in reply to Concantenation
You don't show the whole code, but on the face of it what you show isn't going to work, and worse still it may be very dangerous.
I hope you have properly de-tainted and verified that the value of $course_no is nice and safe, otherwise all sorts of undesirable things may happen!!!
Once you are happy that things are safe, then the following may work better with your concatination:
my $file = "/usr/local/apache2/htdocs/crs_desc/" . $course_no . "desc. +txt"; open DESCDOC, "<", $file || die "Unable to open $file";
Your concatination is a bit messy, which I clearly spelt out, so it should be okay now. Other solutions would work too. I've change your fatal to report which file it couldn't open, in case the name isn't what you expected - your error handling won't take care of that unless you pass the filename to it.
Others will have more advice, but also see (from an earlier node of mine):
- Security?
- security question, mysql, limit, dbi, and placeholders
- Ovid's CGI Course: CGI Security
- davorg's CGI Notes: CGI Security
- Perl Training Australia: Perl CGI (PDF) Chapter six
--
ajt
|
---|
Replies are listed 'Best First'. | |
---|---|
Re^2: Concantenation (variable name disambiguation)
by Aristotle (Chancellor) on May 05, 2003 at 18:48 UTC |