in reply to Re: Re: Re: Re: Re: Re: (Ovid -- bug in your hand-rolled CGI code) Re: Pushing w/ an associative array?
in thread Pushing w/ an associative array?

Basically I've got a few different forms for people to submit stuff, one is a grocery list, the other is a list of people to contact in an emergency, etc.

I'd like to make it so that this script can handle either form, instead of writing out a separate form for each script. Although now it seems like its taking way longer to code around this =)

Thats the reason I need to have the name of the variable that the value is coming with.

  • Comment on Re: Re: Re: Re: Re: Re: Re: (Ovid -- bug in your hand-rolled CGI code) Re: Pushing w/ an associative array?

Replies are listed 'Best First'.
(Ovid) too many re's to think about.
by Ovid (Cardinal) on Dec 27, 2000 at 22:47 UTC
    What you are asking for is very basic. Read through the CGI.pm documentation if you'd like more examples. The code snippets that have been posted here seem to cover exactly what you are looking for. If you need the name of all "variables" in your form, you do this: 
    #!/usr/bin/perl -wT
use strict;
use CGI;
my $q = CGI->new;
my @vars = $q->param; # <-- That's all there is to getting 'em

    [download]
    It's pretty simple. I don't see what you are having trouble with. That will handle any form you want to throw at it.

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
[d/l]
Re: Re: Re: Re: Re: Re: Re: Re: (Ovid -- bug in your hand-rolled CGI code) Re: Pushing w/ an associative array?
by merlyn (Sage) on Dec 27, 2000 at 22:43 UTC
    And then you get all this coded, and someone calls your script handing it a bunch of parameters you don't expect. If you act on them, you are in for a big surprise. But how will you know to reject them? Right... you'll need to know this in the script. Now you're back to a list of known parameters, and you don't need to handle "anything that comes in". End of problem.

    -- Randal L. Schwartz, Perl hacker

[reply]
      I don't see how accepting arbitrary keys is automatically a security hole. That rather depends on what is done with the keys. If all you're doing is writing to a file, for example, I don't see that writing out arbitrary keys increases the risk over writing out known keys. (And if your script is written to expect arbitrary keys, then there are no keys that are unexpected. :)
[reply]
        merlyn was responding to a request for one variable to have the name of another. This is a bad idea for reasons that Dominus explained at length here. Of course accepting and processing arbitrary keys in a safe manner (eg in a hash) is safe. The only possible confusion then will be that (like globals) the same name will get used twice in two places and the two will get confused for each other. Of course then you just have multiple keys which between them are a unique identifier. One for the data elment in the form, one for the form.
[reply]

In Section Seekers of Perl Wisdom