#!/usr/bin/perl
use strict;
use CGI;

#defs
#path to sql query
my $sql_file='/tmp/temp.sql';
#path to realy application
my $relay='./relay.pl';

#print CGI header
print "Content-type: text/html\n\n";

#print html
print "<html>";
print "<head><title>Example</title></head>";
print "<h2>Example<lt/h2><hr>";
print "<body bgcolor=lightyellow>";

#use CGI.pm to read in FORM parameters
my $query = new CGI;
my %params = $query->Vars();
my $serial = "$params{'serial'}";
%params=();

#Security- check form parameters
if($serial !~ m/\d{14}/ || length($serial) != 14){
	print "Invalid Serial Number.";
}
else{
	#write query to temp file
	open(FH, '>', "$sql_file");
	print FH <<DONE;
	<select db='prod'>
			*
		from
			OBJECT_ASSEMBLY
		where
			object_id='$serial'
	</select>
DONE
	close(FH);
	
	#execute query
	open(FH, "perl $relay $sql_file |");
	my @results=<FH>;
	close(FH);
	
	#Display results
	foreach(@results){
	        print "<pre>$_</pre>";
	}
}
print "</body>";
print "</html>";