HTML::Embperl - Perl extension for embedding Perl code in HTML documents


Embperl is a Perl extension module which gives you the power to embed Perl code directly in your HTML documents (like server-side includes for shell commands).



Embperl can operate in one of four modes:


Converts an HTML file with embedded Perl statements into a standard HTML file. [-o outputfile] [-l logfile] [-d debugflags] htmlfile [query_string]

embpexec.bat [-o outputfile] [-l logfile] [-d debugflags] htmlfile [query_string]

Use on Unix systems and embpexec.bat on Win32 systems.


The full pathname of the HTML file which should be processed by Embperl.


Optional. Has the same meaning as the environment variable QUERY_STRING when invoked as a CGI script. That is, QUERY_STRING contains everything following the first "?" in a URL. <query_string> should be URL-encoded. The default is no query string.

-o outputfile

Optional. Gives the filename to which the output is written. The default is stdout.

-l logfile

Optional. Gives the filename of the logfile. The default is /tmp/embperl.log.

-d debugflags

Optional. Specifies the level of debugging (what is written to the log file). The default is nothing. See "EMBPERL_DEBUG" for exact values.

As a CGI script

Instead of a file being sent directly by the web server, the document is processed by the CGI script and the result is sent to the client.


Use on Unix systems and embpcgi.bat on Win32 systems.

If is invoked without any parameters and the environment variable PATH_TRANSLATED is set, it runs itself as a CGI script. This means that form data is taken either from the environment variable QUERY_STRING or from stdin, depending on whether or not CONTENT_LENGTH is set. (This will be set by the web server depending on whether the request method is GET or POST). Input is taken from the file pointed to by PATH_TRANSLATED and the output is send to stdout. The logfile is generated at its default location, which is configurable via the environment variable EMBPERL_LOG.

To use this mode you must copy to your cgi-bin directory. You can invoke it with the URL

The /url/of/your/document will be passed to Embperl by the web server. Normal processing (aliasing, etc.) takes place before the URI makes it to PATH_TRANSLATED.

If you are running the Apache httpd, you can also define as a handler for a specific file extention or directory.

Example of Apache srm.conf:

    <Directory /path/to/your/html/docs>
    Action text/html /cgi-bin/embperl/

NOTE Out of security reasons, must not be used anymore as CGI script!

From mod_perl (Apache httpd)

This works like the CGI-Script, but with the advantage that the script is compiled only once at server startup, where other one-time actions (such as opening files and databases) can take place. This will drastically reduce response times for the request. To use this you must compile Apache httpd with mod_perl and add HTML::Embperl as the PerlHandler.

Example of Apache srm.conf:

    SetEnv EMBPERL_DEBUG 2285

    Alias /embperl /path/to/embperl/eg

    <Location /embperl/x>
    SetHandler  perl-script
    PerlHandler HTML::Embperl
    Options     ExecCGI

Another possible setup (for Apache 1.3bX see below) is

    SetEnv EMBPERL_DEBUG 2285

    <Files *.epl>
    SetHandler  perl-script
    PerlHandler HTML::Embperl
    Options     ExecCGI

    AddType text/html .epl

Don't forget the AddType. In this setup, all files ending with .epl are processed by Embperl.

NOTE: Since <Files> does not work the same in Apache 1.3bX as it does in Apache 1.2.x, you need to use <FilesMatch> instead.

    <FilesMatch ".*\.epl$">
    SetHandler  perl-script
    PerlHandler HTML::Embperl
    Options     ExecCGI

See the section "EMBPERL_DEBUG" (dbgLogLink and EMBPERL_VIRTLOG) to find out how you can configure Embperl so you can view the log file with your browser!

By calling HTML::Embperl::Execute (\%param)

Execute can be used to call Embperl from your own modules/scripts (for example from a Apache::Registry or CGI script) or from within another Embperl page (only 1.2b1 or higher) to nest multiple Embperl pages (for example to store a common header or footer in an different file).

There are two forms you can use for calling Execute. A short form which only takes an filename and optional additional parameters or a long form which takes a hash reference as its argument. This gives it the chance to vary the parameters according to the job that should be done.

(See eg/x/ for more detailed examples)

  Execute($filename, $p1, $p2, $pn) ;

This will cause Embperl to interpret the file with the name $filename and, if specified, pass any additional parameters in the array @param (just like @_ in a perl subroutine). The above example could also be written in the long form:

  Execute ({inputfile => $filename,
            param     => [$p1, $p2, $pn]}) ;

The possible items for hash of the long form are:


The file which should be used as source. If input is also specified, this parameter should be given a unique name to identify the source. Every time Embperl sees the same text in inputfile, it assumes that you compiled the same source - that means that Embperl uses the same package name as in your last call, and only recompiles the code if mtime has changed or is undefined.


Call the Embperl subroutine named by this parameter(see also "[$ sub $]"). Currently the subroutine must be in the same file or if it's in another file, the other file has to be imported first.


Reference to a string which contains the source. inputfile must also be specified to give a name for the source. The name can be any text.


Last modification time of member input. If undef the code passed by input is always recompiled, else the code is only recompiled if mtime changes.


File to which the output should be written. If neither outputfile nor output is specified, ouput is written to stdout.


Reference to a scalar where the output should be written to.


A value of zero tell's Embperl not to execute the page, but define all subrountines found inside. This is neccessary before calling them with Execute by the sub parameter or for an later import.

A value of one tell's Embperl to define to subrountines inside the file (if not already done) and to import them as perl subroutines into the current namespace.

See [$ sub $] metacommand and section about subroutines for more infos.


NOTE: The req_rec parameter isn't necessary anymore in versions >= 1.2b2

If used under mod_perl, you should set the req_rec parameter to the Apache request record object provided by mod_perl.


This value specifies if and when the cleanup of the package should be executed. (See "Variable scope and cleanup" below for more information on cleanup)

cleanup = -1

Never cleanup the variables

cleanup = 0 or not specified

If running under mod_perl, cleanup is delayed until the connection to the client is closed, so it does not lengthen the response time to the client. If the Execute function is called more the once before the end of the request, all cleanups take place after the end of the request and not between calls to Execute.

If running as a CGI or offline, cleanup takes place immediately.

cleanup = 1

Immediate cleanup


Can be used to pass parameters to the Embperl document and back. Must contain a reference to an array.


    HTML::Embperl::Execute(..., param => [1, 2, 3]) ;
    HTML::Embperl::Execute(..., param => \@parameters) ;

The array @param in the Embperl document is setup as an alias to the array. See eg/x/ for a more detailed example.

ffld and fdat

Could be used to setup the two Embperl predefined variables.


Specifies the first linenumber of the sourcefile (Default: 1)


Same as "EMBPERL_OPTIONS" (see below), except for cleanup.

NOTE: You should set the optDisableFormData if you have already read the form data from stdin while in a POST request. Otherwise Execute will hang and try to read the data a second time.


Same as "EMBPERL_DEBUG" (see below).


Same as "EMBPERL_ESCMODE" (see below).


Same as "EMBPERL_PACKAGE" (see below).


Same as "EMBPERL_VIRTLOG" (see below). If virtlog is equal to uri the logfile is sent.


The URI of the request. Only needed for the virtlog feature.


Same as "EMBPERL_COMPARTMENT" (see below).


Same as "EMBPERL_INPUT_FUNC" (see below). Additionaly you can specify an code reference to an perl function, which is used as input function or an array reference, where the first element contains the code reference and further elements contains additional arguments passed to the function.


Same as "EMBPERL_OUTPUT_FUNC" (see below). Additionaly you can specify an code reference to an perl function, which is used as output function or an array reference, where the first element contains the code reference and further elements contains additional arguments passed to the function.

Same as "EMBPERL_COOKIE_NAME" (see below).

Same as "EMBPERL_COOKIE_PATH" (see below).

Same as "EMBPERL_COOKIE_DOMAIN" (see below).

Same as "EMBPERL_COOKIE_EXPIRES" (see below).

Helper functions for Execute

HTML::Embperl::Init ($Logfile, $DebugDefault)

This function can be used to setup the logfile path and (optional) a default value for the debugflags, which will be used in further calls to Execute. There will always be only one logfile, but you can use Init to change it at any time.

NOTE: You do not need to call Init in version >= 0.27. The initialization of Embperl takes place automatically when it is loaded.

HTML::Embperl::ScanEnvironement (\%params)

Scans the %ENV and setups %params for use by Execute. All Embperl runtime configuration options are recognized, except EMBPERL_LOG.

EXAMPLES for Execute:

 # Get source from /path/to/your.html and
 # write output to /path/to/output'

 HTML::Embperl::Execute ({ inputfile  => '/path/to/your.html',
                           outputfile => '/path/to/output'}) ;

 # Get source from scalar and write output to stdout
 # Don't forget to modify mtime if $src changes

 $src = '<html><head><title>Page [+ $no +]</title></head>' ;

 HTML::Embperl::Execute ({ inputfile  => 'some name',
                           input      => \$src,
                           mtime      => 1 }) ;

 # Get source from scalar and write output to another scalar

 my $src = '<html><head><title>Page [+ $no +]</title></head>' ;
 my $out ;

 HTML::Embperl::Execute ({ inputfile  => 'another name',
                           input      => \$src,
                           mtime      => 1,
                           output     => \$out }) ;

 print $out ;

 # Include a common header in an Embperl page, 
 # which is stored in /path/to/head.html
 [- Execute ('/path/to/head.html') -]

Runtime configuration

The runtime configuration is done by setting environment variables, either on the command line (when working offline) or in your web server's configuration file. Most HTTP servers understand

SetEnv <var> <value>

If you are using Apache and mod_perl you can use

PerlSetEnv <var> <value>

The advantage of PerlSetEnv over SetEnv is that it can be used on a per directory/virtual host basis.


If specified, only files which match the given perl regular expression will be processed by Embperl, all other files will be handled by the standard Apache handler. This can be useful if you have Embperl documents and non Embperl documents (e.g. gifs) cohabitating in the same directory. EMBPERL_FILESMATCH works only under mod_perl.

 # Only files which end with .htm will processed by Embperl


If specified, only files which match the given perl regular expression will be processed by Embperl, all other files will return FORBIDDEN. Especialy in a CGI environenemt this can be usefull to make a server more secure.


Gives the name of the compartment from which to take the opcode mask. (See the chapter about "(Safe-)Namespaces and opcode restrictions" for more details.)


Specifies the initial value for "$escmode" (see below).


Gives the location of the log file. This will contain information about what Embperl is doing. How much information depends on the debug settings (see "EMBPERL_DEBUG" below). The log output is intended to show what your embedded Perl code is doing and to help debug it. The default is /tmp/embperl.log.

NOTE: When running under mod_perl you need to use PerlSetEnv for setting the logfile path, and mod_perl >= 1.07_03 if you load Embperl at server startup (with PerlScript or PerlModule).


The name of the package where your code will be executed. By default, Embperl generates a unique package name for every file. This ensures that variables and functions from one file can not affect those from another file. (Any package's variables will still be accessible with explicit package names.)


Gives a virtual location where you can access the Embperl logfile with a browser. This feature is disabled (default) if EMBPERL_VIRTLOG is not specified. See also "EMBPERL_DEBUG" and dbgLogLink for an Example how to set it up in your srm.conf.


This bitmask specifies some options for the execution of Embperl. To specify multiple options, simply add the values together.

optDisableVarCleanup = 1

Disables the automatic cleanup of variables at the end of each request.

optDisableEmbperlErrorPage = 2

Tells Embperl to not send its own errorpage in case of failure, instead shows as much of the page as possible. Errors are only logged to the log file. Without this option, Embperl sends its own error page, showing all the errors which have occurred. If you have dbgLogLink enabled, every error will be a link to the corresponding location in the log file. This option has no effect if optReturnError is set.

optReturnError = 262144

With this option set Embperl sends no output in case of an error, instead it returns the error back to Apache or the calling programm. When running under mod_perl this gives you the chance to use the Apache ErrorDocument directive to show a custom error-document.

optSafeNamespace = 4

Tells Embperl to execute the embedded code in a safe namespace so the code cannot access data or code in any other package. (See the chapter about "(Safe-)Namespaces and opcode restrictions" below for more details.)

optOpcodeMask = 8

Tells Embperl to apply an operator mask. This gives you the chance to disallow special (unsafe) opcodes. (See the Chapter about "(Safe-)Namespaces and opcode restrictions" below for more details.)

optRawInput = 16

Causes Embperl not to pre-process the source for a Perl expression. (The only exception is that carriage returns will be removed, as Perl does not like them.) This option should be set when you are writing your code with an ASCII editor.

If you are using a WYSIWYG editor which inserts unwanted HTML tags in your Perl expressions and escapes special charcaters automatically (e.g., `<' appears as `&lt;' in the source), you should not set this option. Embperl will automatically convert the HTML input back to the Perl expressions as you wrote them.

optEarlyHttpHeader = 64

Normally, HTTP headers are sent after a request is finished without error. This gives you the chance to set arbitrary HTTP headers within the page, and gives Embperl the chance to calculate the content length. Also Embperl watches out for errors and sends an errorpage instead of the document if something goes wrong. To do this, all the output is kept in memory until the whole request is processed, then the HTTP headers are sent, and then the document. This flag will cause the HTTP headers to be sent before the script is processed, and the script's output will be sent directly.

optDisableChdir = 128

Without this option, Embperl changes the currect directory to the one where the script resides. This gives you the chance to use relative pathnames. Since directory-changing takes up some millisecs, you can disable it with this option if you don't need it.

optDisableFormData = 256

This option disables the setup of %fdat and @ffld. Embperl will not do anything with the posted form data.

optDisableHtmlScan = 512

When set, this option disables the scanning of all html-tags. Embperl will only look for [+/-/!/$ ... $/!/-/+]. This will disable dynamic tables, processing of the input data and so on.

optDisableInputScan = 1024

Disables processing of all input-related tags. (<INPUT><TEXTAREA><OPTION>)

optDisableTableScan = 2048

Disables processing of all table-related tags. (<TABLE><TH><TR><TD><MENU><OL><SELECT><UL>)

optDisableMetaScan = 4096

Disables processing of all meta tags. (<META HTTP-EQUIV>)

optAllFormData = 8192

This option will cause Embperl to insert all formfields in %fdat and @ffld, even if they are empty. Empty formfields will be inserted with an empty string. Without this option empty formfields will not be insert in %fdat and @ffld.

optRedirectStdout = 16384

Redirects STDOUT to the Embperl output stream before every request and resets it afterwards. If set, you can use a normal Perl print inside any Perl block to output data. Without this option you can only output data by using the [+ ... +] block, or printing to the filehandle OUT.

optUndefToEmptyValue = 32768

Normally if there is no value in %fdat for a specific input field, Embperl will leave it untouched. When this option is set, Embperl will handle the field as if an empty string was stored in %fdat for the field.

optNoHiddenEmptyValue = 65536 (only 1.2b2 and above)

Normally, if there is a value defined in %fdat for a specific input field, Embperl will output a hidden input element for it when you use hidden. When this option is set, Embperl will not output a hidden input element for this field when the value is a blank string.

optAllowZeroFilesize = 131072 (only 1.2b2 and above)

Normaly Embperl reports NOT_FOUND (404) if a file of length zero is requested. With this option set Embperl will return an empty document.

optKeepSrcInMemory = 524288 (only 1.2b5 and above)

Tells Embperl to keep the source file in memory and not reload it on every request. (The precompiled Perlcode is always kept in memory, regardless of this flag)

optKeepSpaces = 1048576 (only 1.2b5 and above) = 0x100000,

Disable the removing of spaces and empty lines from the output. This is usefull for other sources then HTML.

optOpenLogEarly = 2097152 (only 1.2b5 and above)

This option causeses Embperl to open the logfile as soon as it is loaded into memory. You can use this when you load Embperl via PerlModule under Apache, to open the log as root instead of the non-privileged user Apache runs as.

optUncloseWarn = 4194304 (only 1.2b6 and above)

Disable the warnings about unclosed if, while, table etc. at the end of the file.


This is a bitmask which specifies what should be written to the log. To specify multiple debugflags, simply add the values together. The following values are defined:

dbgStd = 1

Show minimum information.

dbgMem = 2

Show memory and scalar value allocation.

dbgEval = 4

Show arguments to and results of evals.

dbgCmd = 8

Show metacommands and HTML tags which are processed.

dbgEnv = 16,

List every request's environment variables.

dbgForm = 32

Lists posted form data.

dbgTab = 64

Show processing of dynamic tables.

dbgInput = 128

Show processing of HTML input tags.

dbgFlushOutput = 256

Flush Embperl's output after every write. This should only be set to help debug Embperl crashes, as it drastically slows down Embperl's operation.

dbgFlushLog = 512

Flush Embperl's logfile output after every write. This should only be set to help debug Embperl crashes, as it drastically slows down Embperl's operation.

dbgAllCmds = 1024

Logs all commands and HTML tags, whether or not they are really excuted or not. (It logs a `+' or `-' to tell you if they are executed.)

dbgSource = 2048

Logs the next piece of the HTML source to be processed. (NOTE: This generates a lot of output!)

dbgFunc = 4096

This is only anvailable when Embperl is compiled with -DEPDEBUGALL, and is normally only used for debugging Embperl itself. Records all function entries to the logfile.

Inserts a link at the top of each page which can be used to view the log for the current HTML file. See also "EMBPERL_VIRTLOG".


    SetEnv EMBPERL_DEBUG 10477
    SetEnv EMBPERL_VIRTLOG /embperl/log

    <Location /embperl/log>
    SetHandler perl-script
    PerlHandler HTML::Embperl
    Options ExecCGI
dbgDefEval = 16384

Shows every time new Perl code is compiled.

dbgCacheDisable = 32768

Disables the use of the p-code cache. All Perl code is recompiled every time. (This should not be used in normal operation as it slows down Embperl dramatically.) This option is only here for debugging Embperl's cache handling. There is no guarantee that Embperl behaves the same with and without cache (actually is does not!)

dbgHeadersIn = 262144

Log all HTTP headers which are sent from the browser.

dbgShowCleanup = 524288

Show every variable which is undef'd at the end of the request. For scalar variables, the value before undef'ing is logged.

dbgProfile = 1048576 (only 1.2b4 and above)

When set every source line in the log file will also display the time until request was started. (dbgSource must also be set)

dbgSession = 2097152 (only 1.2b4 and above)

Enables logging of session transactions.

dbgImport = 4194304 (only 1.2b5 and above)

Show how subroutines are imported in other namesapces

A good value to start is 2285 or 10477 if you want to view the logfile with your browser. (Don't forget to set EMBPERL_VIRTLOG.) If Embperl crashes, add 512 so the logfile is flushed after every line is written and you can see where Embperl is when it crashes.


This directive gives you the possiblity to specify a non-standard way of fetching input. Normally, Embperl reads its input (source) from a file (or gets it from a scalar if you use Execute). Here, you can give the name of a Perl function which is called instead of reading the input from a file. The function must look like the following:

 InputFunc ($r, $in, $mtime, additional parameters...) ;

Apache Request Record (see perldoc Apache for details)


a reference to a scalar, to which the input should be returned.


 open F, "filename" ;
 local $\ = undef ;
 $$in = <F> ;
 close F ;

a reference to a scalar, to which the modification time should be returned.


 $$mtime = -M "filename" ;

You can give additional parameters (which must be comma-separated) to EMBPERL_INPUT_FUNC which will then pass them as a string.


  PerlSetEnv EMBPERL_INPUT_FUNC "InputFunc, foo, bar"

  will call

  InputFunc ($r, $in, $mtime, 'foo', 'bar') ;

  to get the input.

EXAMPLE for an input function which does just the same as Embperl

 sub Input

    my ($r, $in, $mtime) = @_ ;

    open F, $r -> filename or return NOT_FOUND ;
    local $\ = undef ;
    $$in = <F> ;
    close F ;

    $$mtime = -M $r -> filename ;
    return 0 ;

See also ProxyInput below, for an input function which comes with Embperl.

NOTE: There are also two modules (HTML::EmbperlChain and Apache::EmbperlFilter) which provides you with the possibility to chain Embperl and other modules together.


This directive allows you to specify a non-standard way of dealing with output. Normally, Embperl sends its output (source) to a file/the browser (or to a scalar if you use Execute). Here, you can give the name of a Perl function which is called instead of sending the output to a file/the browser. The function must look like the following:

 OutputFunc ($r, $out, additional parameters...) ;

Apache Request Record (see perldoc Apache for details)


a reference to a scalar, which contains the output from Embperl

You can give additional parameters (which must be comma-separated) to EMBPERL_OUTPUT_FUNC, which will then pass them as a string.


  PerlSetEnv EMBPERL_OUTPUT_FUNC "OutputFunc, foo, bar"

  will call

  OutputFunc ($r, $out, 'foo', 'bar') ;

  for output.

EXAMPLE for an ouput function which does just the same as Embperl

 sub Output

    my ($r, $out) = @_ ;

    $r -> send_http_header ;

    $r -> print ($$out) ;

    return 0 ;

See also LogOutput below, for an output function which comes with Embperl.

NOTE: There are also two modules (HTML::EmbperlChain and Apache::EmbperlFilter) which provides you with the possibility to chain Embperl and other modules together.


Specifies which host the MailFormTo function uses as SMTP server. Default is localhost.


If set all errors will be send to the email adress given.

(only 1.2b4 or above) Set the name that Embperl uses when it sends the cookie with the session id. Default is EMBPERL_UID.

(only 1.2b4 or above) Set the domain that Embperl uses for the cookie with the session id. Default is none.

(only 1.2b4 or above) Set the path that Embperl uses for the cookie with the session id. Default is none.

(only 1.2b4 or above) Set the expiration date that Embperl uses for the cookie with the session id. Default is none.


Space separted list of object store and lock manager for Apache::Session (see "Session handling")


List of arguments for Apache::Session classes (see "Session handling") Example:

  PerlSetEnv EMBPERL_SESSION_ARGS "DataSource=dbi:mysql:session UserName=www Password=secret"


Embperl understands two categories of commands. The first one are special Embperl commands, and the second category consists of some HTML tags which can trigger special processing. Embperl commands can span multiple lines and need not start or end at a line boundary.

Before the special Embperl commands are processed, and for the VALUE attribute of the INPUT tag (see below), all HTML tags are removed and special HTML characters are translated to their ASCII values (e.g., `&lt;' is translated to `<'). You can avoid this behavior by preceding the special character or HTML tag with a backslash. This is done in case your favorite (WYSIWYG) HTML editor inserts tags like line breaks or formatting into your Embperl commands where you don't want them.

VERY IMPORTANT NOTE: If you do use an ASCII editor to write your HTML documents, you should set the option optRawInput so that Embperl does not preprocess your source. You can also HTML-escape your code (i.e. write `&lt;' instead of `<'), to avoid ambiguity. In most cases it will also work without the optRawInput and HTML-escaping, but in some cases Embperl will detect an HTML tag were there isn't one.

If you have any trouble with your code, especially with HTML tags or filehandles in your Perl code, be sure to understand input- and output- escaping and unescaping. Read the section "Inside Embperl" to see what's going on!!

All Embperl commands start with a `[' and end with a `]'. To get a real `[' you must enter `[['.

Embperl does not use SGML comments (i.e., <! ... !> or similar things) because some HTML editors can't create them, or it's much more complicated. Since every HTML editor takes (or should take) `[' and `]' as normal text, there should be no problem.

[+ Perl code +]

Replace the command with the result you get from evaluating the Perl code. The Perl code can be anything which can be used as an argument to a Perl eval statement. (See "(Safe-)Namespaces and opcode restrictions" below for restrictions.) Examples:

 [+ $a +]        Replaces the [+ $a +] with the content of
                 the variable $a

 [+ $a+1 +]      (Any expression can be used)

 [+ $x[$i] +]    (Arrays, hashes, and more complex
                 expressions work)

NOTE: Whitespace is ignored. The output will be automatically HTML-escaped (e.g., `<' is translated to `&lt;') depending on the value of the variables $escmode. You do not have to worry about it.

[- Perl code -]

Executes the Perl code, but deletes the whole command from the HTML output.


 [- $a=1 -]            Set the variable $a to one.
                       No output will be generated.

 [- use SomeModule -]  You can use other modules.

 [- $i=0; while ($i<5) {$i++} -]  Even more complex
                                  statements or multiple
                                  statements are possible.

NOTE: Statements like if, while, for, etc., must be contained in a single Embperl command. You cannot have the if in one command block and the terminating `}' or else in another.

NOTE: To define subroutines, use "[! Perl Code !]" (see below) instead of [- ... -] to avoid recompilation of the subroutine on every request.

[! Perl Code !]

Same as [- Perl Code -] with the exception that the code is only executed at the first request. This could be used to define subroutines, or do one-time initialization.

[* Perl code *]

(only version 1.2b2 or higher)

This is similar to [- Perl Code -], the main difference is, while [- Perl Code -], has always it's own scope, all [* Perl code *] blocks runs in the same scope. This gives you the possibilty to define "local" variables with a scope of the whole page. Normaly you don't need to use local, because Embperl takes care of separate namespaces of different documents and cleanup after the request is finished, but in special cases it's necessary. For example if you want recursivly call an Embperl document via Execute.

There is a second reason to use the [* Perl code *] instead of the [- Perl Code -]. If you like to use perl's control structures. Perl's if, while, for etc. can not span mulitple [- Perl Code -] blocks, but it can span multiple [* Perl Code *].


  [* foreach $i (1..10) { *]
    [- $a = $i + 5 -]
    loop count + 5 = [+ $a +] <br>

  [* } *]

  The following B<won't> work:

  [- foreach $i (1..10) { -]
    some text here <br>
  [- } -]

The same can be done with Embperl meta commands (see below)

  [$ foreach $i (1..10) $]
    [- $a = $i + 5 -]
    loop count + 5 = [+ $a +] <br>

  [$ endforeach $]

NOTE 1: [* ... *] blocks _must_ always end with a ;,{ or }

NOTE 2: [* ... *] cannot apear inside a html tag that is interpreted by Embperl (unless you disable the interpretation of such tags like table, input etc.)

NOTE 3: Since the execution of [- ... -] and metacommands is controlled by Embperl, there is a much better debugging output in the logfile for this two ones. Also no restriction where they can be used apply to meta-commands. You can use them anywhere even inside of html tags that are interpreted by Embperl.

[# Some Text #] (Comments)

(only version 1.2b2 or higher)

This is a comment block. Everything between the [# and the #] will be removed from the output.

NOTE 1: The [* ... *] blocks are interpreted before the comment block, so they are executed also inside a comment.

NOTE 2: Everything (except [* ... *]) is really removed from the source, so you can also use the [# ... #] block to take a part out of your document.

[$ Cmd Arg $] (Meta-Commands)

Execute an Embperl metacommand. Cmd can be one of the following. (Arg varies depending on <Cmd>).

if, elsif, else, endif

Everything following the if metacommand until the else, elsif, or endif is only output if the Perl expression given in Arg is true. else and elsif work similarly.


 [$ if $ENV{REQUEST_METHOD} eq 'GET' $]
 Method was GET<BR>
 [$ else $]
 Method other than GET used<BR>
 [$ endif $]

This will send one of the two sentences to the client, depending on the request method used to retrieve the document.

while, endwhile

Executes a loop until the Arg given to while is false.

Example: (see eg/x/loop.htm)

 [- $i = 0; @k = keys %ENV -]
 [$ while ($i &lt; $#k) $]
 [+ $k[$i] +] = [+ $ENV{$k[$i]} +]<BR>
 [- $i++ -]
 [$ endwhile $]

This will send a list of all environment variables to the client.

NOTE: The `&lt;' is translated to `<' before calling Perl eval, unless optRawInput is set.

do, until

Executes a loop until the Arg given to until is true.


 [- $i = 0 -]
 [$ do $]
     [+ $i++ +] <BR>
 [$ until $i > 10 $]
foreach, endforeach

Executes a loop for each element of the second Arg, setting the first Arg accordingly.


 [- @arr = (1, 3, 5) -]
 [$ foreach $v @arr $]
     [+ $v +] <BR>
 [$ endforeach $]

Arg consists of zero, one or two names of hashes (with or without the leading %) and an optional array as third parameter. The hidden metacommand will generate hidden fields for all data contained in the first hash but not in the second hash. The default used for the first hash is %fdat, %idat is used for the second.

If the third parameter is specified, the fields are written in the order they appear in this array. That is, all keys of the first hash must be properly sorted in this array. This is intended for situations where you want to pass data from one form to the next, for example, two forms which should be filled in one after the other. (Examples might be an input form and a second form to review and accept the input, or a Windows-style "wizard"). Here you can pass along data from previous forms in hidden fields. (See eg/x/neu.htm for an example.) If you use just the 'hidden' command without parameters, it simply generates hidden fields for all form fields submitted to this document which aren't already contained in another input field.


    <FORM ACTION="inhalt.htm" METHOD="GET">
        <INPUT TYPE="TEXT" NAME="field1">
    [$ hidden $]

If you request this with


the output will be

    <FORM ACTION="inhalt.htm" METHOD="GET">
        <INPUT TYPE="TEXT" NAME="feld1" VALUE="A">

NOTE: This should only be used for a small amount of data, since the hidden fields are sent to the browser, which sends it back with the next request. If you have a large amount of data, store it in a file with a unique name and send only the filename in a hidden field. Be aware of the fact that the data can be change by the browser if the user doesn't behave exactly as you expect. Users have a nasty habit of doing this all of the time. Your program should be able to handle such situations properly.


The var command declares one or more variables for use within this Embperl document and sets the strict pragma. The variable names must be supplied as space-separated list.


        [$var $a %b @c $]

This is the same as writing the following in normal Perl code:

        use strict ;
        use vars qw($a %b @c) ;

NOTE 1: `use strict' within an Embperl document will only apply to the block in which it occurs.


(Only Embperl 1.2b5 and above)

Defines a Embperl subroutine. Example:

  [$ sub foo $]
    <p> Here we do something </p>
  [$ endsub $]

You can call this subroutine either as a normal Perl subroutine

  [- foo -]

or via the HTML::Embperl::Execute function.

  [- Execute ('#foo')           # short form -]
  [- Execute ({ sub => 'foo'})  # long form  -]

The difference is that the Execute function will reset the internal states of Embperl like they were before the subrountine call, when the subroutine returns. Also Execute could handle recursive call, which currently not work when calling it as a Perl subroutine.

You may also pass Parameters to the subroutine:

  [$ sub foo $]
    [- $p = shift -]
    <p> Here we show the first parameter [+ $p +]</p>
  [$ endsub $]

  [- foo ('value') -]

If you have a couple of commonly used subroutines you can define then in one file and import them into the modules where they are neccesary:

  [- Execute ({ inputfile => 'mylib.htm', import => 1 }) -]

This will import all subroutines from the file mylib.htm into the current page where they could call just as a normal Perl subroutine.


Embperl recognizes the following HTML tags specially. All others are simply passed through, as long as they are not part of a Embperl command.


Embperl can generate dynamic tables (one- or two-dimensional). You only need to specify one row or column.

Embperl generates as many rows or columns as necessary. This is done by using the magic variables $row, $col, and $cnt. If you don't use $row/$col/$cnt within a table, Embperl does nothing and simply passes the table through.

Embperl checks if any of $row, $col, or $cnt is used. Embperl repeats all text between <table> and </table>, as long the expressions in which $row or $cnt occurs is/are defined.

Embperl repeats all text between <tr> and </tr>, as long the expressions in which $col or $cnt occurs is/are defined.

See also "$tabmode" (below) for end-of-table criteria.

Examples: (see eg/x/table.htm for more examples)

 [- @k = keys %ENV -]
         <TD>[+ $i=$row +]</TD>
         <TD>[+ $k[$row] +]</TD>
         <TD>[+ $ENV{$k[$i]} +]</TD>

This will show all entries in array @k (which contains the keys from %ENV), so the whole environment is displayed (as in the while example), with the first column containing the zero-based index, the second containing the content of the variable name, and the third the environment variable's value.

This could be used to display the result of a database query if you have the result in an array. You may provide as many columns as you need. It is also possible to call a 'fetch' subroutine in each table row.


The <TH> tag is interpreted as a table heading. If the whole row is made up of <TH> </TH> instead of <TD> </TD>, it is treated as a column heading. Everything else will be treated as row headings in the future, but are not now: everything else is ignored in the current version.


Lists and dropdowns or list boxes are treated exactly as one- dimensional tables. Only "$row", "$maxrow", "$col", "$maxcol" and "$tabmode" are honored. $col and $maxcol are ignored. See eg/x/lists.htm for an example.


Embperl checks if there is a value from the form data for a specific option in a menu. If so, this option will be pre-selected.


<FORM METHOD="POST"> <P>Select Tag</P>

  If you request this document with list.htm?SEL1=x
  you can specify that the element which has a value
  of x is initially selected

     <OPTION VALUE="[+ $v[$row] +]">
        [+ $k[$row] +]

The INPUT tag interacts with the hashes %idat und %fdat. If the input tag has no value, and a key exists with the same text as the NAME attribute of the input tag, Embperl will generate a VALUE attribute with the corresponding value of the hash key. All values of <INPUT> tags are stored in the hash %idat, with NAME as the hash key and VALUE as the hash value. Special processing is done for TYPE=RADIO and TYPE=CHECKBOX. If the VALUE attribute contains the same text as the value of the hash the CHECKED attribute is inserted, else it is removed.

So if you specify as the ACTION URL the file which contains the form itself, the form will be redisplayed with same values as entered the first time. (See eg/x/neu.htm for an example.)


The TEXTAREA tag is treated exactly like other input fields.


<meta http-equiv= ... > will over-ride the corresponding http header. This keeps Netscape from asking the user to reload the document when the content-type differs between the http header and the meta http-equiv.

This can also be used to set http headers. When running under mod_perl http-headers can also be set by the function header_out

    Example of how to set a http header:


    This is the same as using the Apache function

    [- $req_rec ->  header_out("Language" => "DE"); -]

The output of perl blocks inside the HREF attribute of the A Tags and the SRC attribute of the other Tags are URL escaped instead of HTML escaped. (see also $escmode). Also when inside such a URL, Embperl expands array refernces to URL paramter syntax. Example:

  %A = (A => 1, B => 2) ;
  @A = (X, 9, Y, 8, Z, 7)

  <A HREF="http://localhost/tests?[+ [ %A ] +]">
  <A HREF="http://localhost/tests?[+ \@A +]">

is expanded by Embperl to

  <A HREF="http://localhost/tests?A=1&B=2">
  <A HREF="http://localhost/tests?X=9&Y=8&Z=7">

Variable scope and cleanup

The scope of a variable declared with my or local ends at the end of the enclosing [+/- ... -/+] block; the [+/- ... -/+] blocks act much like Perl's { ... } in that regard.

Global variables (everything not declared with my or local) will be undef'ed at the end of each request, so you don't need to worry about any old variables laying around and causing suspicious results. This is only done for variables in the package the code is eval'ed in -- every variable that does not have an explicit package name. All variables with an explicit package name (i.e., in modules you use) will stay valid until the httpd child process dies. Embperl will change the current package to a unique name for every document, so the influence between different documents is kept to a minimum. You can set the name of the package with EMBPERL_PACKAGE. (See also "(Safe-)Namespaces and opcode restrictions".)

Since a CGI script is always a process of its own, you don't need to worry about that when you use Embperl as a CGI script.

If you need to declare variables which need to live longer than just one HTTP request (for example, a database handle), you must either put it's name in the hash %CLEANUP or declare them in another package (i.e., $Persistent::handle instead of $handle).

If you want to use the strict pragma, you can do this by using the var metacommand to declare your variables.

NOTE: Bacause Apache::DBI has its own namespace, this module will work together with Embperl to maintain your persistent database connection.

You can disable the automatic cleanup of global variables with EMBPERL_OPTIONS or the cleanup parameter of the Execute function.

You can define expections to the cleanup rule with the hash %CLEANUP.

If you like to do your own cleanup you can define a subroutine CLEANUP in your document. This will be called right before the variables are cleaned up, but after the connection to the client is closed.


  [! sub CLEANUP { close FH ; } !]

Predefined variables

Embperl has some special variables which have a predefined meaning.


Contains the environment as seen from a CGI script.


Contains all the form data sent to the script by the calling form. The NAME attribute builds the key and the VALUE attribute is used as the hash value. Embperl doesn't care if it is called with the GET or POST method, but there may be restrictions on the length of parameters using GET -- not from Embperl, but perhaps from the web server, especially if you're using Embperl's CGI mode -- it is safer to use POST.

Embperl also supports ENCTYPE multipart/form-data, which is used for file uploads. The entry in %fdat corresponding to the file field will be a filehandle, as with (Embperl uses internally to process forms encoded with multipart/form-data.)

File upload example:

  HTML page:

    <FORM METHOD="POST" ENCTYPE="multipart/form-data">
      <INPUT TYPE="FILE" NAME="ImageName">

  Embperl ACTION:

    [- if (defined $fdat{ImageName}) {
         open FILE, "> /tmp/file.$$";
         print FILE $buffer
           while read($fdat{ImageName}, $buffer, 32768);
         close FILE;

When you have installed 2.46 or above you may also retrieve the filename (local filename, as it was on the browser side) and the informations provied by the uploadInfo function. To get the filename just print out the value of the correspondig %fdat entry, instead of using it as a filehandle. To get the uploadInfo you must two times dereference it.


  Filename:      [+ $fdat{ImageName} +] <br>
  Content-Type:  [+ ${${$fdat{ImageName}}} -> {'Content-Type'} +] <br>


Contains all the field names in the order in which they were sent by the browser. This is normally -- but not necessarily -- the order in which they appear in your form.


Contains all the values from all input tags processed so far.

%udat (only 1.2b1 or higher)

You can use %udat to store per user data. As long as you don't use %udat, nothing happens, but as soon as you write anything to %udat, Embperl creates a session id and sends it via a cookie to the browser. The data you have written to %udat is stored by Apache::Session. The next time the same user request an Embperl page, the browser sends the cookie with the session id back and Embperl fill the %udat hash from Apache::Session with just the same values as you have stored for that user. (See also "Session handling")

%mdat (only 1.2b2 or higher)

You can use %mdat to store per module/page data. As long as you don't use %mdat, nothing happens, but as soon as you write anything to %mdat, Embperl creates a session id and stores the data via Apache::Session. The next time any user hits the same Embperl page, Embperl fill the %mdat hash from Apache::Session with just the same values as you have stored within the last request to that page. (See also "Session handling")

$row, $col

Row and column counts for use in dynamic tables. (See "HTML tag table".)

$maxrow, $maxcol

Maxium number of rows or columns to display in a table. To prevent endless loops, $maxrow defaults to 100 and $maxcol to 10. (See "HTML tag table".)


Contains the number of table cells displayed so far. (See "HTML tag table".)


Determines how the end of a dynamic table is detected:

end of table

$tabmode = 1

End when one of the expressions with $row becomes undefined. The row containing the undefined expression is not displayed. Only those expression are observed which contains an access to the varibale $row.

$tabmode = 2

End when an expression with $row becomes undefined. The row containing the undefined expression is displayed.

$tabmode = 4

End when $maxrow rows have been displayed.

end of row

$tabmode = 16

End when one of the expression with $col becomes undefined. The column containing the undefined expression is not displayed. Only those expression are observed which contains an access to the varibale $col.

$tabmode = 32

End when an expression with $col becomes undefined. The column containing the undefined expression is displayed.

$tabmode = 64

End when $maxcol columns have been displayed.

The default is 17, which is correct for all sort of arrays. You should rarely need to change it. The two values can be added together.


Turn HTML and URL escaping on and off. The default is on ($escmode = 3).

$escmode = 3

The result of a Perl expression is HTML-escaped (e.g., `>' becomes `&gt;') in normal text and URL-escaped (e.g., `&' becomes `%26') within of A, EMBED, IMG, IFRAME, FRAME and LAYER tags.

$escmode = 2

The result of a Perl expression is always URL-escaped (e.g., `&' becomes `%26').

$escmode = 1

The result of a Perl expression is always HTML-escaped (e.g., `>' becomes `&gt;').

$escmode = 0

No escaping takes place.


This variable is only available when running under control of mod_perl. It contains the request record needed to access the Apache server API. See perldoc Apache for more information.


This is the filehandle of the Embperl logfile. By writing `print LOG "something"' you can add lines to the logfile. NOTE: The logfile line should always start with the pid of the current process and continue with a four-character signature delimited by a ':', which specifies the log reason.

Example: print LOG "[$$]ABCD: your text\n" ;

If you are writing a module for use under Embperl you can say

    tie *LOG, 'HTML::Embperl::Log';

to get a handle by which you can write to the Embperl logfile.


This filehandle is tied to Embperl's output stream. Printing to it has the same effect as using the [+ ... +] block. (See also optRedirectStdout)


Will be setup by the 'param' parameter of the Execute function. Could be used to pass parameters to an Embperl document and back. (see Execute for further docs)


You can put any http headers you want to send into this hash. If you set an location header Embperl will automaticly set the status to 301 (Redirect). Example:

  [- $http_headers_out{'Location'} = "" -]

see also "META HTTP-EQUIV= ..."

$optXXX $dbgXXX

All options (see "EMBPERL_OPTIONS") and all debugging flags (see "EMBPERL_DEBUG") can be read and set by the corresponding variables.


    [- $optRawInput = 1 -] # Turn the RawInput option on
    Now write something here

    [- $optRawInput = 0 -] # Turn the RawInput option off again

    [+ $dbgCmd +] # Output the state of the dbgCmd flag

There are a few exceptions, where the variables can only be read. Setting of such options must be done via the config-files. Read-only variables are:



Embperl cleanups up only variables with are defined within the Embperl page. If you want Embperl to cleanup addtional variables you can add them to the hash %CLEANUP, with the key set to the variable name and the value set to one. The other way round you could prevent Embperl from cleaning up some variables, by adding them to this hash, with a values of zero.

Session handling

From 1.2b1 and higher Embperl is able to handle per user sessions for you. You can store any data in the %udat hash and if the same user request again an Embperl document, you will see the same values in that hash again. (see IMPORTANT NOTE: below for using DBI as storage)

From 1.2b2 and higher Embperl is able to handle per module/page persitent data for you. You can store any data in the %mdat hash and if any request comes to the same Embperl document, you will see the same values in that hash again. (see IMPORTANT NOTE: below for %mdat storage)

To configure Embperl to do session management for you, you must have installed Apache::Session (1.04 or higher) and loaded Apache::Session::Embperl before you load Embperl and you must tell Embperl which storage and locker classes you would like to use for Apache::Session, by setting the environement variable EMBPERL_SESSION_CLASSES. You may have a for your httpd which looks like this:

 $ENV{EMBPERL_SESSION_CLASSES} = "DBIStore SysVSemaphoreLocker" ;
 $ENV{EMBPERL_SESSION_ARGS}    = "DataSource=dbi:mysql:session UserName=test" ;
 use Apache::Session::Embperl ;
 use HTML::Embperl ;

or put it in the httpd/srm.conf like this

 PerlSetEnv EMBPERL_SESSION_CLASSES "DBIStore SysVSemaphoreLocker"
 PerlSetEnv EMBPERL_SESSION_ARGS "DataSource=dbi:mysql:session UserName=test"
 PerlModule Apache::Session::Embperl ;
 PerlModule HTML::Embperl ;

EMBPERL_SESSION_ARGS is a space separated list of name/value pairs, which gives additional arguments for Apache::Session classes.

Older versions of Embperl need Apache::Session 0.17. You can use it like the following, but you should as soon as possible upgrade to newer Apache::Session an Embperl version:

 $ENV{SESSION_FILE_DIRECTORY}='/tmp/sessions' ;
 use Apache::Session::File ;
 use HTML::Embperl ;

 1 ;

or put it in the httpd/srm.conf like this

 PerlSetEnv SESSION_FILE_DIRECTORY /tmp/sessions
 PerlModule Apache::Session::File 
 PerlModule HTML::Embperl 

NOTE 1: You can use all the environement variables recognized by Apache::Session to configure it.

NOTE 2: Do not use SetEnv, use PerlSetEnv instead in your httpd/srm.conf

Now you are able to use the %udat and %mdat hashs for your user/module sessions. As long as you don't touch %udat or %mdat Embperl will not create any session, also Apache::Session is loaded. As soon as you store any value to %udat, Embperl will create a new session and send a cookie to the browser to maintain it's id, while the data is stored by Apache::Session. (Further version may also be able to use URL rewriting for storing the id). When you store data to %mdat Embperl will store the data via Apache::Session and retrieves it when the next request comes to the same page.

IMPORTANT NOTE for DBI and %mdat usage and Apache::Session 0.17 not valid for 1.01!: The storage of %mdat requires a proper serialization of the access. Apache::Session (version 0.17) is not able to provide this. While this is no problem when using the Apache::Session::Win32 as storage class, this will be a problem for all other storage medias. The Embperl distribution comes with a patch for that purpose. This works only for Apache::Session::DBI, so if you like to use %mdat, currently you can only do so when using Apache::Session::Win32 or Apache::Session::DBI as storage class.

To use Apache::Session::DBI together with Embperl you need to use Apache::Session::epDBI (which comes with Embperl) instead. Apache::Session::epDBI has two enhancements over standard Apache::Session::DBI. 1.) It serialzies all requests. 2.) It corrects a problems which will lead locks to not releases with normal Apache::Session::DBI. So your configuration for storing session data via DBI might look like the following:

 PerlSetEnv SESSION_DBI_DATASOURCE dbi:mysql:session
 PerlModule Apache::Session::epDBI 
 PerlModule HTML::Embperl 

While usage of Apache::Session::File works ok for the %udat storage, it does not work for the %mdat storage, because of the not working locking and serialization.

(Safe-)Namespaces and opcode restrictions

Since most web servers will contain more than one document, it is necessary to protect the documents against each other. Embperl does this by using Perl namespaces. By default, Embperl executes every document in its own namespace (package). This will prevent documents from accidentally overriding the other's data. You can change this behavior (or simply the package name) with the configuration directive EMBPERL_PACKAGE. NOTE: By explicitly specifying a package name, you can access data that is used by another document.

If Embperl is used by more then one person, it may be neccessary to really protect documents from each other. To do this, Embperl gives you the option of using safe namespaces. Each document runs in its own package and can't access anything outside of this package. (See the documentation of for a more detailed discussion of safe namespaces.)

To make a document run in a safe namespace, simply add optSafeNamespace to EMBPERL_OPTIONS. The default package name used is the same as in normal operation and can be changed with EMBPERL_PACKAGE. NOTE: From the perspective of the document being executed, the code is running in the package main!

A second option to make Embperl more secure is the use of the opcode restriction mask. Before you can use the opcode mask, you must set up a safe compartment.

 B<$cp = HTML::Embperl::AddCompartment($name);>

This will create a new compartment with a default opcode mask and the name $name. (The name is used later to tell Embperl which compartment to use.) Now you can change the operator mask. For example:


In your configuration you must set the option optOpcodeMask in EMBPERL_OPTIONS and specify from which compartment the opcode mask should be taken by setting EMBPERL_COMPARTMENT.

 Example (for use with mod_perl):



    SetEnv EMBPERL_DEBUG 2285

    Alias /embperl /path/to/embperl/eg

    <Location /embperl/x>
    SetHandler perl-script
    PerlHandler HTML::Embperl
    Options ExecCGI


    $cp = HTML::Embperl::AddCompartment('test');

This will execute the file on server startup. sets up a compartment named `test', which will have a default opcode mask and additionaly, will have loops disabled. Code will be executed in a safe namespace.

NOTE: The package name from the compartment is NOT used!

Look at the documentation of and for more detailed information on how to set opcode masks.

Utility Functions


Adds a compartment for use with Embperl. Embperl only uses the opcode mask from it, not the package name. AddCompartment returns the newly- created compartment so you can allow or deny certain opcodes. See the documentation for details of setting up a compartment. See the chapter about "(Safe-)Namespaces and opcode restrictions" for details on how Embperl uses compartments.


        $cp = HTML::Embperl::AddCompartment('TEST');

MailFormTo($MailTo, $Subject, $ReturnField)

Sends the content of the hash %fdat in the order specified by @ffld to the given $MailTo addressee, with a subject of $Subject. If you specify $ReturnField the value of that formfield will be used as Return-Path. Usually, this will be the field where the user enters his e-mail address in the form.

If you specifiy the following example code as the action in your form

  <FORM ACTION="x/feedback.htm" METHOD="POST"

The content of the form will be mailed to the given e-mail address.

MailFormTo uses "EMBPERL_MAILHOST" as SMTP server or localhost if non given.


        [- MailFormTo('webmaster@domain.xy',
                      'Mail from WWW Form', 'email') -]
        Your data has been sccesfully sent!

This will send a mail with all fields of the form to webmaster@domain.xy, with the Subject 'Mail form WWW Form' and will set the Return-Path of the mail to the address which was entered in the field with the name 'email'.

NOTE: You must have Net::SMTP (from the libnet package) installed to use this function.


exit will override the normal Perl exit in every Embperl document. Calling exit will immediately stop any further processing of that file and send the already-done work to the output/browser.

NOTE 1: If you are inside of an Execute, Embperl will only exit this Execute, but the file which called the file containing the exit with Execute will continue.

NOTE 2: If you write a module which should work with Embperl under mod_perl, you must use Apache::exit instead of the normal Perl exit (just like always when running under mod_perl).

Input/Output Functions

ProxyInput ($r, $in, $mtime, $src, $dest)

 B<USAGE in srm.conf:>

 <Location /embperl/ifunc>
 SetHandler perl-script
 PerlHandler HTML::Embperl
 Options ExecCGI
 PerlSetEnv EMBPERL_INPUT_FUNC "ProxyInput, /embperl/ifunc, http://otherhost/otherpath"

This input function will request the source from another URL instead of reading it from the disk. In the above USAGE Example, a request to /embperl/ifunc/foo.html, will first fetch the URL http://otherhost/otherpath/foo.html, and then it will process this document by Embperl and then it will send it to the browser.

This could be used to process documents by mod_include and Embperl, so in one document there can be both Server-Side Includes and Embperl Commands.

 Example B<srm.conf> for B<SSI> and B<Embperl>:

 <Location /embperl>
 SetHandler perl-script
 PerlHandler HTML::Embperl
 Options ExecCGI
 PerlSetEnv EMBPERL_INPUT_FUNC "ProxyInput, /embperl, http://localhost/src"

 <Location /src>
 SetHandler server-parsed
 Options +Includes

The source files must be in the location /src, but they will be requested via the URI /embperl. Every request to /embperl/foo.html will do a proxy-request to /src/foo.html. The file /src/foo.html will be processed by mod_include and then sent to Embperl, where it can be processed by Embperl before being sent to the browser. It would be also possible to use two httpd's on different ports. In this configuration, the source and the URI location could be the same.

LogOutput ($r, $out, $basepath)

 B<USAGE in srm.conf:>

 <Location /embperl/ofunc>
 SetHandler perl-script
 PerlHandler HTML::Embperl
 Options ExecCGI
 PerlSetEnv EMBPERL_OUTPUT_FUNC "LogOutput, /usr/msrc/embperl/test/tmp/log.out"

LogOutput is a custom output function. It sends the output to the browser and writes the output to a unique file. The filename has the the form "$basepath.$$.$LogOutputFileno".

Inside Embperl - How the embedded Perl code is actually processed

If Embperl encounters a piece of Perl code ([+/-/!/$ .... $/!/-/+]) it takes the following steps.

1. Remove anything which looks like an HTML tag
2. Translate HTML escapes to their corresponding ASCII characters
3. Remove all carriage returns
4. Eval the Perl code into a subroutine
5. Call the subroutine
6. Escape special characters in the return value
7. Send the return value as output to the destination (browser or file)

Steps 1-4 take place only the first time the Perl code is encountered. Embperl stores the eval'ed subroutine, so all subsequent requests only need to execute steps 5-7.

Steps 6 and 7 take place only for code surrounded by [+ ... +].

What does this mean?

Let's take a piece of code like the following:

 [+ <BR>
 $a = "This '&gt;' is a greater-than sign"
 <BR> +]

1. Remove the HTML tags. Now it looks like

 $a = "This '&gt;' is a greater-than sign"

The <BR>s were inserted by some WYSIWYG HTML editor (e.g., by hitting return to make the source more readable. Also, such editors often generate "random" tags like <FONT>, etc.). Embperl removes them so they don't cause syntax errors.

There are cases where you actually want the HTML tag to be there. For example, suppose you want to output something like

 [+ "<FONT COLOR=$col>" +]

If you write it this way, Embperl will just remove everything, leaving only

 [+ "" +]

There are several ways to handle this correctly.

 a. <FONT COLOR=[+$col+]>
    Move the HTML tag out of the Perl code. This is the best way, but
    it is not possible every time.

 b. [+ "\<FONT COLOR=$col>" +]
    You can escape the opening angle bracket of the tag with `\'.

 c. [+ "&lt;FONT COLOR=$col&gt;" +]

    You can use the HTML escapes instead of the ASCII characters.
    Most HTML editors will automatically do this.  (In this case,
    you don't have to worry about it at all.)

 d. Set optRawInput (see below).
    This will completely disable the removal of HTML tags.

NOTE: In cases b-d, you must also be aware of output escaping (see below).

You should also be aware that Embperl will interpret the Perl spaceship operator (<>) as an HTML tag and will remove it. So instead of

  [- $line = <STDIN>; -]

you need to write either

 a. [- $line = \<STDIN>; -]
 b. [- $line = &lt;STDIN&gt;; -]

Again, if you use a high-level HTML editor, it will probably write version (b) for you automatically.

2. Translate HTML escapes to ASCII characters

Since Perl doesn't understand things like $a &lt; $b, Embperl will translate it to $a < $b. If we take the example from earlier, it will now look like

 $a = "This '>' is a greater sign"

This step is done to make it easy to write Perl code in a high-level HTML editor. You do not have to worry that your editor is writing &gt; instead of > in the source.

Again, sometimes you need to have such escapes in your code. You can write them

 a. \&gt;
    Escape them with a `\' and Embperl will not translate them.

 b. &amp;gt;
    Write the first `&' as its HTML escape (&amp;).  A normal HTML
    editor will do this on its own if you enter &gt; as text.

 c. Set optRawInput (see below)
    This will completely disable the input translation.

Since not all people like writing in a high level or WYSIWYG HTML editor, there is an option to disable steps 1 and 2. You can use the optRawInput in EMBPERL_OPTIONS to tell Embperl to leave the Perl code as it is. It is highly recommended to set this option if you are writing your HTML in an ASCII editor. You normally don't want to set it if you use some sort of high level HTML editor.

You can also set the optRawInput in your document by using $optRawInput, but you must be aware that it does not have any consequences for the current block, because the current block is translated before it is executed. So write it in separate blocks:

 [- $optRawInput = 1 -]
 [- $line = <FILEHANDLE> -]

3. Remove all carriage returns

All carriage returns (\r) are removed from the Perl code, so you can write source on a DOS/Windows platform and execute it on a UNIX server. (Perl doesn't like getting carriage returns in the code it parses.)

4. Eval perl code into a subroutine

The next step generates a subroutine out of your Perl code. In the above example it looks like:

sub foo { $a = "This '>' is a greater sign" }

The subroutine is now stored in the Perl interpreter in its internal precompiled format and can be called later as often as necessary without doing steps 1-4 again. Embperl recognizes if you request the same document a second time and will just call the compiled subroutine. This will also speed up the execution of dynamic tables and loops, because the code inside must be compiled only on the first iteration.

5. Call the subroutine

Now the subroutine can be called to actually execute the code.

If Embperl isn't executing a [+ ... +] block we are done. If it is a [+ ... +] block, Embperl needs to generate output, so it continues.

6. Escape special characters in the return value

Our example returns the string:

"This '>' is a greater sign"

The greater sign is literal text (and not a closing html tag), so according to the HTML specification it must be sent as &gt; to the browser. In most cases, this won't be a problem, because the browser will display the correct text if we send a literal '>'. Also we could have directly written &gt; in our Perl string. But when the string is, for example, the result of a database query and/or includes characters from national character sets, it's absolutely necessary to send them correctly-escaped to the browser to get the desired result.

A special case is the <A> HTML tag. Since it includes a URL, the text must be URL-escaped instead of HTML-escaped. This means special characters like `&' must be sent by their hexadecimal ASCII code and blanks must be translated to a `+' sign. If you do not do this, your browser may not be able to interpret the URL correctly.


   <A HREF="http://host/script?name=[+$n+]">

When $n is "My name" the requested URL, when you click on the hyperlink, will be


In some cases it is useful to disable escaping. This can be done by the variable $escmode.

Example: (For better readability, we assume that optRawInput is set. Without it, you need to cover the Embperl pre-processing described in steps 1-3.)

    [+ "<FONT COLOR=5>" +]

    This will be sent to the browser as &lt;FONT COLOR=5&gt;, so you
    will see the tag on the browser screen instead of the browser
    switching the color.

    [+ local $escmode=0 ; "<FONT COLOR=5>" +]

    This will (locally) turn off escaping and send the text as a plain
    HTML tag to the browser, so the color of the output will change.

    NOTE: You cannot set $escmode more than once inside a [+ ... +] block.
    Embperl uses the first setting of $escmode it encounters inside the block.
    If you need to change $escmode more than once, you must use muliple
    [+ ... +] blocks.

7. Send the return value as output to the destination (browser/file)

Now everything is done and the output can be sent to the browser. If you haven't set dbgEarlyHttpHeaders, the output is buffered until the successful completion of document execution of the document, and is sent to the browser along with the HTTP headers. If an error occurs, an error document is sent instead.

The content length and every <META HTTP-EQUIV=...> is added to the HTTP header before it is sent. If Embperl is executed as a subrequest or the output is going to a file, no http header is sent.


To get the best performace from Embperl, it is necessary to restrict logging to a minimum. You can drastically slow down Embperl if you enable all logging options. (This is why `make test' takes a while to run.) You should never enable dbgFlushOutput, dbgFlushLog or dbgCacheDisable in a production environment. More debugging options are useful for development where it doesn't matter if the request takes a little bit longer, but on a heavily-loaded server they should be disabled.

Also take a look at mod_perl_tuning.pod for general ideas about performance.


None known.

Under perl5.004 there are memory leaks. This is not an Embperl bug, but can cause your httpd to grow endlessly when running under mod_perl. Please upgrade to perl5.004_04 to fix this. You should also upgrade to a mod_perl version higher than 1.07_01 as soon as possible, because until 1.07_01 there is a memory leak in Apache->push_handler.


I have tested Embperl succesfully

on Linux 2.x with

apache_ssl (Ben SSL)
Stronghold 2.2
Stronghold 2.4.1
Apache_1.3.3 with mod_ssl 2.0.13
Apache_1.3.6 with mod_ssl 2.3.5

I know from other people that it works on many other UNIX systems

on Windows NT 4.0 with


on Windows 95/98 with

perl5.004_02 (binary distribution, only Offline Mode)
perl5.005_02 + apache_1.3.6


Feedback and Bug Reports

Please let me know if you use or test this module. Bugs, questions, suggestions for things you would find useful, etc., are discussed on the mod_perl mailing list.

>From the mod_perl README:

The Apache/Perl mailing list ( is available for mod_perl users and developers to share ideas, solve problems and discuss things related to mod_perl and the Apache::* (and Embperl) modules. To subscribe to this list, send mail to with the string "subscribe modperl" in the body.

There is a hypermail archive for this list available from:

There is an Epigone archive for the mod_perl mailing list at

Commerical Support

You can get free support on the mod_perl mailing list (see above). If you need commercial support, ecos can provide it for you. We offer:

  • Consulting and assitance for you and your programmers

  • Planning of your dynamic website

  • Creating of parts or a whole website

  • Fixing bugs in Embperl (also available for mod_perl)

  • Adding new features

You can reach us via or



 mod_perl FAQ 
 Embperl (german)
 apache web server
 ben-ssl (free httpsd)
 stronghold (commerical httpsd)
 other Apache modules


 Win NT/95/98 binarys


The lastest developements are available from a CVS. Look at "perldoc CVS.pod" for a detailed description.


G. Richter (

See Also

perl(1), mod_perl, Apache httpd

1 POD Error

The following errors were encountered while parsing the POD:

Around line 1431:

Non-ASCII character seen before =encoding in '-> '. Assuming ISO8859-1