in reply to Obtain matrix info

Your hand-made CGI parameter parsing routine has a bug in it (as do most such routines that I've seen). You assume that your CGI query string will only contain each key once. This may be valid in your particular case, but it's not what the CGI spec says.

If your code gets a query string that looks like this:

key1=val1&key2=val2a&key2=val2b

[download]

The 'val2a' value is overwritten with the value 'val2a' in the %form hash.

Why do people insist on reinventing these routines when Perl comes with a module (CGI.pm) which does this right? Why go to all the effort of re-writing it with a bug?

I realise that it probably works fine in your application because you don't use multi-valued CGI parameters, but the danger is that someone else will read your code and cut and paste it into their program.

--
<http://www.dave.org.uk>

European Perl Conference - Sept 22/24 2000, ICA, London
<http://www.yapc.org/Europe/>

Replies are listed 'Best First'.
RE: RE: Obtain matrix info
by sinan (Sexton) on Jul 29, 2000 at 20:16 UTC
    Dave,

    First of all, let me tell you that I am entirely self-taught. I began to hear about the CGI.pm module only recently! Before that, I tried to learn copying&pastings and then re-writing. This is something that I had seen in another script; and I had been using this since.

    The CGI parameters, I believe, are just like variables. A variable name should be unique, so should a CGI parameter. I see no problem in assuming that no parameter name will occur twice. I don't know how CGI.pm module handles this, but it looks like an unnecessary detail.

[reply]

      Perl has a real problem in that there are so many badly written CGI scripts around on the web and most people seem to pick up bad habits from them before finding places like perlmonks where they can get good advice. I'd be geniunely interested in hearing any ideas you have about how we can get to new Perl programmers and teach them good habits before they meet Matt Wright and his friends.

      Your assumptions about CGI parameters are wrong. It is perfectly valid to have more than one value for each key. CGI.pm handles this by returning a list of values for multi-valued parameters. the older cgi-lib.pl handles it by returning a string where the values are separated by a \0 character. most hand-rolled solutions (like yours) handle it by trashing all but one of the values.

      I apologise if my original post sounded too much like a flame. All I wanted to do was to point out that there are much better ways to do what you're doing and I hope that having been shown them, you will start to use them.

      --
      <http://www.dave.org.uk>

      European Perl Conference - Sept 22/24 2000, ICA, London
      <http://www.yapc.org/Europe/>
[reply]
        You are right; I saw that piece of code in one of Matt's scripts.

        You don't need to apologise; I am glad that you warned me. At some point, I would need to handle multiple selection boxes...

        In fact, I decided to use CGI.pm some time earlier, and I began with a code I saw at http://stein.cshl.org/WWW/software/CGI/ . But I got some error messages and I inferred that the CGI.pm library was not installed on my server. (I don't have root access.)
        I used 
        use CGI qw(:standart)

        [download]
        .
        May be you can help me out? Did I make a mistake? Thanks for your help!

        Edit kudra, 2001-07-18 Changed title to avoid clash with module

[reply]
[d/l]
      A reply falls below the community's threshold of quality. You may see it by logging in.
      You apparently haven't yet dealt with multiple-select fields then, where you can end up with state=oregon&state=washington&state=california because someone selected all three states from an input field.

      Please don't write CGI handling from scratch. There's a lot to get right, and it really does take something the size of CGI.pm to get all of it right.

      -- Randal L. Schwartz, Perl hacker

[reply]
[d/l]

In Section Cool Uses for Perl