Re: Variable Variables

I just want to point out, since multiple people have suggested using foreach ($query->param()) { $$_ = $query->param($_) } that the CGI module provides a method for importing names: $query->import_names('Q'); imports all the parameters into the Q namespace. CGI warns against importing into the main package, for good reason: it's a huge security flaw! Someone could replace the value of any scalar variable in your code just by faking the form data.

Also note that using the above 'roll-your-own' approach to importing fails for multi-valued parameters, assigning them to scalars instead of to arrays. Using CGI's built-in method handles multi-valued parameters correctly.

Comment on Re: Variable Variables Select or Download Code

Replies are listed 'Best First'.
Re: Re: Variable Variables by Anonymous Monk on Dec 06, 2000 at 02:10 UTC
Using CGI's built-in method handles multi-valued parameters correctly. Actually I tried it (`$cg->import_names('Q')`) and it still loses values on muti-valued params. - Bob Niederman	[reply] [d/l]
Re: Re: Re: Variable Variables by chipmunk (Parson) on Dec 06, 2000 at 02:34 UTC
I just tried it too. It turns out that import_names() does this in an interesting fashion; it imports all parameters as both scalars and arrays. `#!/usr/local/bin/perl use CGI; my $query = new CGI ( { single => 'one', multi => ['two', 'three'], } ); $query->import_names('Q'); 1;` [download] Now, using the debugger to examine the results: Loading DB routines from perl5db.pl version 1.0402 Emacs support available. Enter h or `h h' for help. main::(tmp.cgi:5): my $query = new CGI ( { single => 'one', main::(tmp.cgi:6): multi => ['two', 'thr +ee'], DB<1> n main::(tmp.cgi:10): $query->import_names('Q'); DB<1> n main::(tmp.cgi:12): 1; DB<1> V Q $single = 'one' @single = ( 0 'one' ) $multi = 'two' @multi = ( 0 'two' 1 'three' ) DB<2> [download]	[reply] [d/l] [select]