IT350 - Web and Internet Programming
Fall 2005

Lab 10 – CGI Take Two


This week we have introduced Perl.  Now you will use your new knowledge to create a very similar CGI program to last week’s lab, but using Perl instead of C++.  The goal is to:

  1. Gain experience with Perl programming
  2. Compare and contrast two different ways of doing CGI programming (C++ vs. Perl).


You must create a folder on you Web drivecalled"Lab10" (without the quotes) and store your work in that directory.


  1. Read the entire lab so you see the requirements and know what is coming.
  2. Your first order of business is to write a basic Perl program and get that working to the point where it produces some output visible with a browser. We’ll walk you through this part:
    1. Right-click on and then save it in W:\Lab10. (No “Scripts” directory needed)
    2. Take a look at  Get a general feel for what it does.  (Note: it has a few bugs that you will correct in a moment).
    3. Open a Windows command prompt.  To do this, click on the “Start” button at the lower left corner of your screen, pick “Run”, then type “cmd” and hit return.
    4. Type the following into the window that appears:
      cd Lab10
      perl –c -w
      (the –c says to only check the file, don’t run it.  the -w says to produce warnings).
    5. This last step should identify a few errors in the program.  Fix them.  Re-run perl from the command line until you get no more errors. (Hint: all control flow statements like if/while/for require curly braces around their body – this is optional in most other languages).
    6. Try fetching the URL  
      You likely still have a logic bug in your program that perl -w won’t catch.  Fix the program so that fetching the above link correctly produces the following output:
  3. Copy your Lab09/form.html file (or whatever you called it) into Lab10.  (You can copy more files if you like, but to save space we suggest only copying what is necessary).  Now modify the form so that when you click submit, it invokes your program instead of your old C++ based CGI program
  4. Modify to read in some of the parameters used by your form and print some of them out (eventually you will want all of them – for now just verify with the browser that this works).
  5. Validity check: Modify to validate some of your inputs.  If an error is detected, your program should state explicitly what the error was, and tell the user to hit the back button and try again (see extra credit for a better approach). Unlike last week, you’re not required to check every value.  The specific requirements are:
    1. You should check at least three different parameters (e.g. to ensure they are not empty or have a reasonable value).
    2. At least one of your checks must involve a pattern match / regular expression.  See section 25.3 of the book.  You may also find the validation in Figure 25.13 useful.  You can modify your form if you wish (to create a parameter that is more amenable to validating with a pattern match).
  6. Confirmation: Modify so that, if the variables pass all the validation tests above, the program prints out a friendly confirmation.  This confirmation should display the value of all the variables that were provided in a user-friendly manner.  For instance, “Your reservation for 4 people has been confirmed.  The details for this reservation are as follows…”
  7. Logging: Modify so that it logs the provided variables (query string parameters) received by the form’s submission to a file called LOG.txt. This shall be done by appending the data to an existing LOG.txt file you create.  Write to the log only if the parameters pass all the validation checks that you wrote above. By default, if you open file “LOG.txt” from your Perl script, it will appear in your top level W directory (not inside Lab10 – this was a mistake in earlier lab writeup).   Don’t forget to set the permission on this file (and fraud-values.txt below).
  8. Fraud check: Next you will modify your script so that one part of the user's input, such as name, credit card number, etc, will be checked against a list of fraudulent values stored in a file on the web server called "fraud-values.txt".  You can use the same file as last week if you like – but move it to your top level W: directory (or move to Lab10, then use “Lab10\fraud-values.txt” as the filename).  Modify your script so that it checks every submission against this file – you pick exactly which field gets checked.  If your script finds a “fraud match”, the program should display a nasty message to the user. Also, the activity should be recorded as a fraud alert in the log file.  If no fraud match is found, record the correct submission in the log file as usual.
  9. Make links: create five links in your top-level default.htm page under the heading “Lab10”.  You may be able to copy from Lab09 here, but be sure to change all Lab09’s to Lab10’s and make sure it works.
    1. Under the name “Form”, make a link to your Lab10/form.html page
    2. Under the name “Good submission” make a link to your file with all of form variables specified in the URL, such that the variables all validate and don’t trigger a fraud alert.  Hint: if your form uses the GET method (change this temporarily if necessary), then you can create the needed URL for this by filling out your form correctly and hitting submit.
    3. Under the name “Fraud submission” make a link like the one above, but such that one of the variables triggers a fraud alert.
    4. Under the name “LOG.txt” make a link to your log file.
    5. Under the name “fraud-values.txt” make a link to your fraud-values.txt file.
  10. LAST STEP: If you had your choice, would you prefer to do this lab in C++ or Perl?  Write one sentence on why in your default.htm, just below the links you created above.


When all is done you should have a site such that:

·        The user can fill out Lab10/form.html and click submit, invoking your CGI program (

·        Validity checking: The CGI program checks (some of) the values submitted and warns if they are missing or invalid.  If there is a validation problem, the program prints a detailed error message about the problem.  Otherwise, it prints a friendly confirmation message that mentions all the data that was provided.

·        Logging and fraud detection: If no validation problems are found the program will write something to the LOG file.  If one of the values triggers a fraud alert, then an error message is written to the log (and a nasty message is displayed to the user).  Otherwise, all of the parameters are written to the log.

·        You have the five links in default.htm that are described above.

·        You are not required to use functions for this assignment, since we haven’t learned Perl functions yet.  But you may if you wish.

·        As always, ensure you have appropriate comments.  In this case each major section of your code should have a brief introductory comment.

Your HTML web page must be constructed using Notepad or a similar text-onlyeditor. The use of programs such as Microsoft Word, Microsoft Frontpage,DreamWeaver, ColdFusion, Mozilla Composer, etc. will be considered an honoroffense. 

Extra Credit

For a nominal amount of extra credit do some/all of the following:
(NOTE: saving a backup copy of your working lab is recommended before starting on this)

  1. If your program finds a validation problem with an input (such as a missing value or a number that is too big), a much better way to handle this is to have your CGI program regenerate the table with all of the values provided by the user filled in, and values that had a problem highlighted.  Of course there should be a submit button so the user can modify the values and resubmit back to the CGI program.
  2. Write a new CGI program (in Perl) that reads your LOG file and generates a summary report of the submissions.  Be sure that your LOG.txt has enough data in it to make this report at least a little interesting.


  1. Your main web page should be called "form.html" (without the quotes).
  2. All of your files should be in a folder called "Lab10" (without the quotes) on the W drive. Your instructor will assume that your web pages are viewable at where XXXXXX is your alpha number. You may want to check that this URL is viewable and that everything works correctly from a computer where somebody else is logged in. If you've goofed and linked to a file on your X drive, this will help you catch it!
  3. Turn in the following hardcopy at the beginning of class on the due date, stapled together in the following order (coversheet on top):
    1. A completed assignment coversheet. Your comments will help us improve the course.
    2. A printout of the source to your file.

Additional Hints/Clarifications (updated as the lab progresses)

  1. Handling checkboxes: as with last week, you could give each checkbox a unique name, and call param() on each one.  Or, if you write something like this:
    @radios = param(“radio”);
    the param() function will notice the result should be an array (due to the @ symbol), and will return an array with all of the “radio” checkboxes that were checked.
  2. Because Perl makes it easy to read a whole line at a time, it doesn’t matter as much if you have values in fraud-values.txt that contain a space (this was a problem with C++).
  3. Don’t forget to set the file permissions, especially on LOG.txt.
  4. If your code is not working, first run perl from the command line (like you did in the beginning of the lab) to ensure there are no syntax errors.  Then, add extra print() commands to see what parts of the program are executing and what the values being used are.