CGI DB interface, revisited

Jonathan17 has asked for the wisdom of the Perl Monks concerning the following question:

Good evening, all.
After considering the advice of those users whom responded to my last question, and what turned out to be a very interesting debate with sauoq, I've rewitten my script, this time using Perl's warning system and taint checking. (I untainted all user-defined variables, leaving only the static ones I specified. For this reason, the -T switch isn't specified in the test I'm about to link).
The new home for this script is perlpass.txt
Thanks to all whom responded.
Once again, I'm open to any (and all) comments or suggestions about this, hopefully a much more secure script.
Thanks,
-Jonathan

Comment on CGI DB interface, revisited

Replies are listed 'Best First'.
(jeffa) Re: CGI DB interface, revisited by jeffa (Bishop) on May 26, 2003 at 21:13 UTC
My suggestion is to make sure this is not online unless sauoq deems it secure enough. I have viewed both this new version and the old one, but trying to parse embedded HTML/JavaScript that has it's entities escaped is just plain painful. If you post a text file, you don't have to escape the entities. (And for the record, if/when you do post code here at this site, you wrap that code in `<code></code>` tags and the escaping/formatting will be taken care of for you.) Keep in mind that most of us try to avoid JavaScript as much as possible. It's nice, but i prefer to keep my code as simply as possible, and adding JavaScript to the mix is only acceptable if it adds no complexity whatsoever - in other words, if i only have to target one browser. ;) If you want to learn how to make CGI scripts, why not take the time to read Ovid's free Online CGI Course? Did i mention it's free? Then, after you have finished that, rewrite this script using CGI.pm (and maybe those CPAN modules mentioned by The Mad Hatter). Hopefully by then, you will think that writing CGI scripts can be so fun that you might even consider giving HTML::Template a whirl. (and here's a tutorial if you do ...) Feel free to ask us more questions, but please download and use PerlTidy on your Perl programs before you post them online. Eventually you will learn to appreciate good indentation techniques, the rest of us sure do. ;) jeffa L-LL-L--L-LL-L--L-LL-L-- -R--R-RR-R--R-RR-R--R-RR B--B--B--B--B--B--B--B-- H---H---H---H---H---H--- (the triplet paradiddle with high-hat)	[reply]
Re: (jeffa) Re: CGI DB interface, revisited by Anonymous Monk on May 26, 2003 at 21:50 UTC
jeffa, Thanks, but I do use PerlTidy. I use it natively with Red Hat Linux (I edit in vi), but I post the text files to the Internet with a Windows machine, which pretty much obliterates the indentation.	[reply]