in reply to Re^2: CGI hidden params vs. character encoding
in thread CGI hidden params vs. character encoding

FINALLY FIGURED IT OUT! (...in a manner of speaking)

oh, right! Here are two better ways: 

print $cgi->p("The testtext parameter as received was: ". escapeHTML($
+newtest)),
      $cgi->p("The hidden parameter was: ". escapeHTML($newhid)),
      $cgi->hidden(-name=>"testtext_hid", -default=>$newhid, -override
+=>1);

[download]
$cgi->param('testtext_hid', $newhid);
print $cgi->p("The testtext parameter as received was: ". escapeHTML($
+newtest)),
      $cgi->p("The hidden parameter was: ". escapeHTML($newhid)),
      $cgi->hidden("testtext_hid");

[download]

Note the -override=>1 in the first snippet, or how the the second snippet sets the parameter instead of setting the default.

Also note how I did the P elements. <p/> makes no sense. <p/>text<p/>text means <p></p>text<p></p>text but you want <p>text</p><p>text</p>.

Finally, note how I used escapeHTML to avoid an injection attack and invalid HTML generation.

All in all, it smells like a bug in CGI

I agree. Not that you had to use -override, that's clearly documented under the "CREATING FILL-OUT FORMS" header. But how it handles (or rather doesn't handle) encodings other than iso-latin-1.

In Section Seekers of Perl Wisdom