Re: Bad Practice

Oh, I've seen that code. But please tell me, how is the web user able to manipulate %input? As far as I can tell. <input type = hidden name = '0' value = 'HA! HA! GOT YOU!'> causes $in {0} to be set to 'HA! HA! GOT YOU!'.

I don't know which programming language you are using, but any Perl I've used so far uses more than 2 significant letters in indentifiers. %in is not at all the same as %input.

Abigail

Comment on Re: Bad Practice Select or Download Code

Replies are listed 'Best First'.
Re: Bad Practice by ChemBoy (Priest) on Feb 27, 2003 at 16:36 UTC
But please tell me, how is the web user able to manipulate `%input`? Possibly I'm mistaken, but it seems to me that the first line of `readparse()` aliases the local glob `in` to the argument of readparse, which is (in this case) the global `input`. `readparse(input); sub readparse { local (in) = @_ if @_; ... }` [download] So in fact, the variable %in within `readparse` is the same as the %input that isotope and jasonk are complaining about. If God had meant us to fly, he would never have given us the railroads. --Michael Flanders	[reply] [d/l]
Re: Re: Bad Practice by ihb (Deacon) on Feb 27, 2003 at 16:35 UTC
%in is not at all the same as %input. Unless they're aliased... `readparse(input); ... sub readparse { local (in) = @_ if @_;` [download] `ihb`	[reply] [d/l] [select]