Re^3: Issuing a DELETE statement with DBI

I was curious about this, so I ran a quick test and was unable to duplicate your findings (CGI.pm version 3.05). In my output, the keys and values appear as I would expect. Can you please explain how you came to your conclusion? Here's my code:

#!/usr/bin/perl

use strict;
use warnings;

use CGI;

my $cgi = CGI->new();

use Data::Dumper::Simple;
print Dumper($cgi);
print scalar $cgi->param('title');
print $/;

__END__

> ./tmp.pl title=foo\;title=user\;bar=
$cgi = bless( {
                '.parameters' => [
                                   'title',
                                   'bar'
                                 ],
                'bar' => [
                           ''
                         ],
                '.charset' => 'ISO-8859-1',
                '.fieldnames' => {},
                'title' => [
                             'foo',
                             'user'
                           ],
                'escape' => 1
              }, 'CGI' );
foo
[download]

Thanks!

---
It's all fine and dandy until someone has to look at the code.

Comment on Re^3: Issuing a DELETE statement with DBI Download Code

Replies are listed 'Best First'.
Re^4: Issuing a DELETE statement with DBI by Corion (Patriarch) on Sep 01, 2006 at 16:43 UTC
Where are you getting the `scalar` from? I used the following to test my statement: `perl -MCGI=param -le "print for param('title')" ?title=foo;title=bar foo bar` [download] To make this into a "really working" attack by injecting keys and values the author didn't foresee, I used this program: `use strict; use Data::Dumper; use CGI; my $q = CGI->new('?title=foo;title=bar;title=injected_key;title=inject +ed_value'); my $query = { title => $q->param('title') }; print Dumper $query; __END__ # Outputs: $VAR1 = { 'injected_key' => 'injected_value', 'title' => 'bar' };` [download]	[reply] [d/l] [select]
Re^5: Issuing a DELETE statement with DBI by kwaping (Priest) on Sep 01, 2006 at 16:59 UTC
Thank you for your explanation. Here's my code again, modified slightly to remove `scalar` and to more closely match the OP's model. The results are the same. `#!/usr/bin/perl use strict; use warnings; use CGI; my $cgi = CGI->new(); use Data::Dumper::Simple; print Dumper($cgi); my $title = $cgi->param('title'); print $title; print $/; __END__ > ./tmp.pl title=foo\;title=user\;bar= $cgi = bless( { '.parameters' => [ 'title', 'bar' ], 'bar' => [ '' ], '.charset' => 'ISO-8859-1', '.fieldnames' => {}, 'title' => [ 'foo', 'user' ], 'escape' => 1 }, 'CGI' ); foo` [download] --- It's all fine and dandy until someone has to look at the code.	[reply] [d/l] [select]
Re^6: Issuing a DELETE statement with DBI by eric256 (Parson) on Sep 01, 2006 at 17:51 UTC
Your getting warmer. But you are assigning to a scalar instead of a hash, which makes cgi behave differently. Below is the same assigning to a hash. `#!/usr/bin/perl use strict; use warnings; use CGI; my $cgi = CGI->new(); use Data::Dumper; print Dumper($cgi); my $test = { title => $cgi->param('title')}; print Dumper($test); __END__ $VAR1 = bless( { '.parameters' => [ 'title' ], '.charset' => 'ISO-8859-1', '.fieldnames' => {}, 'title' => [ 'hello', 'goodbye' ], 'escape' => 1 }, 'CGI' ); Odd number of elements in anonymous hash at hack.pl line 12. $VAR1 = { 'title' => 'hello', 'goodbye' => undef };` [download] ___________ Eric Hodges	[reply] [d/l]