Please ignore my not using CGI.PMs HTML shortcuts, I'm still reading up on those.
It's fine to not use CGI.pm's HTML shortcuts, but seriously, consider using it to at least parse your input for you. It's pretty easy to generate HTML output on your own, but it's difficult to do a good job parsing CGI input.
Also, just for kicks and giggles, turn on -T (taint checking) by putting the -T on the shebang line just like you've done with -w. You'll find that you are actually doing something quite dangerous by accepting a filename and sending user input through the open command. You may think it doesn't matter much if the script is just for personal use. But if you put that script on your ISP or webhosting company's server, you are exposing the ISP/webhost to a serious security breech, and yourself, to a possible legal liability if they get attacked through your script.
Please read: use CGI or die;, and escaping filenames taken in via user input.
One alternative to taking user input for filenames is this:
Generate your own list of filenames by reading the target directory. Give the user a list of filenames, and let him select from that list. And don't accept the actual file name as an HTML parameter. Use a hash lookup table: A => file1.dat, B => file2.dat, etc. That way the input you get from your HTML form never directly finds its way into your open statement.
Dave
In reply to Re: Not my first program, but the first I'll share...
by davido
in thread Not my first program, but the first I'll share...
by pekkhum
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |