CGI Programming on the World Wide Web
by Shishir Gundavaram


Unconfirmed error reports are from readers.  They have not yet been 
approved or disproved by the author or editor and represent solely the
opinion of the reader.


This page was updated February 23, 1999.


Here's a key to the markup:

        [page-number]: serious technical mistake
        {page-number}: minor technical mistake
        <page-number>: important language/formatting problem
        (page-number): language change or minor formatting problem
        ?page-number?: reader question or request for clarification


UNCONFIRMED errors and comments from readers:


{22} You might want to add a footnote regarding User Authentication as
follows:

REMOTE_USER env. var. is only set if authentication is actually used,
and it is not supported by all web servers. For Netscape 3.x, when
configured for user authentication, a specified directory can be set
up by 2 files, .nsconfig and .htpasswd, in that directory.

The .htpasswd should contain a password. If you want to give it a real
password associated with a user, do "ypcat passwd |grep <username>".

The .htpasswd should contain:

	user1:qewdufyp
	user2:2947yer

The .nsconfig should contain:

	<Files *>
  	RequireAuth userfile="/dir_name/.htpasswd" realm="User password 
        required"
	user
	pat=(user1|user2)
	</Files>
<46>  The Line 2 in the second code example now reads:

	chop($current_date  '/bin/date');
       
It should be:

	`/bin/date` (i.e. with backquotes)


(69) The URL given for uncgi has changed.  It is now located at:

	http://www.midwinter.com/~koreth/uncgi.html


{121} Code example under second paragraph, third line of "for" loop reads:

	$max_length - ($loads[$loop - 1] * 10) );

it should read:

	$origin[1] - ($loads[$loop -1] * 10) );

The current code results in load averages being graphed beneath the
axis line.


{122} The third code example has a for loop; however, the example
fails to delimit the for loop with an ending '}'.  The last line of
that code segment should contain a } - without it the program will not
work.
 

{213} The following string is given (twice) to indicate how to check
for valid e-mail addresses:

	/([\w\-\+\.]+)@([\w\-\+\.]+)/

This still allows for addresses like "; shaun@minc.com ;" which could
at least cause errors and at most be a security hole.

To prevent possible problems, the script writer should ensure nothing
can appear before or after the e-mail address.

The correction is simple:   /^([\w\-\+\.]+)@([\w\-\+\.]+)$/

This, of course, assumes the script writer has already stripped any
whitespace from the beginning and end of the e-mail string.


{398} Next-to-last answer on page: 

	print "Content-type: text/plain\n"
        
should read

	print "Content-type: text/plain\n";

and 

	print "Location: http://some.machine/some.doc\n\n"";
        
should read

	print "Location: http://some.machine/some.doc\n\n";


{398} A CGI program can only send one Location header. You also cannot
send a MIME content type if you want the server to perform
redirection. For example, the following is not valid:

- ----------------------
#!/usr/local/bin/perl
#...
$query = new CGI::Form;
print $query->header;
#...Form display
#...
#Action
print "Location: http://some.machine/some.doc\n\n";
- ----------------------

If a user wants to display a message using server redirection as above
w/o redisplaying the form, we need an example that shows the action
implemented in a separate file from the form display. Otherwise the
default action is the CGI script itself. I haven't figured out a way
to do this using CGI modules.


{415} The line

	$filename = $data{'input'};
        
should read

	$filename = $data{'input_file'};