Listing 1: An HTML form, order.html, used by the fictitious Yoyodyne Corp. to collect order information via a graphical Web browser.

<TITLE>Yoyodyne Corp. Product Order Form</TITLE>
<H1>Product Order</H1>
<FORM ACTION="/cgi-bin/submit_order" METHOD="POST">
<UL>
<LI> Name: <P> <INPUT NAME="name" SIZE=80> <P>
<LI> Address:<P> <INPUT NAME="address" SIZE=80,3><P>
<LI> Email Address:<P> <INPUT NAME="email" SIZE=50><P>
<LI> Phone:<P> <INPUT NAME="phone" SIZE=30><P>
</UL>
<HR>
Items to order: <P>
<TEXTAREA NAME="items" ROWS=3 COLS=80></TEXTAREA> <P>
Choose method of payment: <P>
<SELECT NAME="payment">
<OPTION> Bill Me
<OPTION> Visa
<OPTION> American Express
<OPTION> Personal Check
<OPTION> Corporate Account
</SELECT>
<P>
If using a corporate account, please enter your account number and
authorization key: <P>
<UL>
<LI> Account Number<P> <INPUT NAME="account" SIZE=50><P>
<LI> Authorization Key<P> <INPUT TYPE="password" NAME="key" SIZE=50><P>
</UL>
<INPUT NAME="cc" TYPE = "checkbox" VALUE = "true"> Click here to send a
carbon-copy of your order to your email address (as specified above). <P>
<HR>
<INPUT TYPE = "submit" VALUE = "Submit Order"> <INPUT TYPE = "reset"
VALUE = "Clear Form"> <P>
</FORM>

#!/usr/bin/perl
# Patrick Ryan (patrick.m.ryan@bell-atl.com)
eval "exec /usr/bin/perl -S $0 $*" if $running_under_some_shell;
# extra include directories
push(@INC,'/app/people/guide/GUIDE/server/WWW/httpd_1.1/cgi-bin');
require 'ctime.pl';
require 'cgi-lib.pl';
chop($now = &ctime(time()));
# Read in everything from httpd.
&ReadParse;
# Send the initial info back to the server.
print &PrintHeader;
print "<TITLE>Results of Your Order Submission</TITLE>\n";
unless ($in{'name'}) {
print "You must include your name in any order.<P>";
exit 0;
}
if ($in{'cc'} && !$in{'email'}) {
print <<_EOT_;
You asked for a carbon copy of your order but did not include your
email address. Please add your address and resubmit your order.<P>
_EOT_
exit 0;
}
# Open up temporary file for ordering system
$order_file = "/tmp/order.$$";
open(ORDER,">$order_file");
print ORDER <<_EOT_;
NAME: $in{'name'}
ADDRESS:
$in{'address'}
PHONE: $in{'phone'}
EMAIL: $in{'email'}
PAYMENT: $in{'payment'}
ACCOUNT: $in{'account'}
AUTHORIZATION: $in{'key'}
_EOT_
print ORDER "ITEMS:\n";
$n=0;
foreach(split(/\n/,$in{'items'}))
{ ++$n; printf ORDER "%3d\t%s\n",$n,$_; }
print ORDER "RECEIVED: $now\n";
print ORDER "\n";
print ORDER <<_EOT_;
REMOTE: $ENV{'REMOTE_HOST'}
_EOT_
print ORDER "\n";
close ORDER;
# Send the order to the Processing database
$cmd = "/usr/local/bin/process_order $order_file";
system $cmd;
# If requested, send the user a copy of the order.
if ($in{'cc'} && $in{'email'})
{
@addresses=($in{'email'});
$to = join(' ',@addresses);
# Escape any suspicious characters
$to=&protect($to);
$mail_cmd = "/bin/mail";
$cmd = "$mail_cmd $to";
unless (open(MAIL,"| $cmd")) {
print <<_EOT_;
An error occurred while trying to submit your order. Please contact
root@yoyodyne.com.<P>
_EOT_
exit 0;
}
print MAIL "\n";
open(ORDER,"<$order_file");
while (<ORDER>)
{ print MAIL $_; }
print MAIL "\n";
close MAIL;
close ORDER;
}
print <<_EOT_;
Thank you. Your order was received at $now and has been sent to
the Processing Department.<P>
_EOT_
unlink($order_file);
exit 0;
sub protect
# Quotify characters which are special to the shell
{
local($_)=@_;
s!([;:&\$'`|()])!\\$1!g; # Use backslash to escape metacharacters
$_;
}

#!/usr/bin/perl
#
# CGI script to process Software Modification Requests (SMRs)
# patrick.m.ryan@bell-atl.com (patrick m. ryan)
#
eval "exec /usr/bin/perl -S $0 $*" if $running_under_some_shell;
# extra include directories
push(@INC,'/app/people/guide/GUIDE/server/WWW/httpd_1.1/cgi-bin');
push(@INC,'/app/people/ryan/perl');
require 'cgi-lib.pl';
require 'date.pl';
$now = &date(time()-(4*3600));
select STDOUT;
$|=1;
# Suck in everything from httpd.
&ReadParse;
print &PrintHeader;
print "<TITLE>CGI test</TITLE>\n";
print &PrintVariables(%in);
print &PrintVariables(%ENV);
exit 0;