|Do you know where your variables are?|
First, some background.
I am the manager of one of the departments for our students' society. I run the used bookstore. It's doing quite well, thanks in part to the helpful answers I've recieved here. Our inventory of used books is online, searchable, and gets updated every day at the click of a button. Without this site I wouldn't have been able to make that happen.
My department is part of a larger division with five other businesses. That division is one of three. There's the business division, the administration division, and the political division.
The web designer that we'd been negotiating with told me that to put our database online would cost around $7,500 for just the web design and cgi scripting. After the resounding NO from the political decision (which controls large expenditures like that) I went looking for alternatives. I found this site. With linux, perl and a lot of help and time, I began to feel comfortable writing the simple cgi. I showed it to my boss, who was entirely shocked. I got three extra weeks vacation time out of it.
Now, the really interesting part...
About six months ago, the political division and the administration division decided that the web site for the entire students society needed overhauling. I agreed with them. It was ugly, and had been thrown together over about three years. They paid the same people $15,000 to redesign it. It's colourful and pretty now. It's searchable.
Today, as I was searching for some information on it, what did I find?
Search Script written by Matt Wright and can be found at Matt's Script Archive
I almost fell off my chair when I saw that. They paid a rediculous amount of money for the website, just to get buggy, shoddy, stuff. I now feel like I'm the online computer savy person in this building, and that thought frightens me.
Why is it that professionals are using Matt's scripts? Are they really as terribly written as I've read here? After reading through the code, I wonder... no warnings... no cgi.pm... no taint checking... parses the query string itself... does most of the stuff ovid says you shouldn't do...
I'm glad I've now got my own server. I'm really happy that my script is working really well. It's on my server, sitting in my office, and has nothing to do with the rest of the building.