Re: why is this so hard?

If this is a POST request, you can't expect the buffer to be read twice (once by getHTTPData and a second time by the CGI module or vice versa). So you can use either, and I'd prefer CGI if I were you.

As to your second question: don't. It's bad mojo to use user supplied data as variable names since it is very insecure.

Just my 2 cents, -gjb-

Comment on Re: why is this so hard? Download Code

Replies are listed 'Best First'.
Re: Re: why is this so hard? by hmerrill (Friar) on Dec 20, 2002 at 14:33 UTC
If this is a POST request, you can't expect the buffer to be read twice (once by getHTTPData and a second time by the CGI module or vice versa). So you can use either, and I'd prefer CGI if I were you. I agree with gjb and other reply'ers - I also prefer to use CGI.pm to read "param"s. You can only read cgi parameters once :-) As to your second question: don't. It's bad mojo to use user supplied data as variable names since it is very insecure. Again, agreed. If you have to use user supplied data as variable names, then turn on "taint" mode - in fact, turn on "taint" mode anyway - it is very strict about what it will allow your cgi scripts to do. It will only allow you to do things that are safe, and it forces you to "untaint" data coming in to your script from outside - like all environment variables and all user supplied data. HTH.	[reply]

Replies are listed 'Best First'.

Re: Re: why is this so hard?
by hmerrill (Friar) on Dec 20, 2002 at 14:33 UTC

If this is a POST request, you can't expect the buffer to be read twice (once by getHTTPData and a second time by the CGI module or vice versa). So you can use either, and I'd prefer CGI if I were you.

As to your second question: don't. It's bad mojo to use user supplied data as variable names since it is very insecure.

turn on "taint" mode anyway

[reply]