in reply to Can we top this security problem?
The PHP programmer meant to do this:
my $query = new CGI; $query->import_names('R'); print $R::ParamNameFromCGI; # or whatever [download]
Russ Brainbench 'Most Valuable Professional' for Perl