Generally, your script looks fairly nice. Here are some pointers, though.
use CGI qw(:all);
The "qw(:all)" is used by CGI.pm to export functions to your programs namespace. Since you are using the object oriented interface and not the functional one, you don't need to export those functions. Just "use CGI".
Potential security hole: most CGI scripts using CGI.pm should have the following lines before instantiation of the CGI object (or first use of a CGI function):
$CGI::DISABLE_UPLOADS = 1; # Disable uploads $CGI::POST_MAX = 512 * 1024; # limit posts to 512 +K max # set to personal ne +eds, of course
These lines help to prevent DOS attacks based upon attackers trying to upload arbitrarily large files. If you're interested, you can use CGI::Safe which will handle that for you almost seamlessly. Just use the following lines:
use CGI::Safe; my $CGI = CGI::Safe->new;
For your script, nothing else will change. The module should be considered beta, though. Let me know if there are any problems.
Also, the file you write to may occassionally get corrupted if more than one instance of your script accesses it at a time. To protect against this, create a 'semaphore' file, open it, then flock it. Then, when another instance of the script comes along, it will fail to get the lock on the semaphore, if the lock is still in place, and not cause data corruption problems on the lock file.
Cheers,
Ovid
Vote for paco!
Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.
In reply to (Ovid) Re: Advice on a CGI script
by Ovid
in thread Advice on a CGI script
by TStanley
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |