map { $_ . '=' . sanitize($cgi->param($_)) } sanitize($cgi->param())

Assuming the call to $cgi->param() returns a list¹, this list is first passed to sub sanitize which returns a scalar, so the input to map will only ever be a single value.

Actually, it gets worse. The $ prototype to sub sanitize coerces the argument list into a scalar, so if a list of, say, 3 values is passed in, $s will have the value 3!² Removing the prototype helps, but you still get only a single value. You need something like a second map:

map { $_ . '=' . sanitize($cgi->param{$_}) } map { sanitize($_) } $cgi
+->param()
[download]

Also note that the $cgi->multi_param() method is preferred to the $cgi->param() method when a list is returned.³

And if the call to $cgi->param{$_} can itself return a list and not just a scalar, then yet another level of looping will be needed.

¹It may return a list or a scalar, depending on how the script was invoked. See “Fetching the names of all the parameters passed to your script” in CGI.
²See Far More Than Everything You've Ever Wanted to Know about Prototypes in Perl for the details.
³See the warning in “Fetching the value or values of a single named parameter” in CGI.

Hope that helps,

alright. i can't say i fully understand your msg. i'm not that advanced of a Perl'er...so, I'm thinkin i will change:

sub get_params() {
  #*
  # to get the URL parameters, and package
  # them into a handy little scalar fit
  #*
  #@_; # (no parameters)
  my $cgi = CGI->new();
  my $query = join('&', map { $_ . '=' . $cgi->param($_) } $cgi->param
+());

  return $query; # a scalar of all URL parameters, each value separate
+d by an &
  #usage: my $url_params = get_params();
}
[download]

to

sub get_params() {
  #*
  # to get the URL parameters, and package
  # them into a handy little scalar fit
  #*
  #@_; # (no parameters)
  my $cgi = CGI->new();
  my $query = map { $_ . '=' . sanitize($cgi->param{$_}) } map { sanit
+ize($_) } $cgi->param();

  return $query; # a scalar of all URL parameters, each value separate
+d by an &
  #usage: my $url_params = get_params();
}
[download]

hopefully that achieves what i'm looking to do. as for "assuming $cgi->param('someval')" returns a list, i don't think it does. it returns a scalar. could be wrong, but it's how i see it getting used everywhere (my $p = $cgi->param("p");)

I was pondering why the ball was getting bigger, and then...it hit me!

Hello again jamroll,

The version of sub get_params you are changing from is not the same as the one shown above, since the calls to sanitize are missing. The version you are changing to has them back again, but I don’t understand why you have removed the call to join? — especially since the comment on the return line implies that the join is still in effect.

As explained in CGI, in the section “Fetching the value or values of a single named parameter”:

When calling param() If the parameter is multivalued (e.g. from multiple selections in a scrolling list), you can ask to receive an array. Otherwise the method will return the first value.

So, if there are in fact multiple values, but you assign the result to a scalar, you will get only the first one. Of course, if you know there will only ever be a single value, this is not an issue.

Hope that helps,

Athanasius <°(((>< contra mundum

Iustus alius egestas vitae, eros Piratica,