Beefy Boxes and Bandwidth Generously Provided by pair Networks vroom
Problems? Is your data what you think it is?
 
PerlMonks  

CGI variables

by damian1301 (Curate)
on Sep 16, 2000 at 21:19 UTC ( #32818=perlquestion: print w/ replies, xml ) Need Help??
damian1301 has asked for the wisdom of the Perl Monks concerning the following question:

Can I use
<form action="test.cgi" method="post"> <input type="text" name="thing"> </form>
and call it in the script by using $thing?

Comment on CGI variables
Download Code
Re: CGI variables
by cianoz (Friar) on Sep 16, 2000 at 21:43 UTC
    if you use CGI.pm you can do
    $query->import_names('NAMESPACE');
    so you can access it with $NAMESPACE::thing
    importing into namespace 'main' will do the trick but is a _major_ security risk!!
    don't do that!
    (someone could override your own variables..
    ..like in PHP :)
Re: CGI variables
by Ovid (Cardinal) on Sep 17, 2000 at 05:43 UTC
    Properly, you do something like the following:
    #!/usr/bin/perl -Tw use strict; use CGI; my $query = new CGI; $query->param('thing') =~ /^([\w\s\d]+)$/ or die "Tainted data in thin +g!"; my $thing = $1;
    That allows you to properly (and safely) access the data in "thing". The regular expression should only specify the absolute minimum necessary for program functionality. The more it allows in $1, the greater the chance for a security hole.

    Further, the or die is necessary when untainting. If the match fails, $1 could still carry the data from a previous match, thus setting $thing to an undesireable value.

    Cheers,
    Ovid

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://32818]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others examining the Monastery: (4)
As of 2014-04-19 13:37 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    April first is:







    Results (480 votes), past polls