4.2. Embedding Perl Code

Perl code can be directly embedded in Interchange pages. The code is specified as:

   [perl]
       $name    = $Values->{name};
       $browser = $Session->{browser};
       return "Hi, $name! How do you like your $browser?";
   [/perl]

ASP syntax can be used with:

   [mvasp]
       <%
       $name    = $Values->{name};
       $browser = $Session->{browser};
       %>
       Hi, <%= $name %>!
       <%
           HTML "How do you like your $browser?";
       %>
   [/mvasp]

The two examples above are essentially equivalent. See the perl and mvasp tags for usage details.

The [perl] tag enforces Safe.pm checking, so many standard Perl operators are not available. This prevents user access to all files and programs on the system without the Interchange daemon's permissions. See GlobalSub and User-defined Tags for ways to make external files and programs available to Interchange.

Named parameters:
See the perl tag for a description of the tag parameters and attributes. These include:

       [perl tables="tables-to-open"*
               subs=1*
             global=1*
          no_return=1*
            failure="Return value in case of compile or runtime error"*
               file="include_file"*]

Required parameters: none

Any Interchange tag (except ones using SQL) can be accessed using the $Tag object. If using SQL queries inside a Perl element, AllowGlobal permissions are required and and the global=1 parameter must be set. Installing the module Safe::Hole along with sharing the database table with <tables=tablename> will enable SQL use.

For example:

           # If the item might contain a single quote
           [perl]
           $comments = $Values->{comments};
           [/perl]

---

Important Note: Global subroutines are not subject to the stringent security check from the Safe module. This means that the subroutine will be able to modify any variable in Interchange and will be able to write to read and write any file that the Interchange daemon has permission to write. Because of this, the subroutines should be used with caution. They are defined in the main interchange.cfg file and can't be reached by from individual users in a multi-catalog system.

---

Global subroutines are defined in interchange.cfg with the GlobalSub directive or in user catalogs which have been enabled through AllowGlobal. Catalog subroutines are defined in catalog.cfg, with the Sub directive and are subject to the stringent Safe.pm security restrictions that are controlled by the global directive SafeUntrap.

The code can be as complex as you want them to be, but cannot be used by operators that modify the file system or use unsafe operations like "system," "exec," or backticks. These constraints are enforced with the default permissions of the standard Perl module Safe. Operations may be untrapped on a system-wide basis with the SafeUntrap directive.

The result of this tag will be the result of the last expression evaluated, just as in a subroutine. If there is a syntax error or other problem with the code, there will be no output.

Here is a simple one which does the equivalent of the classic hello.pl program:

   [perl] my $tmp = "Hello, world!"; $tmp; [/perl]

There is no need to set the variable. It is there only to show the capability.

To echo the user's browser, but within some HTML tags:

   [perl]
   my $html = '<H5>';
   $html .= $Session->{browser};
   $html .= '</H5>';
   $html;
   [/perl]

To show the user their name and the current time:

   [perl]

   my $string = "Hi, " . $Values->{name} ". The time is now ";
   $string .= $Tag->time();
   $string;

   [/perl]