Code Comments
Programming Forum and web based access to our favorite programming groups.
RE: (was: decode the form information)and what do you think about this?is it enough reliable? It sounds good to me!!!code:
sub get_form_data { my $temp; my $buffer; my @data; read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); foreach $temp (split(/&|=/,$buffer)) { $temp =~ tr/+/ /; $temp =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; $temp =~ s/[\r\n]/ /g; push @data, $temp; } foreach $temp (split(/&|=/,$ENV{'QUERY_STRING'})) { $temp =~ tr/+/ /; $temp =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; $temp =~ s/[\r\n]/ /g; push @data, $temp; } return @data; } local %form = &get_form_data; print $form{'something');
Post Follow-up to this message
Re: (was: decode the form information)Larry wrote:
> and what do you think about this?
>
> [code]
>
> sub get_form_data {
<snip>
> is it enough reliable? It sounds good to me!!!
You've been advised to use the CGI module. If you intend to produce
production code, then there isn't really an excuse not to use it. If you
don't then you are going to cause yourself all sorts of problems. I
doubt if anyone is going to be willing to step through your attempt at
cgi parameter parsing and comment on it....
Mark
Post Follow-up to this message Re: (was: decode the form information)sub get_form_data {
my ($buffer,@pairs,$pair,$name,$value);
if ($ENV{'REQUEST_METHOD'} eq 'POST') {
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
}
elsif ($ENV{'REQUEST_METHOD'} eq 'GET') {
$buffer = $ENV{'QUERY_STRING'};
@pairs = split(/&/, $buffer);
}
else { die "Errore... metodo non consentito\n"; }
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
}
this sounds even better!!!!!!!!!
Post Follow-up to this message Re: (was: decode the form information)Larry wrote: > and what do you think about this? > >> > is it enough reliable? It sounds good to me!!! As a general purpose function for parsing CGI form data? No. The very fact that you feel a need to ask shows that you don't know enough about CGI to write such a function. It's good that you want to learn, but asking open CGI questions in this group is the wrong way. Studying the CGI spec and the source of Perl modules for the purpose are two good ways. You really should stick with CGI.pm or any of the alternative modules available such as CGI::Lite or CGI::Minimal, at least for the time being. -- Gunnar Hjalmarsson Email: http://www.gunnar.cc/cgi-bin/contact.plcode:
> > sub get_form_data { > my $temp; > my $buffer; > my @data; > read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); > foreach $temp (split(/&|=/,$buffer)) { > $temp =~ tr/+/ /; > $temp =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; > $temp =~ s/[\r\n]/ /g; > push @data, $temp; > } > foreach $temp (split(/&|=/,$ENV{'QUERY_STRING'})) { > $temp =~ tr/+/ /; > $temp =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; > $temp =~ s/[\r\n]/ /g; > push @data, $temp; > } > return @data; > } > > local %form = &get_form_data; > > print $form{'something'); > >
Post Follow-up to this message Re: (was: decode the form information)Larry wrote:
> sub get_form_data {
>
> my ($buffer,@pairs,$pair,$name,$value);
>
> if ($ENV{'REQUEST_METHOD'} eq 'POST') {
> read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
> @pairs = split(/&/, $buffer);
> }
> elsif ($ENV{'REQUEST_METHOD'} eq 'GET') {
> $buffer = $ENV{'QUERY_STRING'};
> @pairs = split(/&/, $buffer);
> }
> else { die "Errore... metodo non consentito\n"; }
>
> foreach $pair (@pairs) {
> ($name, $value) = split(/=/, $pair);
> $value =~ tr/+/ /;
> $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
> $FORM{$name} = $value;
> }
>
> }
>
> this sounds even better!!!!!!!!!
Very nice, but what if I'm going to submit a form that has a group of
checkboxes (each one with the same name), and I select more than one?
The GET Url would look like:
/script.pl?cb=1;cb=2
Ouch!
First of all, ";" is also a valid option separator. Secondly, you loose the
first cb value.
Use CGI.pm.
Post Follow-up to this message RE: (was: decode the form information)On Mon, 27 Sep 2004 14:26:56 +0000, Larry wrote: > and what do you think about this? Horrible. It will break. Eventually. >> > is it enough reliable? No. > It sounds good to me!!! It doesn't matter how it sounds, as long as it doesn't work. The code above is better written as: my $CGI = CGI->new(); print $CGI->param('something'); So. Use the CGI module. It's a reason why everyone else uses it. -- Tore Aursand <tore@aursand.no> "War is too serious a matter to entrust to military men." (Georges Clemenceau)code:
> > sub get_form_data { > my $temp; > my $buffer; > my @data; > read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); > foreach $temp (split(/&|=/,$buffer)) { > $temp =~ tr/+/ /; > $temp =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; > $temp =~ s/[\r\n]/ /g; > push @data, $temp; > } > foreach $temp (split(/&|=/,$ENV{'QUERY_STRING'})) { > $temp =~ tr/+/ /; > $temp =~ s/%([0-9a-fA-F]{2})/pack("c",hex($1))/ge; > $temp =~ s/[\r\n]/ /g; > push @data, $temp; > } > return @data; > } > > local %form = &get_form_data; > > print $form{'something'); > >
Post Follow-up to this message Re: (was: decode the form information)In article <2rqskvF1ckhvvU1@uni-berlin.de>, Gunnar Hjalmarsson <noreply@gunnar.cc> wrote: > > As a general purpose function for parsing CGI form data? No. > > The very fact that you feel a need to ask shows that you don't know > enough about CGI to write such a function. It's good that you want to > learn, but asking open CGI questions in this group is the wrong way. > Studying the CGI spec and the source of Perl modules for the purpose > are two good ways. > > You really should stick with CGI.pm or any of the alternative modules > available such as CGI::Lite or CGI::Minimal, at least for the time being. > ok ok...i will
Post Follow-up to this message Re: (was: decode the form information)Larry wrote:
> and what do you think about this?
> read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
I think that anyone can crash your server with hardly any effort.
Have you considered what will happen if CONTENT_LENGTH is 4294967297 ?
-Joe
Post Follow-up to this message Re: (was: decode the form information)Joe Smith (Joe.Smith@inwap.com) wrote:
: Larry wrote:
: > and what do you think about this?
: > read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
: I think that anyone can crash your server with hardly any effort.
: Have you considered what will happen if CONTENT_LENGTH is 4294967297 ?
: -Joe
The same thing that will happen if you use CGI; with the default settings.
(and as far as I've noticed, virtually all scripts and examples use cgi.pm
with the default settings.)
Post Follow-up to this message Re: (was: decode the form information)Malcolm Dew-Jones wrote: > Joe Smith (Joe.Smith@inwap.com) wrote: > > The same thing that will happen if you use CGI; with the default > settings. > > (and as far as I've noticed, virtually all scripts and examples use > cgi.pm with the default settings.) Very true. When will the myth in this group, that using CGI.pm makes a big difference with respect to security, be put to death? Writing secure CGI scripts requires knowledge about the potential risks and efforts to address those risks. Whether CGI.pm is used for parsing data or not has (almost) nothing to do with it. -- Gunnar Hjalmarsson Email: http://www.gunnar.cc/cgi-bin/contact.pl
Post Follow-up to this message
Sponsored Links
Show a Printable Version
Email This Page to Someone!
Receive updates to this thread
Powered by vBulletin
Copyright 2000-2006 Jelsoft Enterprises Limited.
