Re: Easy way to run tests on many CGI params?

I'm a little paranoid when I deal with CGI parameters. Sometimes I do something like the following (note the or test is untested -- I usually get precedence wrong the first time):

my @expected = qw( title requester department etc );
my @request;
foreach my $expect (@expected) {
    push @request, ($q->param($expect) or '0');
}
[download]

What you could do is put the B1 .. B6 parameters in a separate array and do the or 0 trick on them. Put the other parameters in the first array and do something like this:

foreach my $expect (@expected) {
    my $received = $q->param($expect);
    unless (defined $received) {
        $error .= "Didn't get $expect parameter!\n";
        last;        # and do an error somewhere
    }
    push @request, $received;
}
[download]

This way, you don't have a malicious HTML hijacker pass bad data and have it end up in your file somewhere. Plus, you get to check immediately.

Update: isotope makes a good point below. A little client-side JavaScript is good for verifying submissions, but some users have it disabled (for good reason), and my point about not trusting the client still applies. Just be friendly about it, as isotope recommends.

Comment on Re: Easy way to run tests on many CGI params? Select or Download Code

Replies are listed 'Best First'.
RE: Re: Easy way to run tests on many CGI params? by isotope (Deacon) on Aug 31, 2000 at 02:44 UTC
In the second foreach loop, omitting the `last;` and utilizing `$error`: `foreach my $expect (@expected) { my $received = $q->param($expect); unless (defined $received) { $error .= "Didn't get $expect parameter!\n"; } push @request, $received; } if($error ne "") { # Handle the error here, reprinting the form, # pre-filled with what they've already sent. # Also tell them about all the problems: print $error; }` [download] Users who don't understand "required field" tend to get really frustrated when they're only told about the first omission, because it takes them numerous iterations to get rid of all the errors. --isotope	[reply] [d/l]

Replies are listed 'Best First'.

RE: Re: Easy way to run tests on many CGI params?
by isotope (Deacon) on Aug 31, 2000 at 02:44 UTC

last;

$error

foreach my $expect (@expected) {
       my $received = $q->param($expect);
       unless (defined $received) {
           $error .= "Didn't get $expect parameter!\n";
       }
       push @request, $received;
   }
if($error ne "") {
       # Handle the error here, reprinting the form,
       # pre-filled with what they've already sent.
       # Also tell them about all the problems:
       print $error;
}
[download]

[reply]
[d/l]