You're absolutely right. Why re-invent the wheel, right? Well, at the time I wrote the above, the wheel in question (CGI.pm) hadn't been written yet! ;)

I guess that just goes to show how old this snippet is! But, I've found use for it on more that one occasion... The way I used to parse the query string used to be (and please, please, please don't try this at home kids!) was:

sub ReadParse {
  read(STDIN, $buf, $ENV{'CONTENT_LENGTH'});
  @li = (split(/&/, $buf), split(/&/, $ENV{'QUERY_STRING'}));
  foreach my $input (@li) {
    $input =~ tr/+/ /;
    $input =~ s/%(..)/pack("C", hex($1))/eg;
    $input =~ s/\.\.\///g;
    ($name, $val) = split(/=/, $input);
    $name  =~ tr/A-Z/a-z/;
    $in{$name}=$val;
  }
}
[download]

Someone might even find THAT snippet of some interest... But as you can see from the above, the security risk of getting ../ in your file name was caught. Only God knows what other security risks could be involved nowadays!

Thanks for the words of advice.