my %hash = map { split(m'='x, $_, 2) }
             grep { m'='x }
             split(m'&'x, get_params());
[download]

my $query = join('&', map { $_ . '=' . sanitize($cgi->param($_)) } san
+itize($cgi->param()));
[download]

sub sanitize($) {
  #*
  # to remove HTML from a string
  #*
  my ($s) = @_; # a string of text
  my $rv = 0;

  if ($s) {
    my $nohtml = HTML::Restrict->new();
    my $processed = $nohtml->process($s);
    if ($processed ne $s) { $rv = $processed; } else { $rv = $s; }
  }

  return $rv;
  #usage: my $sanitized = sanitize($input);
}
[download]

perhaps i'm going about "sanitizing" in "get_params" incorrectly?

map { $_ . '=' . sanitize($cgi->param($_)) } sanitize($cgi->param())

Assuming the call to $cgi->param() returns a list¹, this list is first passed to sub sanitize which returns a scalar, so the input to map will only ever be a single value.

Actually, it gets worse. The $ prototype to sub sanitize coerces the argument list into a scalar, so if a list of, say, 3 values is passed in, $s will have the value 3!² Removing the prototype helps, but you still get only a single value. You need something like a second map:

map { $_ . '=' . sanitize($cgi->param{$_}) } map { sanitize($_) } $cgi
+->param()
[download]

Also note that the $cgi->multi_param() method is preferred to the $cgi->param() method when a list is returned.³

And if the call to $cgi->param{$_} can itself return a list and not just a scalar, then yet another level of looping will be needed.

¹It may return a list or a scalar, depending on how the script was invoked. See “Fetching the names of all the parameters passed to your script” in CGI.
²See Far More Than Everything You've Ever Wanted to Know about Prototypes in Perl for the details.
³See the warning in “Fetching the value or values of a single named parameter” in CGI.

Hope that helps,

Athanasius <°(((>< contra mundum

Iustus alius egestas vitae, eros Piratica,

alright. i can't say i fully understand your msg. i'm not that advanced of a Perl'er...so, I'm thinkin i will change:

sub get_params() {
  #*
  # to get the URL parameters, and package
  # them into a handy little scalar fit
  #*
  #@_; # (no parameters)
  my $cgi = CGI->new();
  my $query = join('&', map { $_ . '=' . $cgi->param($_) } $cgi->param
+());

  return $query; # a scalar of all URL parameters, each value separate
+d by an &
  #usage: my $url_params = get_params();
}
[download]

to

sub get_params() {
  #*
  # to get the URL parameters, and package
  # them into a handy little scalar fit
  #*
  #@_; # (no parameters)
  my $cgi = CGI->new();
  my $query = map { $_ . '=' . sanitize($cgi->param{$_}) } map { sanit
+ize($_) } $cgi->param();

  return $query; # a scalar of all URL parameters, each value separate
+d by an &
  #usage: my $url_params = get_params();
}
[download]

hopefully that achieves what i'm looking to do. as for "assuming $cgi->param('someval')" returns a list, i don't think it does. it returns a scalar. could be wrong, but it's how i see it getting used everywhere (my $p = $cgi->param("p");)

I was pondering why the ball was getting bigger, and then...it hit me!