I can't get the form submission to work; I keep getting an error.
A1:
Try using the CGI debugging guide from Hour 21, "Introduction to CGI," to find your problem. Just because it's a form doesn't mean that debugging it is any different from debugging normal CGI.
Q2:
I just found this great program on the Internet, but I don't understand why it's trying to use $ENV{QUERY_STRING} to get the form parameters.
A2:
The author of that program decided to forgo the CGI module's form-processing capabilities. This fact indicates that it is either a very old Perl program that predates the CGI module or that the author decided to use his or her own form-processing code. Either way, this is a good indication that the program should be looked at skeptically and used cautiously.
Q3:
When I run programs with the “T option in the #! line, from the command prompt, I get the error Too late for “T option and then the program stops. Why?
A3:
The “T option must be given to Perl as soon as possible so that it knows to look for tainted data. By the time the #! line in your program was processed, it was too late ”Perl had already processed your command line options without tainting. To run Perl from a command prompt ”for example, in the debugger ”you need to specify the “T on the command prompt as well, before any other options:
perl T d foo.cgi
Q4:
Will Perl's data-tainting capabilities keep me from making stupid mistakes in my CGI programs? Are they guaranteed to be secure now?
A4:
No CGI program is completely secure. The data-tainting capabilities of Perl go a long way toward keeping you from making silly mistakes, but they do not guarantee secure programs.