If this is a POST request, you can't expect the buffer to be read twice (once by getHTTPData and a second time by the CGI module or vice versa). So you can use either, and I'd prefer CGI if I were you.

I agree with gjb and other reply'ers - I also prefer to use CGI.pm to read "param"s. You can only read cgi parameters once :-)

As to your second question: don't. It's bad mojo to use user supplied data as variable names since it is very insecure.

Again, agreed. If you *have* to use user supplied data as variable names, then turn on "taint" mode - in fact, turn on "taint" mode anyway - it is very strict about what it will allow your cgi scripts to do. It will only allow you to do things that are safe, and it forces you to "untaint" data coming in to your script from outside - like all environment variables and all user supplied data.

HTH.