and good Perl Hacking.
  • Those who learn more easily through examples than discussions and theory. (You should follow-up with the Rat book, though.)
  • Anyone trying running into problems learning with the Rat book.
  • Those who feel their Perl skills are lacking to some degree.

Here's the rub: If you can only afford one book, I have to recommend the Rat book for the following reasons; it's

  • Cheaper.
  • Already been revised at least once.
  • More idiomatic (particularly with respect to the upload() function mentioned earlier) and more detailed.


Writing CGI Applications with Perl is an excellent tutorial for those wanting to quickly learn good (and secure) Perl CGI scripting and for those wanting to improve their skills. While it does not dethrone the Rat book as the defacto standard, it complements it nicely by providing different and well-designed examples of Perl in action. WCA should be the second Perl book you read, though you can use as your first if you're careful.

Final Score: 4 out of 5 camels, primarily due to editing.

Chapter Listings

  1. Perl, CGI, and this Book
  2. What You Should Know
  3. Using Your Environment
  4. Introduction to Web forms
  5. Working with Cookies
  6. Access Counters
  7. Web-Based File Uploading
  8. Tracking Clicks
  9. Using mod_perl
  10. Web-Based E-mail
  11. Introduction to DBI and Databases on the Web
  12. Tied Variables
  13. Embedding Perl in HTML with Mason
  14. Document Management via the Web
  15. Dynamically Manipulating Images
  16. RSS and XML


  1. Server Codes
  2. Environment Variables
  3. POSIX::strftime() Formats
  4. General Public License
  5. Artistic License
  6. Perl Documentation
  7. ASCII Codes
  8. Special HTML Characters

-- Fixed the chapter reference to Rat's search engine discussion.
-- Properly attributed the quote in the Introduction. Sorry, guys.

- end -

Comment on Writing CGI Applications with Perl
Re: Writing CGI Applications with Perl
by KM (Priest) on Apr 12, 2001 at 17:16 UTC
    I wanted to respond to this review mainly because it is a good opportunity. As an author (albeit a new one), to respond to a reviewer, as well as other (possible) readers, about nits and such can be useful to a reader and myself. I am very happy with this review by footpad, as I told him privately. But, I wanted to answer a few of his points, mainly Editing, using CGI::upload(), and the Rat book.


    Misprints and errors happen! Most (if not all) tech books will have errors in the first (and many times later) printings and editions. We, as with other books, have a web site where we post the errata. When we find a problem, or one is reported to us, we post it there. These problems will be fixed in future printings. If anyone finds any, please report it to me! But, from what I have seen in other books, we are below par for misprints, which has made me happy. You mentioned that one overly-commated (commated?) sentence.. it is things like that I am surprised the professional editors didn't catch. But, as you mentioned, there are deadlines and things squeak by.


    This happens to be of one of the chapters I didn't write. So, I asked Brent why he didn't include it in this chapter. His response is:

    "I didn't use it, because I had been doing file uploading for a while and Lincoln snuck that function in when I wasn't looking! ;o) The way that it is in the book *is* well documented in the docs. The upload function really just helps you deal with the filehandles of the uploaded files....
    Yes, if I rewrote/revised the chapter, I would incorporate it - it looks to be useful."

    So, mainly an oversight. However, in a sense it works out nicely because somone can learn how to do it themselves and learn about upload() while reading the docs. It doesn't hurt to know how to do things that are masked by method calls. But I agree, the use of upload() should have been there, and I will see what I can do about making it find its way in there (at least as a footnote for now, or small 'Or do it with upload() like so..' example).

    Rat book

    One of the things I was not looking forward to is being compared to the Rat book. One of the reasons I wanted to write this book was that all the Perl/CGI books out were either terribly outdated (like the Rat 1st Ed., at the time) or just terrible. During the process of writing I learned about the 2nd Ed. of Rat (Rat2), and about some of what they were going to cover. Honestly, what I didn't want to do is compete with Rat2. "Compete" to me means that people will want WCAwP or Rat2. I wanted people to want both, to learn different things (where we don't overlap, like search engines or Mason) and to learn different perspectives (on anything we may overlap on). A main goal was to help people learn, not just get another Perl book on the market.

    Unfortunately, WCAwP will be compared to Rat2, even though I feel they are different books, in different styles.. which just happen to cover the same meta-topic (Perl/CGI). Two (or three) good books in Perl/CGI is a Good Thing. They are both good books to learn from, and both can be used for reference after reading.

    One thing I did disagree with in footpad's review is the reasons to buy Rat2 over WCAwP. There is roughly a $5 difference in price, which is relative to the extra content. Buying a 1st Ed. of a book vs a 2nd Ed. of another.. well, that is personal preference. More idiomatic? Well, that I don't know about. It is what I call the 'report card syndrome'. You get four A's and a D, and the parents harp on the D! We didn't cover CGI::upload() in the book for the reasons noted above.. but (as footpad did note) did cover security, installing scripts, mod_perl, general programming style, etc.. all as idiomatically as we possibly could. I think both books are equally idiomatic, and comparable in quality. I would dare say they are currently the best Perl/CGI books on the market.

    In my opinion (being the author of one of the books or not) if you can only afford one book, look through them both. Which one covers the topics you care most about? Which one is written in a style you will enjoy reading? Does the TOC look interesting? Can you find what you want in the index? Do the appendix include useful information? Assuming the quality is comparable, these are what I base a single book purchase on.


    I am happy with footpad's review, as well as the reviews on online bookstore websites and emails I have gotten. I hope that those of you who purchase the book learn something, and find the book to be worth your time and money.


      I haven't bought the book yet (and in any case it will take some time for it to be shipped here) but considering the reviews, both here and on the various on-line booksellers site, I think you (and Brent) can now have a C+++ rating in the Perl Geek Code.


Back to Reviews

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: bookreview [id://71856]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (12)
As of 2014-08-21 07:47 GMT
Find Nodes?
    Voting Booth?

    The best computer themed movie is:

    Results (128 votes), past polls