Stupid Web Tricks: Create a guestbook

Develop your online community with a guestbook.

Once you're attracting a steady stream of intellectuals and visionaries to your Web site, giving them a place to leave their thoughts can be a rewarding experience. Or you may just want to let your drinking buddies make fun of your newest content. Either way, a guest book is a cheap and easy way to develop your own online community.

A guest book is a CGI script that takes input from an HTML form and writes it to a page on your site, allowing visitors to add text to your pages. As with all CGI scripts, you should check your host ISP's policy on CGIs before trying to set up one. Some ISPs have policies that prohibit users' CGI scripts, because poorly written scripts can crash the server or open security holes. On the other hand, many ISPs provide a library of prewritten, preapproved Perl scripts for use on members' sites.

The script used here was written by CNET Web Site Engineer Matt Rotter.

Step One
Add a form anywhere on your HTML page for visitors to fill out (replace hostname/cgi-bin with your own server's domain and CGI directory path):

<FORM method="post" action="http://hostname/cgi-bin/guestbook.cgi">
Name: <INPUT type=text name="name" size=30><BR>
Email: <INPUT type=text name="email" size=30><BR>
Home page name:
<INPUT type=text name="www" size=30><BR>
Home page URL:
<INPUT type=text name="url" size=30><BR>
<TEXTAREA name="body" rows=3 cols=45
<INPUT type=submit value="Sign in">



Note that the word add is commented out at the bottom. This is important, since it will be used as a marker by the script later.

Step Two
Create a document called guestbook.cgi containing the code below and save it to your CGI directory. Remember to change the values for $guestbookreal in line 3 and $return in line four to your own paths. Also, be sure the first line of the script points to the server's Perl interpreter. It's typically at /usr/bin/perl, but it may not be. Check with your ISP if you're not sure.


#variables that will be used later.
$guestbookreal = "/real/path/to/guestbook.html";
$return = "";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair(@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/<\!\-\-.*\-\->//g; # get rid of SSI
$in{$name} = $value;

open (FILE,"$guestbookreal");
chop (@LINES);

open (GUEST,">$guestbookreal");

for ($i=0;$i<=$SIZE;$i++) {
print GUEST "$_\n";
if (/<!--add-->/) {
if ($in{'email'} ne '') {
print GUEST "<b><a href=\"mailto:$in{'email'}\">";
print GUEST "$in{'name'}</a></b>:<br>\n";
} else {
print GUEST "<b>$in{'name'}</b>:<br>\n";
if ($in{'www'} ne '') {
print GUEST "<a href=\"$in{'url'}\">";
print GUEST "$in{'www'}</a><br>\n";
print GUEST "$in{'body'}<p>\n";

close (GUEST);
print "Location: $return\n\n";

Be sure to set the permissions correctly on guestbook.html and guestbook.cgi--the server must be able to write to guestbook.html and be able to excute guestbook.cgi.

That's it. To test your guest book, visit the page that contains the form and try to submit it.

Editor's note: This page has been altered from its original version. This article incorrectly instructed readers to set directory write permissions, which allowed for a security hole. These instructions were removed. (4/3/98)