Re: checking for null variables

hmm... you might wanna reuse existing solutions such as CGI and Net::SMTP. Untested code:

#!/usr/bin/perl
use strict;
use warnings;
use CGI;
use Net::SMTP;
use vars qw( $cgi %FORM $smtp );

### get the cgi params
$cgi = new CGI();
map { $FORM{$_} = $cgi->param($_) } $cgi->param();

### and on and on ...
unless ( defined($FORM{PARAM1}) && defined($FORM{PARAM2}) ){
  #complian
}

### smtp stuff
$smtp = Net::SMTP->new('mailhost');
$smtp->mail($FORM{FROM_EMAIL});
$smtp->to($FORM{TO_EMAIL});

$smtp->data();
$smtp->datasend("To: $FORM{TO_EMAIL}\n");
$smtp->datasend("Subject: $FORM{SUBJECT}\n");
$smtp->datasend("\n");

my $msg = qq(
The following information was submitted from $FORM{NAME} at $FORM{EMAI
+L}:

Full Name: $FORM{name}

Publication Name: $FORM{pubname}

Other Authors: $FORM{otherauthors}

Other Editors: $FORM{othereditors}

Main Publication Title: $FORM{pubtitle}

);

$smtp->datasend($msg);
$smtp->dataend();
$smtp->quit;
                                                                      
+                                                            
1;
[download]

Update:Thanks VSarkiss
Update:I think the untested speaks for itself. This is an example and nothing more. =]

cp
----
"Never be afraid to try something new. Remember, amateurs built the ark. Professionals built the Titanic."

Comment on Re: checking for null variables Download Code

Replies are listed 'Best First'.
•Security Alert (was Re: Re: checking for null variables) by merlyn (Sage) on Apr 15, 2003 at 19:45 UTC
Ahh yes, my common rant in "cgi-to-email" solutions. Your form can be used to send spam. Please do not deploy this code on the world-wide web until you have ensured that you do not get delivery addresses from form data. Otherwise, when someone discovers that your form sends email, they'll exploit it for spamming, and you'll get the blame, and then your system will be RBL'ed, and you'll end up hating the world, or something like that. -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply]
Re: •Security Alert (was Re: Re: checking for null variables) by edahm (Initiate) on Apr 16, 2003 at 20:02 UTC
I appreciate your comment, but, as you can tell, I am a perl novice and know of no solution. Could you recommend a good tutorial to me? I was using the one at htmlgoodies.com	[reply]
•Re: Re: •Security Alert (was Re: Re: checking for null variables) by merlyn (Sage) on Apr 16, 2003 at 20:08 UTC
Well, there are (at least) two rules to follow about "form-to-email". First, do not fill in the `to:` or `cc:` fields (or any other field that can have a delivery address) from any form data. Hardwire it into the program: `print SENDMAIL <<"END"; To: some.person\@my.domain.only Subject: $FORM{subject} $FORM{detail} END` [download] Second, if you use any form data in the header (like `subject` above), make very sure that the data cannot possibly contain newlines or anything resembling newlines. Otherwise, a bad guy can insert a newline into the data (not using your form, but using their own formstuffer), and insert a to/cc/bcc field, thus losing the protection provided in the previous point. Does that help? -- Randal L. Schwartz, Perl hacker Be sure to read my standard disclaimer if this is a reply.	[reply] [d/l]
Re (2): checking for null variables by VSarkiss (Monsignor) on Apr 15, 2003 at 19:12 UTC
`use CGI qw(:standard); # later... $cgi = new CGI(); map { ... } $cgi->param();` [download] There is no reason to do both. The `:standard` allows you to use most of the routines in CGI as standalone functions, but you're using the "OO" style calls, which don't require the function names to be imported to your code. In other words, do either: `use CGI; $cgi = CGI->new(); # my preference` [download] or: `use CGI qw(:standard); map { ... } param();` [download]	[reply] [d/l] [select]


Just another Perl shrine
	PerlMonks