in reply to Re: CGI Module - parameters passed
in thread CGI Module - parameters passed

Those additional name-values pairings are in the action property : 
<form name="something" action="somescript.pl?name1=value1&name2=value2
+"....>
    <input type="hidden" name="productID" value="199132908390" />
    <input type="submit" name="something".... />
</form

[download]
I have a bunch of name-value pairings in the action property but also hidden fields and such within the form tag section. Initially I thought everything went into the CGI object, really first time needing both like this. Also, does the CGI module handle getting rid of anything nasty that could be written in form fields that could cause problems in a script? I don't use any eval or anything like that on user supplied data but I was wondering if there are any additional security measures I should take. Thanks for the reply.

Replies are listed 'Best First'.
Re^3: CGI Module - parameters passed
by Corion (Patriarch) on Feb 05, 2010 at 19:24 UTC

    You haven't shown the relevant part of the form, but if you receive "both kinds" of parameters, that is, URL and POST parameters, you need to ask CGI about both kinds, or tell CGI to munge them both together into one. See CGI.

    About "nasty things", there is no input that can make CGI.pm do nasty things, but usually, you tend to do stuff with the input yourself. So either use a templating system or make sure yourself that you properly escape all input you output to the user again. Also see perltaint.

[reply]

In Section Seekers of Perl Wisdom