Of course, being listed at CPAN doesn't guarantee any level of quality, but I'd imagine the signal-to-noise ratio is much higher than some place like, say, cgi.resourceindex.com.

Also, merlyn makes available all the articles he wrote for Web Techniques and other magazines. Most of them (the Web Techniques ones, at least) contain complete programs. They are available here.

Once you've reached a certain point, I think, you can also learn a lot by taking programs with worthwhile goals but poor implementation, and improving them yourself.

- Matt Riffle

The CPAN scripts are either more advanced or specialised than those I had in mind, though I shall probably make use of some of them at some point.

The Web Techniques are certainly going to come in handy for learning purposes. Thanks for that. :o)

I really had more mainstream CGI programs in mind though, such as guestbooks, forums, blogs etc.

I probably should have mentioned this before, but I run an independant help site for a free host, which (among other things) includes installation instructions for common CGI scripts.

Although I provide enough information for the more determined users to install almost any Perl program, many of the inexperienced users head straight for the "step by step" instructions for specific programs and base their decision on which one to use on whether I have instructions for it or not.

I'm therefore indirectly responsible for others picking up good and bad habits.

Unfortunately, I'm still learning Perl myself, and can't easily tell the difference between a really clever (but complex) regex and one that is needlessly complex due to bad or indifferent coding methods.

I agree with your last point, and also add that porting programs written in other languages can also help you to learn more about both langauges.

__________
"Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work." -- (Author Unknown)

This is by no means a definite sign of a good program, however I find that if a Perl/CGI program looks like this:

#!/usr/bin/perl -wT

use strict;
use CGI;
[download]

It's a good sign that the programmer took some precautions with his or her code, and that it is more likely to be reliable than not. Of course, there are always exceptions to the rule...

John J Reiser
newrisedesigns.com

I sat through a code review a few months ago. It was my first time, and quite the experience. The person's CGI script started just like yours does above. Then, about thirty or so lines in, there was

$filename =~ m/(.*)/gi;
$filename = $1;
open FILE, "$filename";
[download]

I was shocked, as this was code written by a "professional." I can count about six errors in those three lines of code.
1. Poor taint checking (none really.)
2. Not checking if the match succeeds. I guess it doesn't matter if it's just matching dot star.
3. Not checking if the open succeeds.
4. Should use the three form of open
5. The match is stupid. dot-star doesn't care about case insensitivity (/i).
6. The match is really stupid. /g is (i think) for trying to match multiple times in a loop. This doesn't do that.

You are quite right, warnings, strict, CGI, and taint are a good start. But you do need to still read the code before you use it. I don't think there is anything to help avoid a good code review.

update: The programmer still works there. I don't, by my own choice.

--
negativespace.net - all things inbetween.

coolmichael++. Whatever happened to the above code/programmer(s)?

Another good measure of quality of a download-and-use CGI script is to see how many people use it. Of course, like shown above, this rule can also be broken (see MSA's formmail, v1.6 or less allows you to easily spam anyone).

John J Reiser
newrisedesigns.com

The main problem with that check is that you need to download and unpack the program first.

By the time I'd gone through every program available at HotScripts, the Perl Archive and/or the CGI Resource Index many of them would have been updated, and I'd likely be a lot older. ;o)

I was hoping that someone here had already found another source of quality scripts on their travels and could let the rest of us know.

__________
"Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work." -- (Author Unknown)

There's always the tried and true method: searching PerlMonks. You may only find a few snippets, but occasionally there are some full programs available on the site.

Hope this helps,

John J Reiser
newrisedesigns.com

Since I own a few Perl CGI books, I will sometimes go to the book's website to see what I can find.

One really good book that comes to mind is Writing CGI Applications with Perl. All of the source code in the book is available at http://perlcgi-book.com/source.html

Many Perl books do this (in fact, the entire Mason book is now online).

If you found the nms project, then surely you read the FAQ. Specifically, number 3 of this section.

I find it hard to believe that they are the only quality scripts/programs available out of the thousands listed on sites.

The third answer just explains the reasons behind my asking the question in the first place.

The authors do say "most" rather than "all" other programs are badly written. I mean, most of us here at least try to code carefully. Even if we don't all manage it, at least some of the more experienced monks do, surely?

__________
"Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work." -- (Author Unknown)

Well . . . .

Using the terms "scripts" and "applications" loosely nms may actually be the only good scripts out there. They are certainly the richest vein of quality scripts out there, the other quality ones are like needles in a haystack.

Of course there are some really solid applications out there, Everything2 and Slash are some good examples, but they are not what you need.

The only real problem with nms is that they are intended to be drop in replacements for lots of common CGI programs out there - meaning that they jump through a lot of hoops for backwards compatibility, and reinvent a lot of wheels to prevent the installer from heading to the CPAN.

If you're looking to encourage some good habits, start with nms and improve them leaving backwards compatibility behind. You'd probably learn something yourself along the way as well

Cheers,
Erik

Light a man a fire, he's warm for a day. Catch a man on fire, and he's warm for the rest of his life. - Terry Pratchet

I don't know if nms are the "only" quality scripts out there, but along with merlyn's, they are the best I have seen.

--
Regards,
Helgi Briem
helgi AT decode DOT is

I wondered if anybody here knew of sites that provide quality scripts/programs.

I assume you mean apart from nms itself :)

"The first rule of Perl club is you do not talk about Perl club."
-- Chip Salzenberg

Okay, make that "I wondered if anybody here knew of other sites that provide quality scripts/programs." ;o)

__________
"Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work." -- (Author Unknown)