using strict setup

tanger has asked for the wisdom of the Perl Monks concerning the following question:

Hello all,

The way I have set up my program worries me. I'm not sure if its the safe/good way to go or if its just perfectly fine.

Basically I have two files. 1.) user.pl 2.) verify.pl

user.pl code:

#!C:/Perl/bin/perl.exe -wT

    print "Content-type: text/html\n\n ";

    my $auth_file = 'auth.pl';

require "$auth_file";
&startup;
    my $action = $INPUT->param('action');

if (length($action) > 15) {
     print "Invalid Action!  Your IP has been logged and will be inves
+tigated further."; 
        die;  
    }  

if ($action eq "login") { &login; }
elsif ($action eq "auth") { &auth; }
elsif ($action eq "logout") { &logout; }
else { &signup; }
[download]

auth.pl code (only the startup function displayed):

sub startup {

use CGI qw/:standard/;

#notice how theres no 'my' next to INPUT, so it can be global for the 
+user.pl to use
    $INPUT = new CGI;
        use strict;

}
[download]

I don't know why but the following set up just worries me? Shouldn't use strict be declared before use CGI?
If I do that however, then I can't make the $INPUT global? Am I using require just fine? The thing that makes me a little upset is my inability to understand full concepts when I read something. For example, I usually learn through examples and tutorials, but even though I can get something to work out , there still efficiency/security flaws that I wouldn't know of. An example of this is how I learned how to used fetchrow_hashref to retreive 1000 rows, even though bind_col was the most efficient way to do so.
thanks
tanger

Comment on using strict setup Select or Download Code

Replies are listed 'Best First'.
Re: using strict setup by nobull (Friar) on Apr 16, 2005 at 08:57 UTC
You are using Perl4 style libraries. If you are just learning Perl5 you may as well not bother with the old Perl4 approach and go directly to the Perl5 module. See perlmod and ~~perlmodtut~~. As you become more exeperienced in Perl you'll find the are places where the Perl4 library arroach is still valid. As for `use strict`, it should in general be the first non-comment line in every Perl source file. The only common exception to this is the first `package` directive in a .pm file is often placed before the `use strict`. You appear to have completely misunderstood what `use strict 'vars'` does. It does not prevent you using global variables. It prevents Perl from interpreting every mention of an undeclared variable as an implicit package variable declaration. (You should probably avoid using the term "global variable" to describe package variable as global variable means different things to different people.) There are two ways to declare a package variable in Perl. `our` makes a package variable available in the current lexical scoped. As such if you want to share a variable with a Perl4-style library then you need the `our` in both the files. The other way is `use vars`, and this is only needed in one place. (This is really a special case of a variable being exported by a module). Update: there's no such man page as perlmodtut - I was probably thinking of perlmodstyle or perltoot. (Thanks to tlm).	[reply] [d/l] [select]
Re: using strict setup by Jaap (Curate) on Apr 16, 2005 at 08:58 UTC
Declare `$INPUT` with our like this: `use strict; use warnings; use CGI; our $INPUT = new CGI;` [download] or `use vars qw($INPUT);` if you want it to be used in Perl < 5.6.0 (i believe).	[reply] [d/l] [select]
Re: using strict setup by tlm (Prior) on Apr 16, 2005 at 18:07 UTC
Also, `strict` won't complain if you fully qualify the package variables. For example: `% perl -le 'use strict; $x = 1; print $x' Global symbol "$x" requires explicit package name at -e line 1. Global symbol "$x" requires explicit package name at -e line 1. Execution of -e aborted due to compilation errors. % perl -le 'use strict; $main::x = 1; print $::x' 1` [download] `strict` nixed the first one-liner, but the second one worked fine. In your case you can use `$main::INPUT`, or, taking advantage of the special treatment given to the `main` package, you can also use `$::INPUT` (I used both forms of qualification in the second one-liner, for the sake of illustration). But I concur with nobull that you should read `perlmod` so that you better understand Perl5's module scheme. (Good follow-up reading after `perlmod` are `perltoot` and `perlobj`.) Read more... (2 kB) the lowliest monk	[reply] [d/l] [select]