CGI::Form - Build Smart HTML Forms on Top of the CGI:: Modules
This perl library uses perl5 objects to make it easy to create Web fill-out forms and parse their contents. This package defines CGI objects, entities that contain the values of the current query string and other state variables. Using a CGI object's methods, you can examine keywords and parameters passed to your script, and create forms whose initial values are taken from the current query (thereby preserving state information).
To use this package, install it in your perl library path (usually /usr/lib/perl5/ and add the following to your perl CGI script:
Use CGI::Form;
$query = new CGI::Form;
This will parse the input (from both POST and GET methods) and store it into a perl5 object called $query. This method is inherited from CGI::Request. See its manpage for details. Similarly, CGI::Form uses CGI::Request to get and set named query parameters, e.g.
@values = $query->param('foo');
-and-
$query->param('foo','an','array','of','values'); or whatever!
In versions of Form.pm prior to 2.8, it could get difficult to remember the proper order of arguments in CGI function calls that accepted five or six different arguments. As of 2.8, there's a better way to pass arguments to the various CGI functions. In this style, you pass a series of name=>argument pairs, like this:
$field = $query->radio_group(-name=>'OS', -values=>[Unix,Windows,Macintosh], -default=>'Unix');
The advantages of this style are that you don't have to remember the exact order of the arguments, and if you leave out a parameter, in most cases it will default to some reasonable value. If you provide a parameter that the method doesn't recognize, it will usually do something useful with it, such as incorporating it into the HTML form tag. For example if Netscape decides next week to add a new JUSTIFICATION parameter to the text field tags, you can start using the feature without waiting for a new version of CGI.pm:
$field = $query->textfield(-name=>'State', -default=>'gaseous', -justification=>'RIGHT');
This will result in an HTML tag that looks like this:
<INPUT TYPE="textfield" NAME="State" VALUE="gaseous" JUSTIFICATION="RIGHT">
Parameter names are case insensitive: you can use -name, or -Name or -NAME. You don't have to use the hyphen if you don't want to. After creating a CGI object, call the use_named_parameters() method with a nonzero value. This will tell CGI.pm that you intend to use named parameters exclusively:
$query = new CGI; $query->use_named_parameters(1); $field = $query->radio_group('name'=>'OS', 'values'=>['Unix','Windows','Macintosh'], 'default'=>'Unix');
Actually, CGI.pm only looks for a hyphen in the first parameter. So you can leave it off subsequent parameters if you like. Something to be wary of is the potential that a string constant like "values" will collide with a keyword (and in fact it does!) While Perl usually figures out when you're referring to a function and when you're referring to a string, you probably should put quotation marks around all string constants just to play it safe.
$myself = $query->self_url print "<A HREF=$myself>I'm talking to myself.</A>
self_url() will return a URL, that, when selected, will reinvoke this script with all its state information intact. This is most useful when you want to jump around within the document using internal anchors but you don't want to disrupt the current contents of the form(s). Something like this will do the trick.
$myself = $query->self_url print "<A HREF=$myself#table1>See table 1</A> print "<A HREF=$myself#table2>See table 2</A> print "<A HREF=$myself#yourself>See for yourself</A>
This method is actually defined in CGI::Base, but is passed through here for compatability with CGI.pm
print $query->header;
-or-
print $query->header('image/gif');
header() returns the Content-type: header. you can provide your own MIME type if you choose, otherwise it defaults to text/html.
This method is provided for compatability with CGI.pm only. It is much better to use the SendHeaders() method of CGI::Base.
NOTE: This is a temporary method that will be replaced by the CGI::Response module as soon as it is released.
print $query->redirect('http://somewhere.else/in/movie/land');
redirect the browser elsewhere. If you use redirection like this, you should not print out a header as well.
This method is provided for compatability with CGI.pm only. New scripts should use CGI::Base's redirect() method instead.
print $query->start_html(-title=>'Secrets of the Pyramids', -author=>'fred@capricorn.org', -base=>'true', -BGCOLOR=>"#00A0A0"');
-or-
print $query->start_html('Secrets of the Pyramids', 'fred@capricorn.org','true', 'BGCOLOR="#00A0A0"');
This will return a canned HTML header and the opening <BODY> tag. All parameters are optional. In the named parameter form, recognized parameters are -title, -author and -base (see below for the explanation). Any additional parameters you provide, such as the Netscape unofficial BGCOLOR attribute, are added to the <BODY> tag.
Positional parameters are as follows:
print $query->end_html
This ends an HTML document by printing the </BODY></HTML> tags.
General note The various form-creating methods all return strings to the caller, containing the tag or tags that will create the requested form element. You are responsible for actually printing out these strings. It's set up this way so that you can place formatting tags around the form elements.
Another note The default values that you specify for the forms are only used the first time the script is invoked. If there are already values present in the query string, they are used, even if blank. If you want to change the value of a field from its previous value, call the param() method to set it.
Yet another note By default, the text and labels of form elements are escaped according to HTML rules. This means that you can safely use "<CLICK ME>" as the label for a button. However, it also interferes with your ability to incorporate special HTML character sequences, such as Á, into your fields. If you wish to turn off automatic escaping, call the autoEscape() method with a false value immediately after creating the CGI object:
$query = new CGI::Form; $query->autoEscape(undef);
print $query->isindex($action);
Prints out an <ISINDEX> tag. Not very exciting. The optional parameter specifies an ACTION="<URL>" attribute.
print $query->startform($method,$action,$encoding); <... various form stuff ...> print $query->endform;
startform() will return a <FORM> tag with the optional method, action and form encoding that you specify. The defaults are: method: POST action: this script encoding: application/x-www-form-urlencoded
The encoding method tells the browser how to package the various fields of the form before sending the form to the server. Two values are possible:
This is the newer type of encoding introduced by Netscape 2.0. It is suitable for forms that contain very large fields or that are intended for transferring binary data. Most importantly, it enables the "file upload" feature of Netscape 2.0 forms.
Forms that use this type of encoding are not easily interpreted by CGI scripts unless they use CGI.pm or another library designed to handle them.
For your convenience, Form.pm defines two subroutines that contain the values of the two alternative encodings:
use CGI::Form(URL_ENCODED,MULTIPART);
For compatability, the startform() method uses the older form of encoding by default. If you want to use the newer form of encoding by default, you can call start_multipart_form() instead of startform(). endform() returns a </FORM> tag.
print $query->textfield(-name=>'field_name', -default=>'starting value', -size=>50, -maxlength=>80); -or-
print $query->textfield('field_name','starting value',50,80);
textfield() will return a text input field.
As with all these methods, the field will be initialized with its previous contents from earlier invocations of the script. When the form is processed, the value of the text field can be retrieved with:
$value = $query->param('foo');
If you want to reset it from its initial value after the script has been called once, you can do so like this:
$query->param('foo',"I'm taking over this value!");
print $query->textarea(-name=>'foo', -default=>'starting value', -rows=>10, -columns=>50);
-or
print $query->textarea('foo','starting value',10,50);
textarea() is just like textfield, but it allows you to specify rows and columns for a multiline text entry box. You can provide a starting value for the field, which can be long and contain multiple lines.
print $query->password_field(-name=>'secret', -value=>'starting value', -size=>50, -maxlength=>80); -or-
print $query->password_field('secret','starting value',50,80);
password_field() is identical to textfield(), except that its contents will be starred out on the web page.
print $query->filefield(-name=>'uploaded_file', -default=>'starting value', -size=>50, -maxlength=>80); -or-
print $query->filefield('uploaded_file','starting value',50,80);
filefield() will return a file upload field for Netscape 2.0 browsers. In order to take full advantage of this you must use the new multipart encoding scheme for the form. You can do this either by calling startform() with an encoding type of $CGI::MULTIPART, or by calling the new method start_multipart_form() instead of vanilla startform().
The optional second parameter is the starting value for the field contents to be used as the default file name (-default).
The beta2 version of Netscape 2.0 currently doesn't pay any attention to this field, and so the starting value will always be blank. Worse, the field loses its "sticky" behavior and forgets its previous contents. The starting value field is called for in the HTML specification, however, and possibly later versions of Netscape will honor it.
When the form is processed, you can retrieve the entered filename by calling param().
$filename = $query->param('uploaded_file');
In Netscape Beta 1, the filename that gets returned is the full local filename on the remote user's machine. If the remote user is on a Unix machine, the filename will follow Unix conventions:
/path/to/the/file
On an MS-DOS/Windows machine, the filename will follow DOS conventions:
C:\PATH\TO\THE\FILE.MSW
On a Macintosh machine, the filename will follow Mac conventions:
HD 40:Desktop Folder:Sort Through:Reminders
In Netscape Beta 2, only the last part of the file path (the filename itself) is returned. I don't know what the release behavior will be.
The filename returned is also a file handle. You can read the contents of the file using standard Perl file reading calls:
# Read a text file and print it out while (<$filename>) { print; }
# Copy a binary file to somewhere safe open (OUTFILE,">>/usr/local/web/users/feedback"); while ($bytesread=read($filename,$buffer,1024)) { print OUTFILE $buffer; }
print $query->popup_menu('menu_name', ['eenie','meenie','minie'], 'meenie');
-or-
%labels = ('eenie'=>'your first choice', 'meenie'=>'your second choice', 'minie'=>'your third choice'); print $query->popup_menu('menu_name', ['eenie','meenie','minie'], 'meenie',\%labels);
-or (named parameter style)-
print $query->popup_menu(-name=>'menu_name', -values=>['eenie','meenie','minie'], -default=>'meenie', -labels=>\%labels);
popup_menu() creates a menu.
When the form is processed, the selected value of the popup menu can be retrieved using:
$popup_menu_value = $query->param('menu_name');
print $query->scrolling_list('list_name', ['eenie','meenie','minie','moe'], ['eenie','moe'],5,'true'); -or-
print $query->scrolling_list('list_name', ['eenie','meenie','minie','moe'], ['eenie','moe'],5,'true', \%labels);
-or-
print $query->scrolling_list(-name=>'list_name', -values=>['eenie','meenie','minie','moe'], -default=>['eenie','moe'], -size=>5, -multiple=>'true', -labels=>\%labels);
scrolling_list() creates a scrolling list.
The optional sixth argument is a pointer to an associative array containing long user-visible labels for the list items (-labels). If not provided, the values will be displayed.
When this form is procesed, all selected list items will be returned as a list under the parameter name 'list_name'. The values of the selected items can be retrieved with:
@selected = $query->param('list_name');
print $query->checkbox_group(-name=>'group_name', -values=>['eenie','meenie','minie','moe'], -default=>['eenie','moe'], -linebreak=>'true', -labels=>\%labels);
print $query->checkbox_group('group_name', ['eenie','meenie','minie','moe'], ['eenie','moe'],'true',\%labels);
HTML3-COMPATIBLE BROWSERS ONLY:
print $query->checkbox_group(-name=>'group_name', -values=>['eenie','meenie','minie','moe'], -rows=2,-columns=>2);
checkbox_group() creates a list of checkboxes that are related by the same name.
HTML3-compatible browsers (such as Netscape) can take advantage of the optional parameters -rows, and -columns. These parameters cause checkbox_group() to return an HTML3 compatible table containing the checkbox group formatted with the specified number of rows and columns. You can provide just the -columns parameter if you wish; checkbox_group will calculate the correct number of rows for you.
To include row and column headings in the returned table, you can use the -rowheader and -colheader parameters. Both of these accept a pointer to an array of headings to use. The headings are just decorative. They don't reorganize the interpetation of the checkboxes -- they're still a single named unit.
When the form is processed, all checked boxes will be returned as a list under the parameter name 'group_name'. The values of the "on" checkboxes can be retrieved with:
@turned_on = $query->param('group_name');
print $query->checkbox(-name=>'checkbox_name', -checked=>'checked', -value=>'ON', -label=>'CLICK ME');
-or-
print $query->checkbox('checkbox_name','checked','ON','CLICK ME');
checkbox() is used to create an isolated checkbox that isn't logically related to any others.
The value of the checkbox can be retrieved using:
$turned_on = $query->param('checkbox_name');
print $query->radio_group(-name=>'group_name', -values=>['eenie','meenie','minie'], -default=>'meenie', -linebreak=>'true', -labels=>\%labels);
-or-
print $query->radio_group('group_name',['eenie','meenie','minie'], 'meenie','true',\%labels);
HTML3-COMPATIBLE BROWSERS ONLY:
print $query->checkbox_group(-name=>'group_name', -values=>['eenie','meenie','minie','moe'], -rows=2,-columns=>2);
radio_group() creates a set of logically-related radio buttons (turning one member of the group on turns the others off)
HTML3-compatible browsers (such as Netscape) can take advantage of the optional parameters -rows, and -columns. These parameters cause radio_group() to return an HTML3 compatible table containing the radio group formatted with the specified number of rows and columns. You can provide just the -columns parameter if you wish; radio_group will calculate the correct number of rows for you.
To include row and column headings in the returned table, you can use the -rowheader and -colheader parameters. Both of these accept a pointer to an array of headings to use. The headings are just decorative. They don't reorganize the interpetation of the radio buttons -- they're still a single named unit.
When the form is processed, the selected radio button can be retrieved using:
$which_radio_button = $query->param('group_name');
print $query->submit(-name=>'button_name', -value=>'value');
-or-
print $query->submit('button_name','value');
submit() will create the query submission button. Every form should have one of these.
You can figure out which button was pressed by using different values for each one:
$which_one = $query->param('button_name');
print $query->reset
reset() creates the "reset" button. Note that it restores the form to its value from the last time the script was called, NOT necessarily to the defaults.
print $query->defaults('button_label')
defaults() creates a button that, when invoked, will cause the form to be completely reset to its defaults, wiping out all the changes the user ever made.
print $query->hidden(-name=>'hidden_name', -default=>['value1','value2'...]);
-or-
print $query->hidden('hidden_name','value1','value2'...);
hidden() produces a text field that can't be seen by the user. It is useful for passing state variable information from one invocation of the script to the next.
Fetch the value of a hidden field this way:
$hidden_value = $query->param('hidden_name');
Note, that just like all the other form elements, the value of a hidden field is "sticky". If you want to replace a hidden field with some other values after the script has been called once you'll have to do it manually:
$query->param('hidden_name','new','values','here');
print $query->image_button(-name=>'button_name', -src=>'/source/URL', -align=>'MIDDLE');
-or-
print $query->image_button('button_name','/source/URL','MIDDLE');
image_button() produces a clickable image. When it's clicked on the position of the click is returned to your script as "button_name.x" and "button_name.y", where "button_name" is the name you've assigned to it.
Fetch the value of the button this way: $x = $query->param('button_name.x'); $y = $query->param('button_name.y');
If you are running the script from the command line or in the perl debugger, you can pass the script a list of keywords or parameter=value pairs on the command line or from standard input (you don't have to worry about tricking your script into reading from environment variables). You can pass keywords like this:
your_script.pl keyword1 keyword2 keyword3
or this:
your_script.pl keyword1+keyword2+keyword3
or this:
your_script.pl name1=value1 name2=value2
or this:
your_script.pl name1=value1&name2=value2
or even as newline-delimited parameters on standard input.
When debugging, you can use quotes and backslashes to escape characters in the familiar shell manner, letting you place spaces and other funny characters in your parameter=value pairs:
your_script.pl name1='I am a long value' name2=two\ words
The dump() method produces a string consisting of all the query's name/value pairs formatted nicely as a nested list. This is useful for debugging purposes:
print $query->dump
Produces something that looks like:
<UL> <LI>name1 <UL> <LI>value1 <LI>value2 </UL> <LI>name2 <UL> <LI>value1 </UL> </UL>
You can pass a value of 'true' to dump() in order to get it to print the results out as plain text, suitable for incorporating into a <PRE> section.
All the environment variables, such as REMOTE_HOST and HTTP_REFERER, are available through the CGI::Base object. You can get at these variables using with the cgi() method (inherited from CGI::Request):
$query->cgi->var('REMOTE_HOST');
This code is copyright 1995 by Lincoln Stein and the Whitehead Institute for Biomedical Research. It may be used and modified freely. I request, but do not require, that this credit appear in the code.
Address bug reports and comments to: lstein@genome.wi.mit.edu
#!/usr/bin/perl use CGI::Form; $query = new CGI::Form;
print $query->header; print $query->start_html("Example CGI.pm Form"); print "<H1> Example CGI.pm Form</H1>\n"; &print_prompt($query); &do_work($query); &print_tail; print $query->end_html; sub print_prompt { my($query) = @_; print $query->startform; print "<EM>What's your name?</EM><BR>"; print $query->textfield('name'); print $query->checkbox('Not my real name'); print "<P><EM>Where can you find English Sparrows?</EM><BR>"; print $query->checkbox_group('Sparrow locations', [England,France,Spain,Asia,Hoboken], [England,Asia]); print "<P><EM>How far can they fly?</EM><BR>", $query->radio_group('how far', ['10 ft','1 mile','10 miles','real far'], '1 mile'); print "<P><EM>What's your favorite color?</EM> "; print $query->popup_menu('Color',['black','brown','red','yellow'],'red'); print $query->hidden('Reference','Monty Python and the Holy Grail'); print "<P><EM>What have you got there?</EM> "; print $query->scrolling_list('possessions', ['A Coconut','A Grail','An Icon', 'A Sword','A Ticket'], undef, 10, 'true'); print "<P><EM>Any parting comments?</EM><BR>"; print $query->textarea('Comments',undef,10,50); print "<P>",$query->reset; print $query->submit('Action','Shout'); print $query->submit('Action','Scream'); print $query->endform; print "<HR>\n"; } sub do_work { my($query) = @_; my(@values,$key);
print "<H2>Here are the current settings in this form</H2>";
foreach $key ($query->param) { print "<STRONG>$key</STRONG> -> "; @values = $query->param($key); print join(", ",@values),"<BR>\n"; } } sub print_tail { print <<END; <HR> <ADDRESS>Lincoln D. Stein</ADDRESS><BR> <A HREF="/">Home Page</A> END }
This module doesn't do as much as CGI.pm, and it takes longer to load. Such is the price of flexibility.