Syntactic Confectionery Delight | |
PerlMonks |
Re: Bad Practiceby isotope (Deacon) |
on Feb 27, 2003 at 08:30 UTC ( [id://239026]=note: print w/replies, xml ) | Need Help?? |
Aside for the inappropriate use of local() instead of my, there are some easy problems here. Strict, -w, and -T would have caught some of them, too. You can start with this node. Ok, so this differentiates POST and GET requests. It doesn't validate CONTENT_LENGTH. It doesn't handle multiple select forms. This code allows a web user to create any variable he wishes, and overwrite other variables in the rest of the script. Somebody could really have fun with that. There is insufficient error checking. What if the literal %YZ appears in the URL? The pack() attempts to dehexify it, but it's not truly URL-encoded. Where is the error caught? In fact, this snippet looks much like Ovid's favorite example of bad code on this node. For a simpler argument, CGI.pm does it right, according to RFCs, and has been extensively peer-reviewed. If I understand your post correctly, your code has basically been reviewed only by 3 beginners, and will break if you try to use it for things the original coders did not envision when they wrote it. --isotope
In Section
Seekers of Perl Wisdom
|
|