Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I've been having a problem with \ characters in CGI parameters.
Given a parameter called string with the value \\what will I get?. and using the following code(heavily snipped)
#$cgi is cgi object
my $string = $cgi->param('string');
print $string;

[download]
This outputs \what will I get?.
I know that if you use a single quoted string \' and \\ are still interpolated to ' and \ . Is this the same issue?
Is there any workaround/solution?

Replies are listed 'Best First'.
Re: Backslash Interpolation
by tadman (Prior) on Jun 14, 2001 at 16:30 UTC
    Interpolation doesn't happen after data is stored in the string, so the problem is likely in the data retrieval and/or transport stage. That is to say that no matter what crud you have in $string, high-ASCII, control codes, or otherwise, print doesn't really do anything fancy (binmode aside, which controls the application of CR-LF conversions in DOS/Windows).

    Specifically: 
        my $var = "\\what will I get?.";
    print $var;

    \what will I get?.

    [download]
    That will return the "interpolated" version. 
        my $var = '\\\\what will I get?.';
    print $var;

    \\what will I get?.

    [download]
    That will print whatever you give it. Of course, you can always take the other way around and get some truly safe string data: 
        my $var = quotemeta("\\what will I get?.");
    print $var;

    \\what\ will\ I\ get\?\.

    [download]
    I don't think CGI does anything fancy with backslashes, so are you sure the data gets in there in the right format? As Graham pointed out, using quotemeta on your input data may help out.
[reply]
[d/l]
[select]
      Thanks for having a look.
      The data seems to be getting there correctly- I used Data::Dumper to have a peek at the CGI object and in there the backslashes are all intact
      The problem with using quotemeta is that it escapes everything as your example showed. Ideally I'd like to be able to present the data exactly as it was input into the form.
[reply]
        Further to my earlier reply

        Could you not do a basic string substitution to account for these characters. 

        my $x='\\what will I get?.'
$x =~ s/\\/\\\\/
print $x

        [download]
        will convert the string '\\what will I get?.'
        into '\\\\what will I get?.'
        which when printed becomes

        \\what will I get?.

        $x =~ s/\\/\\\\/g

        [download]
        will account for multiple instances of \ within the string
[reply]
[d/l]
[select]

        Note that Data::Dumper produces Perl code so, if you give Data::Dumper a string with a single backslash in it, then it will display a string literal with the backslash escaped, that is, the output will contain two backslashes.

        So I still think the slash is being lost before CGI.pm gets involved.

                - tye (but my friends call me "Tye")
[reply]
Re: Backslash Interpolation
by Graham (Deacon) on Jun 14, 2001 at 16:19 UTC
    would not the following work: 
    #$cgi is cgi object
my $string = $cgi->param('string');
print quotemeta $string;

    [download]
    UPDATE Ah! - That of course wouldn't work because it would also show slashes
    before every space. Must Engage brain before typing.....
[reply]
[d/l]

Back to Seekers of Perl Wisdom