Re^2: Definings variables recursively

Creating/defining variables from input from CGI is precicely, and especially one of the things one shouldn't do. What if I'm really careful? (offsite) describes pretty effectively why it's a terrible idea to accept input of any kind from a CGI script, that is used to create a variable name via a symbolic reference. This document is part of a three-part collection on the subject, the links to which are included at the end of the doc.

The point is that if you think your method is safe, it's probably because you've overlooked the real danger.

Dave

Comment on Re^2: Definings variables recursively

Replies are listed 'Best First'.
Re^3: Definings variables recursively by chas (Priest) on Feb 26, 2005 at 04:57 UTC
Dave, Thanks for your comments. I definitely agree. Actually, I've done the following: `.... @varnames=('name','affiliation','email','radio','geometric'); for (@varnames){$$_=param($_)}; ....` [download] So, I've only made variables out of some strings that I have chosen myself. But this certainly isn't necessary, and I am going to rethink this. chas	[reply] [d/l]