File rewrite question

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

The following script was supposed to be a really simple way to gather some very basic information from a web form and organize it in files based on the names of the submitted parameters. The parameters are in groups and are named groupX where group is the group name and X is a number. In other words, position1, position2, otherthing1, otherthing93, etc.

Everything works great except that only the first parameter in each group is actually written to the data files.

Any ideas?

Thanks! =)

--TWH

#!/usr/bin/perl -w
use strict;
use CGI;
use DBI;
use HTML::Template;

#Open template file
my $template = HTML::Template->new(filename => 'C:\Inetpub\wwwroot\cgi
+-bin\input_accepted.tmpl');

my $cgi_query = new CGI;

my @cgi_parameters = $cgi_query->param();

foreach my $returned_param (@cgi_parameters){
    my $data = $cgi_query->param($returned_param);
    $returned_param =~ s/\d//g;    #Strip digits from parameter so tha
+t filenames match
    open(my $RESULTS_FILE, ">>C:/Inetpub/wwwroot/cgi-bin/results/$retu
+rned_param.txt");
    print $RESULTS_FILE $data . "\n";
    close($RESULTS_FILE);
}

#Return meaningful output to user
print "Content-Type: text/html\n\n", $template->output;
[download]

Comment on File rewrite question Download Code

Replies are listed 'Best First'.
Re: File rewrite question by borisz (Canon) on Jan 09, 2004 at 19:22 UTC
You might miss to ask for multivalued data. But I can not be sure, without the data. `my @data = $cgi_query->param($returned_param); # ^^^ $returned_param =~ s/\d//g; #Strip digits from parameter so tha +t filenames match open(my $RESULTS_FILE, ">>C:/Inetpub/wwwroot/cgi-bin/results/$retu +rned_param.txt"); my $data = join "\n", @data; # ^^^^^^^^^^^^^^^^^^^^^^^^ print $RESULTS_FILE $data;` [download] Boris	[reply] [d/l]
Re: File rewrite question by duff (Parson) on Jan 09, 2004 at 19:36 UTC
I don't see anything other than what borisz said and you might want to change the regular expression in your substitution to be a little more strict `$returned_param =~ s/\d//g; # what you have now $returned_param =~ s/\d+$//; # what I think you might want ins +tead` [download] Mine only gets rid of a run of digits at the end rather than those that may appear in the middle of the name. This mayn't be a problem with your data set, but a good programmer is a paranoid programmer :-) duff	[reply] [d/l]
Re: Re: File rewrite question by Anonymous Monk on Jan 09, 2004 at 19:39 UTC
The strange thing is that I've modified the script slightly to return the data that it is getting from the CGI query and everything is fine--my regex works (although I think yours is better), the data isn't multivalued, etc. Hmmm... --TWH	[reply]
Re: File rewrite question by kutsu (Priest) on Jan 10, 2004 at 05:06 UTC
A side note here, I don't see any taint checking in your script. You might consider adding a line like this, assuming you allow no special characters: `die "Invalid returned_param" if $returned_param =~ /[^0-9a-zA-Z]/;` [download] before the s/\d//g line. Ovid's course explains this much better then I every could. "Cogito cogito ergo cogito sum - I think that I think, therefore I think that I am." Ambrose Bierce	[reply] [d/l]
Re: File rewrite question by ysth (Canon) on Jan 11, 2004 at 22:27 UTC
May I suggest `use CGI::Carp 'fatalsToBrowser'; # at the top of your script ... open(my $RESULTS_FILE...) or die "Error opening results file: param $r +eturned_param, data $data, error $!\n";` [download] Also, it would be nice to see what your parameters actually look like. What happens if you open just one file outside the loop and print "data $data, param $returned_param\n" to it?	[reply] [d/l]
Re: File rewrite question by davido (Cardinal) on Jan 11, 2004 at 18:14 UTC
This isn't affecting the usability of the script, but I thought I'd mention, you're using DBI, but not actually using it within the script. I don't see any need for the `use DBI;` line. Also, it wouldn't hurt anything, and may improve security a bit, to use the three-arg version of open. It's not terribly secure to accept filenames from the outside, and then use the 2-arg version of open. Dave	[reply] [d/l]