Contact Form

venimfrogtongue has asked for the wisdom of the Perl Monks concerning the following question:

I realise I am really new to perl and what I am asking might sound stupid or too easy for all you real guru's to even help me with. But hey, I want to learn perl more than anything!!! This is my second project I want to design: a simple contact form. My question is this. How could I do something like a FOR statement and get the result similar to:

for ('name',
     'subject',
     'emailaddy',
     'message);
{
print qq($main : $_ <br>)
## whereas $main would hold the words 'name', 'subject' etc. so in the
+ end I get results in my email like:

name: Joe
subject: Help
emailaddy: me@you.com
message: Lalala
[download]

Thanks for all your help in advance. And please remember, I am not just looking for the code, I want to know what is going on. Thanks millions! venimfrogtongue

Comment on Contact Form Download Code

Replies are listed 'Best First'.
•Re: Contact Form by merlyn (Sage) on Mar 22, 2002 at 23:36 UTC
`use CGI qw(:all); open M, "\|/usr/lib/sendmail -t" or die "Cannot open sendmail: $!"; print M <<'END'; To: your@address.here From: webmaster@this.host.here Subject: the results of your form END for (param) { my @values = param($_); print M "$_: ", join(", ", @values), "\n"; } close M; print header, start_html, p("Thank you for your submission!\n"), end_h +tml;` [download] -- Randal L. Schwartz, Perl hacker	[reply] [d/l]
Re: Contact Form by Parham (Friar) on Mar 22, 2002 at 23:59 UTC
#!usr/bin/perl use CGI; $query = new CGI; #parse forms with cgi.pm open MAIL,'\|/usr/lib/sendmail -t' or die "error with email"; print MAIL "To: youremail@somewhere.com\n"; print MAIL "From: theiremail@somewhere.com\n"; print MAIL "Subject: form stuff\n"; print MAIL "name: ", $query->param(name), "\n"; print MAIL "subject: ", $query->param(subject), "\n"; print MAIL "email: ", $query->param(emailaddy), "\n"; print MAIL "message: ", $query->param(message), "\n"; close MAIL; print "Location: thankyou.html\n\n"; #other ways, i just like it this +way [download]	[reply] [d/l]
•security alert, was Re: Re: Contact Form by merlyn (Sage) on Mar 23, 2002 at 00:00 UTC
`open MAIL,'\|/usr/lib/sendmail -t' or die "error with email"; print MAIL "name: ", $query->param(name), "\n"; print MAIL "subject: ", $query->param(subject), "\n"; print MAIL "email: ", $query->param(emailaddy), "\n"; print MAIL "message: ", $query->param(message), "\n";` [download] Ewww. No. You forgot the headers. So the mail isn't going anywhere, and worse yet, it's a security hole, since I can fake a "name" param with newlines and send spam using your script. Ick. Ewww. -- Randal L. Schwartz, Perl hacker	[reply] [d/l]
Re: •security alert, was Re: Re: Contact Form by Parham (Friar) on Mar 23, 2002 at 00:12 UTC
i didn't think it would have to be advanced, personally i'd do it your way, checking for my param's, but it was a quicky, very simple.	[reply]
•security alert TWO, was Re: Re: Contact Form by merlyn (Sage) on Mar 23, 2002 at 02:22 UTC
Oops. Twice in a row: `open MAIL,'\|/usr/lib/sendmail -t' or die "error with email"; print MAIL "To: youremail@somewhere.com\n"; print MAIL "From: theiremail@somewhere.com\n"; print MAIL "Subject: form stuff\n"; print MAIL "name: ", $query->param(name), "\n"; print MAIL "subject: ", $query->param(subject), "\n"; print MAIL "email: ", $query->param(emailaddy), "\n"; print MAIL "message: ", $query->param(message), "\n";` [download] You aren't ending your header with a blank line, so what you think is in the body is still in the header, and hence could be used for spam! Also, you have an "@" inside a double-quoted string, and you're using barewords for "name" and "subject", etc, so "use strict" will be all over your ass for both of those, and rightfully so. Maybe you should just concede at this point. -- Randal L. Schwartz, Perl hacker	[reply] [d/l]
A reply falls below the community's threshold of quality. You may see it by logging in.


There's more than one way to do things
	PerlMonks