Answers to Lesson Four Exercises

1. Setting the 'maxlength' attribute of an input tag to '20' will not guarantee that a maximum of 20 characters will be sent to your CGI script for that form element. Why is that?

   The maxlength atttribute will prevent the casual user of your site from entering more characters in a text field than you have specified via this attribute. However, a cracker can simply save your form to his computer and delete the "maxlength" attribute, or increase its value. From there, it's a simple matter to make sure that the form still points to the correct URL and resubmit it with any length of data he wants in the appropriate input field.

2. What is CGI::Pretty used for?

   CGI.pm runs the HTML together in one big, jumbled mess. CGI::Pretty allows you to have some control over the HTML formatting if you desire "nice looking" HTML.

3. Write the CGI.pm HTML shortcut that will reproduce the following HTML:

   <h1>Log in to my web site</h1>
   <p>Enter your username and password:</p>
   
   print $cgi->h1( "Log in to my web site" ),
         $cgi->p( "Enter your username and password:" );
   

4. This one is a bit more difficult, but not terribly hard. Write the HTML shortcuts for this:

   <table border="1">
     <tr>
       <td>This is a table cell.</td>
       <td>This is another one.</td>
     </tr>
     <tr>
       <td>Are we there yet?</td>
       <td>I'm getting hungry!</td>
     </tr>
   </table>
   
   print table( { -border => '1' },
           Tr(
             td( "This is a table cell" ),
             td( "This is another one" )
           ), # end Tr
           Tr(
             td( "Are we there yet?" ),
             td( "I'm getting hungry!" )
           )  # end Tr
         );   # end table

   Note that 'Tr' is capitalized to avoid conflict with the tr/// operator.