📄 ch22.htm
字号:
by using the <TT><FONT FACE="Courier">system</FONT></TT> function.
More on this in the next section.
<BLOCKQUOTE>
<TT><FONT FACE="Courier">sub emailorder {<BR>
local(*input) = @_;<BR>
$neworders = "ken.hunt\@anadas.com";<BR>
<BR>
open (MAIL, "|/usr/sbin/sendmail -t ");<BR>
print MAIL <<EOM;<BR>
To: $neworders<BR>
Subject: Order from Website<BR>
<BR>
The following order has been submitted:<BR>
Name: $input{applicant}<BR>
Address: $input{address}<BR>
$input{city},
$input{state}<BR>
$input{zipcode}
<BR>
$input{country}
<BR>
<BR>
email: $input{email}<BR>
<BR>
'Zines: $input{zines}<BR>
Free Gift:$input{gift}<BR>
<BR>
Paying By:$input{payment_method}, $input{card_number}<BR>
<BR>
Comments: $input{suggestions}<BR>
<BR>
EOM<BR>
close (MAIL);<BR>
}</FONT></TT>
</BLOCKQUOTE>
<H3><A NAME="TheThingsYouKeep">The Things You Keep</A></H3>
<P>
As long as we are collecting all this valuable information, we
might as well save some of it. One useful thing to save might
be a list of names and e-mail addresses of people who have filled
out on-line orders so we could send them updates when we have
new products to offer. It's always a good idea to save data like
this in either tab or comma separated format because those formats
are widely supported by spreadsheet and database programs for
reading in information.
<P>
The following code snippet can be inserted any time after you
have read in the data.
<BLOCKQUOTE>
<TT><FONT FACE="Courier">open (OUTFILE, ">>email_list.txt");
<BR>
print OUTFILE "$input{applicant},$input{email}\n";<BR>
close (OUTFILE);</FONT></TT>
</BLOCKQUOTE>
<P>
Listing 22.3 shows the order processor.<BR>
<HR>
<BLOCKQUOTE>
<B>Listing 22.3. Our order processor with all features implemented.
<BR>
</B>
</BLOCKQUOTE>
<BLOCKQUOTE>
<TT><FONT FACE="Courier">#!/usr/bin/perl<BR>
print "Content-type: text/html\n\n";<BR>
<BR>
<BR>
if ($ENV{'REQUEST_METHOD'} eq "GET") {<BR>
$input = $ENV{'QUERY_STRING'};<BR>
}<BR>
elsif ($ENV{'REQUEST_METHOD'} eq "POST") {<BR>
read(STDIN,$input,$ENV{'CONTENT_LENGTH'});<BR>
}<BR>
else {<BR>
print('Request method Unknown');<BR>
exit;<BR>
}<BR>
<BR>
@input = split (/&/,$input);<BR>
<BR>
foreach $i (0 .. $#input) {<BR>
$input[$i] =~ s/\+/ /g;<BR>
$input[$i] =~ s/%(..)/pack("c",hex($1))/ge;<BR>
($name, $value) = split(/=/,$input[$i],2);<BR>
$input{$name} .= ',' if defined($input{$name});<BR>
$input{$name} .= $value;<BR>
if ($name eq 'card_number') {<BR>
($method, $number_size) =<BR>
$input{payment_method} =~ /(\w+) (\d)$/;<BR>
$method =~ s/\_/ /g;<BR>
$input{payment_method} = $method;<BR>
if ($value eq '') {<BR>
push (@errors,$name) if ($number_needed eq 'yes');<BR>
}<BR>
else {<BR>
push (@errors,$name) if ($number_needed eq 'no');<BR>
push (@errors,$name) if (length($value) != $number_size);<BR>
}<BR>
}<BR>
else {<BR>
push (@errors,$name) if $value eq '';<BR>
}<BR>
}<BR>
<BR>
push (@errors,'zines') unless defined $input{zines};<BR>
<BR>
print <<EOT;<BR>
<HTML><HEAD><BR>
<TITLE>Order Output</TITLE><BR>
</HEAD><BR>
<BR>
<BODY><BR>
EOT<BR>
<BR>
<BR>
if ($#errors != -1) {<BR>
&printerrors(*errors);<BR>
}<BR>
else {<BR>
&printorder(*input);<BR>
&emailorder(*input);<BR>
}<BR>
<BR>
open (OUTFILE, ">>email_list.txt");<BR>
print OUTFILE "$input{applicant}, $input{email}\n";
<BR>
close (OUTFILE);<BR>
<BR>
print <<EOT;<BR>
</BODY><BR>
</HTML><BR>
EOT<BR>
<BR>
sub printerrors {<BR>
local (*errors) = @_;<BR>
print <<EOT;<BR>
Your Order could not be processed because the following<BR>
Information was either not supplied or was in an incorrect format.
<BR>
<p><b><BR>
EOT<BR>
<BR>
print join('<br>',@errors), "<p></b>\n";
<BR>
<BR>
print "Please go back and complete the order form.";
<BR>
<BR>
}<BR>
<BR>
sub printorder {<BR>
local (*input) = @_;<BR>
print <<EOT;<BR>
<h2>Thank you $input{applicant}.</h2><BR>
The following order has been placed. Thank you for shopping the
Frontier.<BR>
<pre><BR>
<b>Address:</b><BR>
<BR>
<b>$input{applicant}</b><BR>
$input{address}<BR>
$input{city}, $input{state}<BR>
$input{zipcode}<BR>
$input{country}<p><BR>
<b>email:</b> $input{email}<BR>
<BR>
<b>Magazines Ordered:</b> $input{zines}<BR>
<b>Free Gift:</b> $input{gift}<BR>
<b>Payment by:</b> $input{payment_method}, $input{card_number}<p>
<BR>
<BR>
<b>Comments:</b><BR>
$input{suggestions}<br><BR>
<BR>
</pre><BR>
<BR>
<p><BR>
EOT<BR>
<BR>
}<BR>
<BR>
sub emailorder {<BR>
local(*input) = @_;<BR>
$neworders = "ken.hunt\@anadas.com";<BR>
<BR>
open (MAIL, "|/usr/sbin/sendmail -t ");<BR>
print MAIL <<EOM;<BR>
To: $neworders<BR>
Subject: Order from Website<BR>
<BR>
The following order has been submitted:<BR>
Name: $input{applicant}<BR>
Address: $input{address}<BR>
$input{city},
$input{state}<BR>
$input{zipcode}
<BR>
$input{country}
<BR>
<BR>
email: $input{email}<BR>
<BR>
'Zines: $input{zines}<BR>
Free Gift:$input{gift}<BR>
<BR>
Paying By:$input{payment_method}, $input{card_number}<BR>
<BR>
Comments: $input{suggestions}<BR>
<BR>
EOM<BR>
close (MAIL);<BR>
}</FONT></TT>
</BLOCKQUOTE>
<HR>
<H2><FONT SIZE=5 COLOR=#FF0000><A NAME="SecurityIssues">Security Issues</A></FONT></H2>
<P>
Second only to the hysteria in the media about the power of the
Internet and the World Wide Web is the paranoia concerning the
vulnerability of information transmitted via the Internet. This
paranoia is not without base; there are certain precautions that
everyone should take and all of which CGI programmers should be
aware. There are also some important issues concerning the security
of CGI scripts.
<H3><A NAME="TransactionSecurity">Transaction Security</A></H3>
<P>
It seems that almost everyone is frightened that if they so much
as think about their credit card number while on the Internet,
within minutes it will probably be used by a score of hackers
to phone Fiji. It seems strange to me that these very same people
don't think twice about using their credit card at a gas station
where it is just as vulnerable. In fact, it's a lot easier for
a gas station attendant to steal your credit card number than
it is for a hacker to steal your number over the Internet.
<P>
At the same time, it's always better to be safe than sorry. Some
of the basic precautions you should take to ensure a maximum level
of security are the following:
<UL>
<LI><FONT COLOR=#000000>Run a server that supports RSA encryption.</FONT>
<LI><FONT COLOR=#000000>Don't store customers' credit card numbers
on your system in an insecure area and keep the file in a uuencoded
format.</FONT>
<LI><FONT COLOR=#000000>Don't e-mail or otherwise transmit secure
data without using encryption</FONT>.
</UL>
<H3><A NAME="CGISecurity">CGI Security</A></H3>
<P>
Another aspect of security that is often overlooked is the security
of CGIs themselves. By allowing the entire world to send input
to our machines, we open ourselves to the possibility that they
might try to send us some pretty nasty stuff. The most common
way this is done is by sending unexpected UNIX shell commands
that get access to the system through functions that interact
with the shell itself.
<P>
The best way to avoid leaving your system open is to never trust
that the data users send you is the information you expect. You
should use the error checking techniques outlined in this chapter
to keep a close eye on all the incoming information before you
call dangerous applications such as sendmail.
<P>
For more information about security issues, check out <A HREF="ch9.htm" >Chapter 9</A>,
"Security."
<P>
For an excellent resource about CGI security on the Web, check
out the following site:
<BLOCKQUOTE>
<TT><FONT FACE="Courier"><A HREF="http://www.cerf.net/~paulp/cgi-security">http://www.cerf.net/~paulp/cgi-security</A></FONT></TT>
</BLOCKQUOTE>
<H2><A NAME="Summary"><FONT SIZE=5 COLOR=#FF0000>Summary</FONT></A>
</H2>
<P>
I remember one of my computer science professors once telling
me that the vast majority of computer programming isn't about
solving big problems; it's about solving a whole series of small
problems. That comment is certainly very true of the problem we
tackled in this chapter.
<P>
In a nutshell, simple order entry consists of the following:
<UL>
<LI><FONT COLOR=#000000>Getting data from a Web page</FONT>
<LI><FONT COLOR=#000000>Parsing that data to make it readable</FONT>
<LI><FONT COLOR=#000000>Checking the data for obvious errors or
omissions</FONT>
<LI><FONT COLOR=#000000>Sending the parsed data to the right person
or file</FONT>
<LI><FONT COLOR=#000000>Thanking the user for his or her input</FONT>
</UL>
<P>
Perl makes these tasks, which mainly focus on text processing,
very simple. In particular, there are three features in Perl of
which we have made extensive use:
<UL>
<LI>The s function, Perl's powerful substitution command, used
throughout this chapter to parse data.
<LI><FONT COLOR=#000000>Associative arrays, Perl's answer to "linked
lists" used in languages like C. They allow easy reference
to the elements within an array by allowing us to call them by
name.</FONT>
<LI><FONT COLOR=#000000>Printing lists was exemplified in this
chapter by the </FONT><TT><FONT FACE="Courier">print <<EOT;</FONT></TT>
statements. This feature makes generating HTML on-the-fly quite
easy.
</UL>
<P>
You should now have a good grasp on all of the major issues surrounding
simple order entry.
<P>
<HR WIDTH="100%"></P>
<CENTER><P><A HREF="ch21.htm"><IMG SRC="pc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="#CONTENTS"><IMG SRC="cc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="index.htm"><IMG SRC="hb.gif" BORDER=0 HEIGHT=88 WIDTH=140></A><A HREF="ch23.htm"><IMG
SRC="nc.gif" BORDER=0 HEIGHT=88 WIDTH=140></A></P></CENTER>
<P>
<HR WIDTH="100%"></P>
</BODY>
</HTML>⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -