Home > Archive > PERL Miscellaneous > November 2004 > post into hash table
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
post into hash table
|
|
| Bremse 2004-11-26, 4:08 pm |
| I'm trying to put values (from form) posted by post method into hash
table, but all entries after code execution are empty (i.e.
$FORM_DATA{$forename} equals ""). Why?
read(STDIN,$query,$ENV{'CONTENT_LENGTH'}
);
@kv_pairs = split(/\&/, $query);
foreach $key_value (@kv_pairs)
{
($key, $value) = split ( /\=/, $key_value);
$value =~ tr/+/ /;
$value =~ s/%([\dA-Fa-f][\dA-Fa-f])/chr(hex($1))/eg;
$FORM_DATA{$key} = $value;
}
What's wrong?
--
Bremse
| |
| Dimitri Papoutsis 2004-11-26, 4:08 pm |
| Bremse wrote:
> I'm trying to put values (from form) posted by post method into hash
> table, but all entries after code execution are empty (i.e.
> $FORM_DATA{$forename} equals ""). Why?
>
>
> read(STDIN,$query,$ENV{'CONTENT_LENGTH'}
);
> @kv_pairs = split(/\&/, $query);
> foreach $key_value (@kv_pairs)
> {
> ($key, $value) = split ( /\=/, $key_value);
> $value =~ tr/+/ /;
> $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/chr(hex($1))/eg;
> $FORM_DATA{$key} = $value;
> }
>
> What's wrong?
>
Try this:
Just copy and use it...
sub getFormularFields{
if($ENV{'REQUEST_METHOD'} eq 'GET'){
$Data = $ENV{'QUERY_STRING'}
}
else{
read(STDIN, $Data, $ENV{'CONTENT_LENGTH'});
}
my @FormularFields = split(/&/, $Daten);
foreach my $Field (@FormularFields)
{
($name, $value) = split(/=/, $Field);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ s/<!--(.|\n)*-->//g;
${$name} = $value;
$Formular{$name}=$value;
}
return %Formular;
}
bye
dnp
| |
| Andrew Tkachenko 2004-11-26, 4:08 pm |
| Bremse wrote on 26 Ноябрь 2004 14:53:
> I'm trying to put values (from form) posted by post method into hash
> table, but all entries after code execution are empty (i.e.
> $FORM_DATA{$forename} equals ""). Why?
>
>
> read(STDIN,$query,$ENV{'CONTENT_LENGTH'}
);
> @kv_pairs = split(/\&/, $query);
> foreach $key_value (@kv_pairs)
> {
> ($key, $value) = split ( /\=/, $key_value);
> $value =~ tr/+/ /;
> $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/chr(hex($1))/eg;
> $FORM_DATA{$key} = $value;
> }
>
> What's wrong?
>
i guess you should try to avoid parsing query strings by youself since
this usually leads to hidden errs. Since CGI.pm present in all perl
distributions you'd better use code below (not tested):
use strict;
use warnings;
use CGI qw(:standard);
my %FORM_DATA;
for my $key (param) {
$FORM_DATA{$key} = param($key);
}
--
Andrew
| |
| Bob Walton 2004-11-26, 4:08 pm |
| Bremse wrote:
> I'm trying to put values (from form) posted by post method into hash
POST---------------------------------------------^^^^
> table, but all entries after code execution are empty (i.e.
> $FORM_DATA{$forename} equals ""). Why?
>
>
> read(STDIN,$query,$ENV{'CONTENT_LENGTH'}
);
> @kv_pairs = split(/\&/, $query);
---------------------^
& is not a metacharacter, so there is no reason to escape it.
> foreach $key_value (@kv_pairs)
> {
> ($key, $value) = split ( /\=/, $key_value);
------------------------------------------^
= is not a metacharacter, so there is no reason to escape it.
> $value =~ tr/+/ /;
> $value =~ s/%([\dA-Fa-f][\dA-Fa-f])/chr(hex($1))/eg;
> $FORM_DATA{$key} = $value;
> }
>
> What's wrong?
>
One possibility: The query string could use the ; character to separate
key-value pairs rather than the & character (either is permitted and
possibly generated by a web server). If you:
use CGI;
you won't have such problems, plus your CGI scripts will be a lot less work.
Another possibility: Maybe the query string returned has empty values
for the keys. Did you print out the query string to see what is in it?
Since the values are empty strings rather than undef, I would suppose
the keys are actually present in the query string. Or did you check to
see if they are empty versus undef?
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl
| |
| Bob Walton 2004-11-26, 4:08 pm |
| Dimitri Papoutsis wrote:
> Bremse wrote:
....
> Try this:
> Just copy and use it...
Oh, please. At least *try* and run your code before posting it...
>
> sub getFormularFields{
> if($ENV{'REQUEST_METHOD'} eq 'GET'){
> $Data = $ENV{'QUERY_STRING'}
Making package globals in a sub. *Please* use my().
> }
> else{
> read(STDIN, $Data, $ENV{'CONTENT_LENGTH'});
> }
What if it was another method, say the HEAD method?
>
>
> my @FormularFields = split(/&/, $Daten);
------------------------------------------^^^^^^
was that supposed to be $Data? $Daten hasn't been defined in your code.
Also, this will fail to work properly if the query string has
key-value pairs separated by the ; character rather than the & character.
> foreach my $Field (@FormularFields)
> {
> ($name, $value) = split(/=/, $Field);
> $value =~ tr/+/ /;
> $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
> $value =~ s/<!--(.|\n)*-->//g;
Why would you want to remove stuff that looks vaguely like HTML
commentary from a query string? The content of a query string is not
necessarily HTML (and usually isn't). And anyway, this will remove
everything from the first start-of-comment through the last
end-of-comment, rather than just all the comments as is apparently
intended. And rather than the alternation shown, the /s switch should
be used.
> ${$name} = $value;
Oh, puke. Making symbolic references in the global namespace. What
about if the key was 'name', for example, as in
http://whatever.com?name=Dimitry
? Or any package global used by the caller? Not to mention the
security issue -- you just gave a hacker the ability to set any package
global to anything the hacker wants.
> $Formular{$name}=$value;
> }
> return %Formular;
> }
>
> bye
> dnp
--
Bob Walton
Email: http://bwalton.com/cgi-bin/emailbob.pl
| |
| Tad McClellan 2004-11-26, 4:08 pm |
| Dimitri Papoutsis <bastard@uni-koblenz.de> wrote:
> Just copy and use it...
I strongly urge all readers to not do as asked there.
Use a module for parsing form parameters.
--
Tad McClellan SGML consulting
tadmc@augustmail.com Perl programming
Fort Worth, Texas
| |
| Gunnar Hjalmarsson 2004-11-26, 9:10 pm |
| Bob Walton wrote:
> Bremse wrote:
>
> One possibility: The query string could use the ; character to separate
> key-value pairs rather than the & character (either is permitted and
> possibly generated by a web server).
The query string is probably empty, since it's a form submission via the
POST method, and forms always use & as the separator.
> Another possibility: Maybe the query string returned has empty values
----------------------------------^^^^^^^^^^^^
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
| |
| Gunnar Hjalmarsson 2004-11-26, 9:10 pm |
| Bremse wrote:
> I'm trying to put values (from form) posted by post method into hash
> table, but all entries after code execution are empty (i.e.
> $FORM_DATA{$forename} equals ""). Why?
Maybe because there is no $forename variable? Do you mean
$FORM_DATA{forename} ?
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
| |
| John Bokma 2004-11-27, 3:56 am |
| Gunnar Hjalmarsson wrote:
> Bob Walton wrote:
>
> The query string is probably empty, since it's a form submission via
> the POST method, and forms always use & as the separator.
Sometimes I call POST forms using GET, sometimes I use a script. Don't rely
on what you think is on your page.
--
John Small Perl scripts: http://johnbokma.com/perl/
Perl programmer available: http://castleamber.com/
Happy Customers: http://castleamber.com/testimonials.html
| |
| Tintin 2004-11-27, 3:56 am |
|
"Bremse" <bremse{usun.to}@wp.pl> wrote in message
news:pegeq0lj9qjqj42a9iq7i2rqkn03rsdf5o@
4ax.com...
> I'm trying to put values (from form) posted by post method into hash
> table, but all entries after code execution are empty (i.e.
> $FORM_DATA{$forename} equals ""). Why?
That's what happens when you try doing something as complex as CGI parsing
yourself.
use CGI;
my $q = new CGI;
my %FORM_DATA = $q->Vars;
| |
| Gunnar Hjalmarsson 2004-11-27, 3:56 am |
| John Bokma wrote:
> Gunnar Hjalmarsson wrote:
>
> Sometimes I call POST forms using GET, sometimes I use a script.
> Don't rely on what you think is on your page.
My point is that splitting on & only can't be causing the OPs problem.
--
Gunnar Hjalmarsson
Email: http://www.gunnar.cc/cgi-bin/contact.pl
|
|
|
|
|