Re^4: is this script secured enough from internet attacks (&)

The problem with the ampersand is that most people expect that just like &foo(1,2,3) behaves the same as foo(1,2,3) &foo; behaves the same as foo; and it does not. It's too easy to remove all your arguments and having the subroutine fiddle with your @_ instead of getting no arguments.

Jenda
Enoch was right!
Enjoy the last years of Rome.

Comment on Re^4: is this script secured enough from internet attacks (&) Select or Download Code

Replies are listed 'Best First'.
Re^5: is this script secured enough from internet attacks (&) by tye (Sage) on Jun 11, 2011 at 01:32 UTC
Actually, people who like cues to make their subroutine calls easier to identify visually are unlikely to run into that problem, even if they weren't aware of the potential. Even though I don't use `&`, I never leave off the parens when calling a user-defined function (or method) with no arguments; the lack of parens screams "not a subroutine call" too loudly to me. I only rarely even make an exception for constants (and I wouldn't use `&` for constants, personally). In any case, it is a trivial matter of informing the coder of that one simple fact to prevent that problem. - tye	[reply] [d/l] [select]

Replies are listed 'Best First'.

Re^5: is this script secured enough from internet attacks (&)
by tye (Sage) on Jun 11, 2011 at 01:32 UTC

Actually, people who like cues to make their subroutine calls easier to identify visually are unlikely to run into that problem, even if they weren't aware of the potential. Even though I don't use &, I never leave off the parens when calling a user-defined function (or method) with no arguments; the lack of parens screams "not a subroutine call" too loudly to me. I only rarely even make an exception for constants (and I wouldn't use & for constants, personally).

In any case, it is a trivial matter of informing the coder of that one simple fact to prevent that problem.

- tye

[reply]
[d/l]
[select]