rpike has asked for the wisdom of the Perl Monks concerning the following question:

I have a form on an html page with name-value pairings tacked onto it so action="somescript.pl?name1=value1&name2=value2...". In the form tags I have a submit button and 1 text field. In the perl script that is the action value for this form I try and grab the values passed back from the form using a CGI object. How can I easily get the name-value pairings to use in my script? Apparently the CGI object I'm using isn't picking up the name-values that were included with the action? I'm using this particular CGI object to grab all the values I need from the form that submitted. I'm pretty much wondering the "best" way to do this (as I do have a few ideas on doing it but would like to hear suggestions on the best way to achieve it). Thanks.

Replies are listed 'Best First'.
Re: CGI Module - parameters passed
by Your Mother (Archbishop) on Feb 05, 2010 at 19:20 UTC

    If I understand your problem, I think this is the relevant documentation you want: CGI /MIXING_POST_AND_URL_PARAMETERS.

    Better to stay away from Vars in CGI.pm: When using this, the thing you must watch out for are multivalued CGI parameters. Because a hash cannot distinguish between scalar and list context, multivalued parameters will be returned as a packed string, separated by the "\0" (null) character. Use the regular param function/method or Dump if you're just exploring, debugging.

[reply]
[d/l]
[select]
Re: CGI Module - parameters passed
by Corion (Patriarch) on Feb 05, 2010 at 18:53 UTC

    It sounds to me as if you're keeping some kind of state in the URL parameters. You will need to propagate that state into the form, either through its action parameter directly or by including all the relevant parameters as hidden fields. Likely the ->Vars method of CGI will come in handy to get at all parameters of the current request.

[reply]
[d/l]
[select]
      Those additional name-values pairings are in the action property : 
      <form name="something" action="somescript.pl?name1=value1&name2=value2
+"....>
    <input type="hidden" name="productID" value="199132908390" />
    <input type="submit" name="something".... />
</form

      [download]
      I have a bunch of name-value pairings in the action property but also hidden fields and such within the form tag section. Initially I thought everything went into the CGI object, really first time needing both like this. Also, does the CGI module handle getting rid of anything nasty that could be written in form fields that could cause problems in a script? I don't use any eval or anything like that on user supplied data but I was wondering if there are any additional security measures I should take. Thanks for the reply.
[reply]
[d/l]

        You haven't shown the relevant part of the form, but if you receive "both kinds" of parameters, that is, URL and POST parameters, you need to ask CGI about both kinds, or tell CGI to munge them both together into one. See CGI.

        About "nasty things", there is no input that can make CGI.pm do nasty things, but usually, you tend to do stuff with the input yourself. So either use a templating system or make sure yourself that you properly escape all input you output to the user again. Also see perltaint.

[reply]

Back to Seekers of Perl Wisdom