[Wolves] Perl and CGI Books

Barbie barbie at missbarbell.co.uk
Mon Nov 29 21:00:40 GMT 2004 

On 29 November 2004 20:06 Mo Awkati wrote:

> Ok. What I want to do is manage the church website
> like put some feedback forms, record the number of
> people who visit the site etc.

First off have a look at the NMS site [1]. If you have to download Perl scripts from anywhere on the web that is the only place to go. The scripts are written by experts in their field, and that includes security, not just Perl. Every single script has been peer reviewed and has a very responsive developer community.

[1] http://nms-cgi.sourceforge.net/

Secondly, I would agree with sparkes' comments, "DON'T DO CGI! EVER!". Unless you do understand CGI, and this goes beyond Perl, then you can open yourself up to a whole heap of trouble. That said, yes Perl is often seen as a quick hack, but that is mainly because there is so much code on CPAN [2] (the Perl library source repository) that pretty much does everything you ever wanted to do. However, putting it all together responsibly can be tricky and where most fall over.

[2] http://search.cpan.org

I was asked to today for a list of Perl books I'd recommend, and my answer was the following:

There are a lot to choose from. However, it depends what you want to get out of the experience. Ones I think are worthwhile include:

  Programming Perl (O'Reilly)
  Learning Perl Objects, References & Modules (O'Reilly)
  Data Munging with Perl (Manning)
  Object Orientated Perl (Manning)

Also worth reading as extras are:

  Perl Debugged (Addison Wesley)
  Perl Medic - Transforming Legacy Code (Addison Wesley)
  DeBugging Perl (Osbourne McGraw Hill)

There is also a couple of books that might be worth investigating, that I haven't read, but others have rated:

  Perl for C Programmers (New Riders)
  Embedding and Extending Perl (Manning)
  Effective Perl Programming (Addison Wesley)

Perl is not the only language that can do CGI, and CGI is not Perl's only talent. Often the two statements get confused. PHP was written for the web, and speaking to Rasmus recently, he only ever intends to support the CGI aspect of PHP. As such its well crafted for that job and that alone. I personally haven't had any experience of Python, but sparkes has already commented on it's merits.

I would disagree with sparkes with regards to Perl not being a good learning language, as many come to the language from knowing C and shell scripting. Along with sed and awk, they fit Perl's way of thinking very well. There are plenty of quick scripts you can get up and running and once you get to know Perl you'll get to know the idioms that make it better.

However, coming back to your original question. Diving in the deep-end with Perl and CGI is not to be taken lightly. However, Perl does have one very useful little weapon in it's security arsenal and that's 'taint'. using -T to taint your data, can largely safe guard the obvious attacks. It's surprising how many CGI scripts written in Perl forget about it. However, the SQL injections that are common attacks, can be done in virtually any language and is largely down to bad coding practices, rather than the language.

> The language has to be supported by the website host.
> I know they support Perl. By the sound of it PHP
> sounds like a nightmare :-) what is the best option?

As long as you are thinking about security, ensuring that you are using coding practices, and are using a good Perl book, then you could do worse :)

As sparkes has also note Perl runs on Windows as well as Linux. In fact it's regularly tested on over 60 different operating systems (although to be fair some are different flavours of the same thing). If you are using CPAN modules you can be pretty much be assure they are reliable, as the cpan-testers (of which I'm one) among others, will jump on bugs and the like very quickly, and most authors patch and resubmit very quickly too.

If you ever feel like coming along to one of the Birmingham Perl Monger [3] meetings, we can give you some useful hints and tips regarding Perl. Our technical meetings have finished for the year now, but we'll be starting those up again in March. However, our social meetings are the second Wednesday of the month (although that occasionally clashes with the WolvesLUG), but if you ever want some advice you could always join our mailing list [4].

[3] http://birmingham.pm.org
[4] http://birmingham.pm.org/docs/subscribe.html

HTH,
Barbie.
-- 
Barbie (@missbarbell.co.uk) | Birmingham Perl Mongers user group | http://birmingham.pm.org/

______________________________________________________________________

More information about the Wolves mailing list