Re^2: Form Parameters

hi Tanktalus,

Rather than provide a list of parameter names, could something like this be done?

my @formnames = $query->param;
my %data = map {
  $_ => filter(param($_))
} @formnames;
[download]

Update: Code untested.

Martin

Comment on Re^2: Form Parameters Download Code

Replies are listed 'Best First'.
Re^3: Form Parameters by dorward (Curate) on Aug 04, 2006 at 15:02 UTC
This has the risk that the user could construct an HTTP request that included data for fields not in the form sent by the server. Depending on what is done with the data this could, for example, allow someone to edit a field that users aren't supposed to be able to edit. So if this technique is used, it is important to be aware of potential security issues and include protection against them.	[reply]
Re^4: Form Parameters by marto (Cardinal) on Aug 04, 2006 at 16:54 UTC
Hi dorward, Thanks for pointing out this issue, something that I had not thought about. Martin	[reply]
Re^3: Form Parameters by Tanktalus (Canon) on Aug 04, 2006 at 14:19 UTC
Definitely. Note, however, that this has slightly different semantics. Not worse, just different. The original example would try to set all desired values, whether they were in the form or not. Further, it would do it in a tightly-controlled manner. Your example will skip values that aren't in the form (probably desirable), and do it in the order that they're passed in from the web client (probably immaterial - but sometimes you care about the order). Further, it will catch parameters that the OP may not care about (again, probably immaterial - if they get filtered out later). For example, the submit button will show up, I think.	[reply]