|
Re: Re: Re: Get input data from STDIN *and* query string
by merlyn (Sage) on Jan 10, 2001 at 00:05 UTC
|
It's been beaten to death, here, and in comp.infosystems.www.authoring.cgi.
We even recently had a discussion on whether the QUERY_STRING made sense for POST method form data.
Your code fails on multiple-select and checkbox form elements, and is subject to denial-of-service attacks, and doesn't support alternate delimiters for form data.
-- Randal L. Schwartz, Perl hacker | [reply] |
Re: Re: Re: Get input data from STDIN *and* query string
by swiftone (Curate) on Jan 10, 2001 at 00:07 UTC
|
I hate CGI.pm, i much prefer doing things manually,
Learn to love modules. I prefer doing things manually, but I don't prefer making mistakes by hand. You don't have to use the HTML functions of CGI.pm, for example.
whats so bad about that code, anyway?
Ovid has collected some examples of exploits that would injure code just like that. See his online CGI course at: http://www.easystreet.com/~ovid/cgi_course/ | [reply] |
|
|
Don't get my wrong, modules are one of the many things that make Perl so great, i would just rather do CGI code myself, thats all. but i will check that site out, interested in security risks.. thanks
| [reply] |
Re: Re: Re: Get input data from STDIN *and* query string
by EvanK (Chaplain) on Jan 10, 2001 at 23:26 UTC
|
| [reply] |
|
|
| [reply] |
|
|
| [reply] |
|
|
|
|
|
|
While I didn't like the appearance of the mob scene, there
are excellent reasons why your code got flamed. I suggest
that you take some time out to find out what is and is
not available before you start contributing large amounts
of code. The search box in the upper left corner is an
excellent place to start. Super Search is an excellent place to continue (but it is harder on the server). If
you need to then ask in chatter where stuff is on foo before
submitting code about foo.
Otherwise when you submit advice and there are problems with
it, people will (sometimes loudly) inform the world of the
problems in it. Not for their good. And possibly not
really for yours. But so that nobody else will be
tempted to make the mistakes that you are recommending.
Incidentally you will find that people tend to be very kind
on people asking questions in SoPW, fairly kind within
conversation threads, somewhat more critical to people
offering snippets and code samples, and very critical
very fast if you offer bad advice which is bad for
reasons that come up regularly.
You did the last, which is why you got such an extremely
negative reaction.
| [reply] |
|
|
Yeah, i did the same thing my first day here :) just gotta learn the ways of these wise monks. The people here are really cool, just take some time to get to know them first
| [reply] |
|
|
Okay. I won't use your code. Unless your code adds something to the functionality of CGI.pm which you aren't telling us about, you are rewriting software that every default install of Perl has with it. It seems like a waste of time for me to install and test your code when I can accomplish the same thing with a lot more confidence in two lines of code using CGI.pm (albeit without the apparent subversion of the HTTP standard).
I do agree that a few silent downvotes and a polite comment or succinct criticism are better than calls for downvote stampedes. On the other hand, what if you get a job working on the website for somebigcorp.com someday? I might be using your code without even knowing it, and I'd rather a few bruises to your ego now than a compromised e-commerce site down the road. Code posters should be receptive to criticism, and those who criticize should be firm, but polite, if they expect the advice to be heeded.
| [reply] |
|
|
| [reply] |
|
|