in reply to RE: Re: Variable variable names
in thread Variable variable names

All good points, but remember that it's a CGI, which means I am (by definition) stuck with that pesky HTML form and those form elements. I want to confuse my element names with my application variables... one way of looking at it is a deliberate, controlled extension of my application's namespace to include the HTML form.

I'm not saying that using a hash is a bad idea, but I do think that we should be very careful in our choice of dogma. Perl, far more than most languages, is not a black and white affair. I challenge the dogma that "all soft references are bad" by presenting a reasonable situation where some programmer somewhere might choose to use them to advantage.

Gary Blackburn
Trained Killer

Replies are listed 'Best First'.
RE: RE: RE: Re: Variable variable names
by merlyn (Sage) on Oct 24, 2000 at 09:05 UTC
    I want to confuse my element names with my application variables... one way of looking at it is a deliberate, controlled extension of my application's namespace to include the HTML form.
    And the day someone returns a form variable that happens to overwrite your value of $authorized with 1 for a critical application, you are toast. This already generated a CERT warning for a PHP application... why repeat history with Perl when it is so easily avoided?

    In the security biz, we repeat two mantra:

    • Do not let your data become code.
    • Do not let your code become data.
    The wise one pays attention to both, with rigor.

    -- Randal L. Schwartz, Perl hacker

[reply]

In Section Seekers of Perl Wisdom