Home > Archive > PERL Beginners > May 2006 > Howto check a parameter size in CGI.pm
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
Howto check a parameter size in CGI.pm
|
|
| Wijaya Edward 2006-05-22, 3:59 am |
|
Hi,
Is there a way to determine the size of a parameter of a textarea or filefield in CGI.pm?
For example, given this form.
__BEGIN__
use CGI qw/:standard/;
# snip
textarea(
-name => 'some_name',
-rows => 10,
-columns => 50,
-wrap => 'physical'
);
#or
filefield(-name=>'upload_file', -size=>60)
__END__
We would like to know the size of:
param('some_name'); # of text area
and
param('upload_file') # of file field
I've tried with:
uploadInfo($file)->{'Content-Length'};
But it doesn't print anything.
Regards,
Edward
------------ Institute For Infocomm Research - Disclaimer -------------
This email is confidential and may be privileged. If you are not the intended recipient, please delete it and notify us immediately. Please do not copy or use it for any purpose, or disclose its contents to any other person. Thank you.
--------------------------------------------------------
| |
| JupiterHost.Net 2006-05-22, 7:00 pm |
|
Wijaya Edward wrote:
> Hi,
>
> Is there a way to determine the size of a parameter of a textarea or filefield in CGI.pm?
> For example, given this form.
>
> __BEGIN__
> use CGI qw/:standard/;
>
> # snip
> textarea(
> -name => 'some_name',
> -rows => 10,
> -columns => 50,
> -wrap => 'physical'
> );
>
> #or
>
> filefield(-name=>'upload_file', -size=>60)
> __END__
>
>
> We would like to know the size of:
>
> param('some_name'); # of text area
You can't use the HTML tag's size attribute because:
a) its nbot passed in the reauest
b) even if it was it can easily be spoofed:
- say "state" has size="2" simply enter a url where
state=ajhsdbajhbcjkhasdbvkjhabdcjkhadbvj
habdfh
and its obvious that knowing it was 2 woudl be pointless and possibly
dangerous eif you were relying on it.
- same proinciple if it was passed, what woudl keep them from
spoofing it "state_size=99" obviously checking that would be pointless
at best, dangerous at worst
The best bet is to check it in your script:
if( length( param('state') ) != 2) {
die 'State must be 2 characters long!';
}
> and
>
> param('upload_file') # of file field
>
>
> I've tried with:
> uploadInfo($file)->{'Content-Length'};
>
> But it doesn't print anything.
Becaus ethere is no contetn-length header for it :)
You can read the uploaded file in in chunks and either do the length
afterwards or, my fav, throw an error when it reaches a given size
(which also stops processing it so hopefully it will do its little part
to cut down on attempts to DOS your server :)
| |
| Charles K. Clarkson 2006-05-22, 7:00 pm |
| Wijaya Edward wrote:
: Is there a way to determine the size of a parameter of a
: textarea or filefield in CGI.pm?
You can determine the length (using the length() function)
of a field, but not the size of the control on the form. That
information is not sent via the Common Gateway Interface. The
CGI specification is available here.
http://hoohoo.ncsa.uiuc.edu/cgi/
#!/usr/bin/perl
use strict;
use warnings;
use CGI qw/param/;
# Simulate form input.
param( foo => "Text from\na textarea control\n" );
print length param( 'foo' );
__END__
You could hide information about form field sizes
in hidden fields in the form. Here's is a meta field
hidden in a form which also has a textarea by the name
textarea_1 with 5 rows and 40 columns.
<input type="hidden" name="textarea_1_meta" value="5,40">
#!/usr/bin/perl
use strict;
use warnings;
use CGI qw/param/;
# Simulate form input.
param( textarea_1 => "Text from\na textarea control.\n" );
param( textarea_1_meta => '5,40' );
print form_field_stats( textarea_1 => 'textarea' );
sub form_field_stats {
my( $field, $type ) = @_;
return unless $type eq 'textarea';
my( $rows, $columns ) = split ',', param( $field . '_meta' );
return sprintf
qq|The textarea "$field" is %s characters long.\n| .
qq|\tIt is %s rows by %s columns wide.\n|,
length param( $field ),
$rows,
$columns;
}
__END__
HTH,
Charles K. Clarkson
--
Mobile Homes Specialist
Free Market Advocate
Web Programmer
254 968-8328
Don't tread on my bandwidth. Trim your posts.
|
|
|
|
|