As has already been mentioned, using
eval at that point is not a good idea, and you should also make sure that only allowed methods can be called. Personally, when I used a similar setup, I simply used a name prefix for all "public" methods.
my $action = "do_" . $CGI->param('action');
my $to_do = new INVOICES;
$to_do->can($action) ?
$to_do->$action() :
defscreen();
Now all your action methods must be called do_foo (called by action=foo), do_bar etc, but this makes sure that someone can't call f.ex the method delete_file by putting action=delete_file in the URL. The other way would be to have a method, analogous to can, which checks if $action is an allowed method name, but I don't prefer that solution because it requires keeping several locations in the code synchronized.
(Btw, I see no mys in your code; you are of course using strict and warnings, I hope?)
Makeshifts last the longest.
Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
Read Where should I post X? if you're not absolutely sure you're posting in the right place.
Please read these before you post! —
Posts may use any of the Perl Monks Approved HTML tags:
- a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
| |
For: |
|
Use: |
| & | | & |
| < | | < |
| > | | > |
| [ | | [ |
| ] | | ] |
Link using PerlMonks shortcuts! What shortcuts can I use for linking?
See Writeup Formatting Tips and other pages linked from there for more info.