Before you get assaulted by the
CGI.pm police (
Update: too late! :-), here's what
you
should really be doing up front:
#!/usr/local/bin/perl -wT
use strict;
use CGI;
my $q = CGI->new();
print $q->header();
# Using CGI is even easier than doing it yourself,
# so PLEASE(!) use it!
$studentid = $q->param('studentid');
$CSC = $q->param('CSC');
chomp($CSC);
$assignment = $q->param('assignment');
$file = $q->param('file');
Now, consider constructing a path from variables, such as you are trying to do. Instead of using string interpolation, such as "$HOME/$x/$y", you should just
join:
my $path = join ('/',
$HOME, 'classes', $CSC,
$studentid, $assignment,
'outputfile.txt');
Of course, before you even think of doing this, you
must validate your parameters to make sure they are "kosher". Using 'perl' with the '-T' parameter makes user
data
tainted, or icky, and your program will fail with
errors unless you check them out first.
# An example of "validated" input
my ($studentid) = $q->param('studentid') =~ /(\w+)/;
You should define your input specification as narrow as
possible. For example, if you just wanted numbers, you can
use '\d+'. If none of this makes any sense, a quick browse through the
regular expressions reference will
help immensely. This is time well spent.
You should note that
CGI.pm helped you by:
- Not having to write your own "text/html" header.
- Not having to test for various methods (POST vs. GET)
- Not having to worry about de-mangling %-ified parameters
- Not having to handle more than one instance of the same
parameter name (i.e. a "CHECKBOX" with one-or-more selections possible)