Most forms you create will send their data using the POST method. POST is more secure than GET, since the data isn’t sent as part of the URL, and you can send more data with POST. Also, your browser, web server, or proxy server may cache GET queries, but posted data is resent each time.

Your web browser, when sending form data, encodes the data being sent. Alphanumeric characters are sent as themselves; spaces are converted to plus signs (+); other characters — like tabs, quotes, etc. — are converted to “%HH” — a percent sign and two hexadecimal digits representing the ASCII code of the character. This is called URL encoding.

In order to do anything useful with the data, your program must decode these. Fortunately the CGI.pm module does this work for you. You access the decoded form values the same way you did with GET:

$value = param(‘fieldname’);
So you already know how to process forms! You can try it now by changing your getform.html form to method=”POST” (rather than method=”GET”). You’ll see that it works identically whether you use GET or POST. Even though the data is sent differently, CGI.pm handles it for you automatically.

The Old Way of Decoding Form Data
Before CGI.pm was bundled with Perl, CGI programmers had to write their own form-parsing code. If you read some older CGI books (including the first edition of this book), or if you’re debugging old code, you’ll probably encounter the old way of decoding form data. Here’s what it looks like:

read(STDIN, $buffer, $ENV{‘CONTENT_LENGTH’});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0Nj][a-fA-F0-9])/pack(“C”, hex($1))/eg;
$FORM{$name} = $value;
}
This code block reads the posted form data from standard input, loops through the fieldname=value fields in the form, and uses the pack function to do URL-decoding. Then it stores each fieldname/value pair in a hash called %FORM.

This code is deprecated and should be avoided; use CGI.pm instead. If you want to upgrade an old program that uses the above code block, you can replace it with this:

my %FORM;
foreach my $field (param()) {
$FORM{$field} = param($field);
}
Or you could use the Vars function:

use CGI qw(:standard Vars);
my %FORM = Vars();
Either method will replace the old form-parsing code, although keep in mind that this will not work if your form has multiple fields with the same name. We’ll look at how to handle those in the next chapter.

Guestbook Form
One of the first CGI programs you’re likely to want to add to your website is a guestbook program, so let’s start writing one. First create your HTML form. The actual fields can be up to you, but a bare minimum might look like this:


Your Name:

Email Address:

Comments:






Source code: http://www.cgi101.com/book/ch4/guestbook1.html
(Stylistically it’s better NOT to include a “reset” button on forms like this. It’s unlikely the visitor will want to erase what they’ve typed, and more likely they’ll accidentally hit “reset” instead of “send”, which can be an aggravating experience. They may not bother to re-fill the form in such cases.)

Now you need to create post.cgi. This is nearly identical to the get.cgi from last chapter, so you may just want to copy that program and make changes:

Program 4-1: post.cgi – Form Processing Program Using POST

——————————————————————————–

#!/usr/bin/perl -wT
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use strict;

print header;
print start_html(“Thank You”);
print h2(“Thank You”);

my %form;
foreach my $p (param()) {
$form{$p} = param($p);
print “$p = $form{$p}
\n”;
}
print end_html;