📄 ch22.htm
字号:
<HTML>
<HEAD>
<TITLE>Chapter 22 -- Simple Order Entry </TITLE>
<META>
</HEAD>
<BODY TEXT="#000000" BGCOLOR="#FFFFFF" LINK="#0000EE" VLINK="#551A8B" ALINK="#CE2910">
<H1><FONT COLOR=#FF0000>Chapter 22</FONT></H1>
<H1><B><FONT SIZE=5 COLOR=#FF0000>Simple Order Entry</FONT></B>
</H1>
<P>
<HR WIDTH="100%"></P>
<P>
<H3 ALIGN=CENTER><FONT COLOR="#000000"><FONT SIZE=+2>CONTENTS<A NAME="CONTENTS"></A>
</FONT></FONT></H3>
<UL>
<LI><A HREF="#WhatThisChapterCovers" >What This Chapter Covers</A>
</UL>
<UL>
<LI><A HREF="#FormsandtheDataTheyProduce" >Forms and the Data They Produce</A>
<UL>
<LI><A HREF="#TheFORMTag" >The FORM Tag</A>
<LI><A HREF="#Methods" >Methods</A>
<LI><A HREF="#EnvironmentVariables" >Environment Variables</A>
<LI><A HREF="#WhattheRawDataLooksLike" >What the Raw Data Looks Like</A>
</UL>
<LI><A HREF="#ProcessingtheDatawithPerl" >Processing the Data with Perl</A>
<UL>
<LI><A HREF="#ASimpleParsingCGI" >A Simple Parsing CGI</A>
<LI><A HREF="#TheOutputoftheSimpleCGI" >The Output of the Simple CGI</A>
<LI><A HREF="#ParsingtheDataRound2" >Parsing the Data: Round 2</A>
<LI><A HREF="#AcceptingFormsbyMETHODGET" >Accepting Forms by METHOD=GET</A>
</UL>
<LI><A HREF="#CheckingforErrors" >Checking for Errors</A>
<UL>
<LI><A HREF="#EmbeddingInformationintheForm" >Embedding Information in the Form</A>
<LI><A HREF="#WhattoDowithAllThisData" >What to Do with All This Data?</A>
<LI><A HREF="#TheThingsYouKeep" >The Things You Keep</A>
</UL>
<LI><A HREF="#SecurityIssues" >Security Issues</A>
<UL>
<LI><A HREF="#TransactionSecurity" >Transaction Security</A>
<LI><A HREF="#CGISecurity" >CGI Security</A>
</UL>
<LI><A HREF="#Summary" >Summary</A>
</UL>
<HR>
<P>
How simple is simple order entry? Surprisingly simple. A small
program that parsed an order form was the first CGI I ever wrote.
In fact, I would be willing to guess that a program of this sort
was the most common "first CGI" of the majority of people
who have ever written a CGI program. After all, the idea of being
able to sell your products to anyone, anywhere is one of the most
appealing aspects of the World Wide Web to business. It's probably
one of the primary reasons businesses get Web sites in the first
place.
<P>
Therefore, the need certainly exists for this type of program
(and people who can write them), and this need continues to grow
every day. If you are currently writing only HTML, your stock
will certainly go up when you announce that you can now process
order forms with CGIs. The really good news about this is that
learning to write this sort of CGI is not very difficult at all.
<P>
More experienced programmers may find the pace of this chapter
a little bit tedious. This chapter is geared toward the beginning
CGI and Perl programmer. A step-by-step analysis of almost every
line of code is given. If your are an experienced programmer,
you might want to jump ahead to the code listing to extract the
information you are looking for.
<H3><A NAME="WhatThisChapterCovers">What This Chapter Covers</A>
</H3>
<P>
This chapter covers the basics of extracting information from
on-line forms, processing that information, checking it for errors,
and mailing away to someone who cares. Think of simple orders
as those annoying cards that fall out of magazines. They're short
and to the point, not terribly impressive, but they get the job
done.
<P>
In this chapter, you learn the following:
<UL>
<LI><FONT COLOR=#000000>How to decode form data</FONT>
<LI><FONT COLOR=#000000>How to check for common errors in form
input</FONT>
<LI><FONT COLOR=#000000>How to embed HTML in your CGI</FONT>
<LI><FONT COLOR=#000000>How to use sendmail</FONT>
<LI><FONT COLOR=#000000>How to handle security issues</FONT>
</UL>
<P>
More complex features dealing with order taking are be discussed
in <A HREF="ch23.htm" >Chapter 23</A>, "Shopping Carts."
What you learn in this chapter is expanded upon there to include
customer tracking, simple database integration, and dynamic form
creation.
<H2><A NAME="FormsandtheDataTheyProduce"><FONT SIZE=5 COLOR=#FF0000>Forms
and the Data They Produce</FONT></A></H2>
<P>
I'm going to assume that by this point, you are reasonably familiar
with designing forms in HTML. Listing 22.1 shows a typical simple
form. It should be pretty comparable to any form you might have
to parse. I've used a number of different INPUT types to drive
home the fact that no matter what types of fields you use in your
forms, the format of the data produced is pretty much the same.
<BR>
<HR>
<BLOCKQUOTE>
<B>Listing 22.1. Sample form HTML.<BR>
</B>
</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier"><FORM METHOD=POST ACTION="order.cgi">
<BR>
<PRE><BR>
Name: <INPUT
TYPE="text" SIZE=25 NAME="applicant"><BR>
Address: <INPUT
TYPE="text" SIZE=25 NAME="address"><BR>
City: <INPUT
TYPE="text" SIZE=25 NAME="city"><BR>
State/Provice: <INPUT
TYPE="text" SIZE=25 NAME="state"><BR>
Zip Code/Postal Code: <INPUT TYPE="text"
SIZE=25 NAME="zipcode"><BR>
Country: <INPUT
TYPE="text" SIZE=25 NAME="country"><BR>
Email:
<INPUT TYPE="text" SIZE=25 NAME="email">
<BR>
</PRE><BR>
<BR>
<b>I would like to Order the following magazines at Super
Low Prices!</b><br><BR>
<INPUT TYPE="checkbox" NAME="zines"<BR>
VALUE="Spaceships of the Rich & Famous">Spaceships
of the Rich & Famous<br><BR>
<INPUT TYPE="checkbox" NAME="zines"<BR>
VALUE="Cooking with Soylent Green">Cooking with Soylent
Green<br><BR>
<INPUT TYPE="checkbox" NAME="zines"<BR>
VALUE="Asteroid Living">Asteroid Living<br>
<BR>
<BR>
<P><BR>
<b>Choose your Free Gift:</b> <select NAME="gift">
<BR>
<OPTION>Universal Translator<BR>
<OPTION>TriCorder<BR>
<OPTION>Phaser<BR>
</SELECT><BR>
<BR>
<p><BR>
<b'Ýyment Method:</b><BR>
<br><BR>
<INPUT TYPE="radio" NAME="payment_method"
<BR>
VALUE="FooBar_Charge_Card" chECKED>FooBar Charge
Card<br><BR>
<INPUT TYPE="radio" NAME="payment_method"
<BR>
VALUE="Frontiers_Credit_Card">Frontiers Credit Card<br>
<BR>
<INPUT TYPE="radio" NAME="payment_method"
VALUE="COD">C.O.D.<br><BR>
<INPUT TYPE="radio" NAME="payment_method"
VALUE="Check">Check<br><BR>
<INPUT TYPE="radio" NAME="payment_method"
<BR>
VALUE="Money_Order no 0">Money Order<br><BR>
<BR>
<p><BR>
<b>Card Number</b> (if applicable):<BR>
<INPUT TYPE="text" SIZE=12 NAME="card_number">
<BR>
<BR>
<p><BR>
<TEXTAREA NAME="suggestions" COLS=60 ROWS=5><BR>
Please suggest ways we can improve this service.<BR>
</TEXTAREA><BR>
<BR>
<p><BR>
<INPUT TYPE="submit" VALUE="Send Those Magazines!"><INPUT
TYPE="reset"</FONT></TT>><BR>
<TT><FONT FACE="Courier"></FORM></FONT></TT>
</BLOCKQUOTE>
<HR>
<P>
Figure 22.1 shows an example of an order form.
<P>
<A HREF="f22-1.gif" ><B>Figure 22.1:</B> <I>FooBar Frontier Goods.</I></A>
<P>
<CENTER><TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=90%>
<TR><TD><B>Note</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
Not having the ability to program a CGI has not stopped a great number of people from putting their order forms on the Internet. Instead of indicating a CGI in the <TT><FONT FACE="Courier">ACTION=</FONT></TT> form header, they simply use <TT><FONT
FACE="Courier">ACTION=mailto:<I>recipient</I></FONT></TT>. Let's take a look at the results from doing this with our (admittedly simple) form:
</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier">Date sent: Fri, 14 Jun 1996 04:46:47 -0400
<BR>
From: WWW-Server
<BR>
To: ken.hunt@anadas.com
<BR>
Subject: Form posted from Mozilla
<BR>
applicant=John+Doe&Address=520+Main+St.+Apt.%23204&city=Cicily&state=Alaska&<BR>
zipcode=90210&country=USA&email=jdoe@KBHR.org&zines=Cooking+With+Soylent+Green<BR>
&zines=Asteroid+Living&gift=TriCorder&payment_method=Frontiers+Credit+Card&<BR>
card_number=123456789123&suggestions=Can+you+offer+%22Asteroid+Living+For+Kids<BR>
%22%3F%OD%OA</FONT></TT>
</BLOCKQUOTE>
<BLOCKQUOTE>
As you can see, the results are not impossible to deal with. In fact, with some effort and a lot of patience, you could almost live with the output, and many people do. There is simply no reason to live like this, though, considering the tools we have at
our disposal.</BLOCKQUOTE>
<BLOCKQUOTE>
There are literally thousands of forms set up with <TT><FONT FACE="Courier">mailto:</FONT></TT> on the Internet. Next time you are surfing around and find a simple form, check to see if they are simply mailing to themselves. Maybe you can offer them your
newfound CGI programming ability.
</BLOCKQUOTE>
</TD></TR>
</TABLE></CENTER>
<P>
<H3><A NAME="TheFORMTag">The <TT><FONT SIZE=4 FACE="Courier">FORM</FONT></TT><FONT SIZE=4>
Tag</FONT></A></H3>
<P>
Each form indicates a <TT><FONT FACE="Courier">METHOD</FONT></TT>
and an <TT><FONT FACE="Courier">ACTION</FONT></TT> in the form
description. The action indicates the location of the CGI that
will be used to process the form; the method indicates how the
data will be transferred.
<BLOCKQUOTE>
<TT><FONT FACE="Courier"><FORM METHOD=POST ACTION="order.cgi"></FONT></TT>
</BLOCKQUOTE>
<P>
In this form, we are using the <TT><FONT FACE="Courier">POST</FONT></TT>
method to send the form output to <TT><FONT FACE="Courier">order.cgi</FONT></TT>,
a program located in the same directory as the HTML file that
executes it.
<P>
<CENTER><TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=80%>
<TR><TD><B>Caution</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
On some systems (in fact on many), you are allowed to execute CGIs located only in the cgi-bin directory. Depending on system security and your privileges, you may or may not have permission to write to that directory. Some system administrators want to be
able to check each and every CGI on their system themselves before they mount them for the world to use. This can make trying to write and debug CGIs incredibly difficult. Unfortunately, there is no easy solution to this problem, short of begging the
system administrator for more privileges or switching to a system that is more lenient. Make sure you take the time to find out who has permission to mount CGIs on your system.</BLOCKQUOTE>
</TD></TR>
</TABLE></CENTER>
<P>
<H3><A NAME="Methods">Methods</A></H3>
<P>
The two methods for sending information to a CGI from a form are
<TT><FONT FACE="Courier">GET</FONT></TT> and <TT><FONT FACE="Courier">POST</FONT></TT>.
<P>
In the <TT><FONT FACE="Courier">GET</FONT></TT> method, information
will be appended to the URL in <TT><FONT FACE="Courier">ACTION</FONT></TT>.
<TT><FONT FACE="Courier">GET</FONT></TT> is quicker than <TT><FONT FACE="Courier">POST</FONT></TT>
but produces long, unattractive URLs. <TT><FONT FACE="Courier">GET</FONT></TT>
is ideally suited to many applications on the Internet such as
search engines because speed is critical, and the information-appended
URL makes it easy to bookmark the output of the CGI. When information
is passed through this method, the data (sans preceding URL) is
stored in the environment variable <TT><FONT FACE="Courier">QUERY_STRING</FONT></TT>.
<P>
The <TT><FONT FACE="Courier">POST</FONT></TT> method, which is
the preferred method for our type of application, doesn't produce
those nasty-looking URLs. Information entered in the form will
go to STDIN (standard input). There is no delimiter or marker
such as <TT><FONT FACE="Courier">End Of File</FONT></TT> sent
here, but the length of the input string is stored in the environment
variable <TT><FONT FACE="Courier">CONTENT_LENGTH</FONT></TT>.
<H3><A NAME="EnvironmentVariables">Environment Variables</A></H3>
<P>
The browser is constantly sending environment variables to the
server. Environment variables contain information about what type
of software is being run, the IP address of the person viewing
a page, and much more. CGIs allow you to access those variables.
Most environment variables aren't particularly useful to you at
this time, but there are a few that you definitely need. Table
22.1 lists the environment variables you will be using in this
chapter.<P>
<CENTER><B><FONT SIZE=2>Table 22.1. Environment variables used
in form processing.</FONT></B></CENTER>
<CENTER><TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=80%>
<TR><TD><TT><FONT FACE="Courier">CONTENT_LENGTH</FONT></TT>
</TD><TD WIDTH=428>The length of input going to the CGI. You will need to know this variable to read data submitted via <TT><FONT FACE="Courier">METHOD=POST</FONT></TT>.
</TD></TR>
<TR><TD WIDTH=162><TT><FONT FACE="Courier">QUERY_STRING</FONT></TT>
</TD><TD WIDTH=428>Data submitted via <TT><FONT FACE="Courier">METHOD=GET</FONT></TT> will be contained in here.
</TD></TR>
<TR><TD WIDTH=162><TT><FONT FACE="Courier">REQUEST_METHOD</FONT></TT>
</TD><TD WIDTH=428>Tells us which format is being used to transfer the data: for our purposes, <TT><FONT FACE="Courier">GET</FONT></TT> or <TT><FONT FACE="Courier">POST</FONT></TT>.
</TD></TR>
</TABLE></CENTER>
<P>
<P>
Perl automatically puts all the environment variables into the
associative array <TT><FONT FACE="Courier">%ENV</FONT></TT>. In
order to determine the value of any environment variable, use
<TT><FONT FACE="Courier">$ENV{<I>Variable_name</I>}</FONT></TT>.
<P>
<CENTER><TABLE BORDERCOLOR=#000000 BORDER=1 WIDTH=80%>
<TR><TD><B>Tip</B></TD></TR>
<TR><TD>
<BLOCKQUOTE>
In order to find out which environment variables your browser is sending, use this quick and dirty little CGI:</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier">#!/usr/bin/perl<BR>
<BR>
<BR>
print "Content-type: text/HTML\n\n";<BR>
foreach (keys %ENV){<BR>
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -