in reply to Re: Passing flags between invocations of a cgi script
in thread Passing flags between invocations of a cgi script

It is a single user invoking the form, selecting an answer, and, then, depending on whether it is the "right" answer, either getting the same version of the form with his/her answer left intact and an admonition to respond again, or being told s/he answered correctly and being given a "new" question. I load the question and the possible answers from a database. In the "wrong" answer case, I want to leave the database alone. In the "right" answer case, I want to visit it again and get a new question. Thank you for considering this question, which clearly contains a moderate share of ignorance.
  • Comment on Re^2: Passing flags between invocations of a cgi script

Replies are listed 'Best First'.
Re^3: Passing flags between invocations of a cgi script
by SuicideJunkie (Vicar) on May 17, 2010 at 19:57 UTC

    The thing to keep in mind is that your script is started, deals with a request and then terminates. Nothing should survive except what you have written to disk, and what the user knows.

    But you can't trust the user, so don't believe anything they say or the sister of bobby tables will tell you that her name is "admin", authenticated=1 and/or score=1000000 ;)

    Instead of real info, only give them a session ID that is really hard to guess (say, 32 random hex characters), and delete session info that is older than 30 minutes. Use the string they reply with to find and load the user's session info (last question/score/login name/etc). If it doesn't exist, send them to the login screen.

    Edit: Fixed link
[reply]
      I think I have managed to make this seem more difficult than it is (which would not be a first). The user's replies are in the form of radio button clicks. Never, never, never anything more. No text fields. No nothing. They are being tested on their ability to translate English medical terms correctly. This is strictly multiple choice. It's just that if they choose wrong, I would like to leave the wrong choice up there and have them take another go at it before giving them the next word. And that is the rub. I just can't figure out a way to give them a second go. Giving them a new question is pretty straightforward. I'm not interested in their score either. They can keep score themselves. Sorry for all the bother.
[reply]

        For simple scripts, I might use something like:

        my $foo = $q->param('foo') // 'Default Value';

        This gives precedence to the CGI form data, but if no form data for that value exists, assign a default (which in this case is 'Default Value').

        The // operator requires Perl 5.10. Older versions of Perl will need the clumsier:

        my $foo = defined $q->param('foo') ? $q->param('foo') : 'Default Value';

        For non-trivial scripts, I usually put this in a loop, with a predetermined hash of defaults and allowed variable names. There's a good chance you'll need some additional logic as well, to validate user input and protect against invalid form submissions.

        Edit: Forgot `defined' on 2nd example, which was sort of the whole point of that example. :-) (Thanks chromatic.)

[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom