CGI - Get all params and their associated values

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: CGI - Get all params and their associated values by Corion (Patriarch) on Oct 07, 2015 at 14:31 UTC
Have you reviewed the CGI documentation? There is a section Fetching the value or values of a single named parameter.	[reply]
Re: CGI - Get all params and their associated values by Anonymous Monk on Oct 07, 2015 at 15:51 UTC
In light of ... tired propaganda ... "new class for old fools" ... Stop Using Perl	[reply]
Re^2: CGI - Get all params and their associated values by u65 (Chaplain) on Oct 07, 2015 at 17:24 UTC
It would help to clarify that link reference a bit so as not to mislead casual readers who may not actually follow the link.	[reply]
Re^3: CGI - Get all params and their associated values by Anonymous Monk on Oct 07, 2015 at 19:24 UTC
u65: you should do something I could do If you feel the link needs clarifications for those not interested enough to follow it, you should make the clarification	[reply]
Re: CGI - Get all params and their associated values by sundialsvc4 (Abbot) on Oct 07, 2015 at 17:24 UTC
Every language, unfortunately, has features which can be exploited to take advantage of the inattentive. Probably the most important take-away here is that (regardless of what language you are using ...) you should validate all parameters received before you use any of them. And, you should not be content to subject your form-handling logic only to the POST/GET streams that the form in question may produce. Furthermore, you should not call those handlers only in the sequence that the application itself will produce. Since HTTP is a completely stateless protocol, and since the data passing between client and server can be easily monitored, it is therefore possible for a rogue to manufacture any POST/GET stream and to subject any part of your application to it, in any sequence and at any time. One of the first thing that we do at Sundial when presented with a prospective new legacy-app client is to subject their site (preferably, an isolated copy of it running on one of our servers or laptops) to this kind of aggressive, automated, “smoke testing,” which of course is automated. Nearly all of the time, the site (or mobile app!) promptly goes down in flames. Furthermore, we see this in apps written in all sorts of languages, not just Perl. The stability and integrity of the deployed app is assumed, but not yet challenged. It does not stand up to the challenge. I can count on one hand the number of sites that actually survived five minutes, in over 10 years of doing this sort of thing. Sometimes it is ridiculously easy: take a site that exposes GET-parameters and simply append a copy of the GET-string to itself, thereby changing all of them (maybe) to array multi-valued variables. Press Enter and see what happens. It may be nothing-at-all ... or it may be goofy-wrong. The site might even spew all sorts of tantalizing debugging-info at you, sometimes even including the text of SQL queries. Similar things can happen just by changing the spelling of some parameter. Goofy-Absurd lack of quality, and this in big commercial sites that have thousands of unique hits every day. In a perverse sort of way, those attackers are merely testing your software for you . . . `O_o` . . . too bad you didn’t do it first. But, not a thing to be blamed on the Perl language . . .	[reply]


Don't ask to ask, just ask
	PerlMonks