Beefy Boxes and Bandwidth Generously Provided by pair Networks
Clear questions and runnable code
get the best and fastest answer

CGI variables

by damian1301 (Curate)
on Sep 16, 2000 at 21:19 UTC ( #32818=perlquestion: print w/ replies, xml ) Need Help??
damian1301 has asked for the wisdom of the Perl Monks concerning the following question:

Can I use
<form action="test.cgi" method="post"> <input type="text" name="thing"> </form>
and call it in the script by using $thing?

Comment on CGI variables
Download Code
Replies are listed 'Best First'.
Re: CGI variables
by Ovid (Cardinal) on Sep 17, 2000 at 05:43 UTC
    Properly, you do something like the following:
    #!/usr/bin/perl -Tw use strict; use CGI; my $query = new CGI; $query->param('thing') =~ /^([\w\s\d]+)$/ or die "Tainted data in thin +g!"; my $thing = $1;
    That allows you to properly (and safely) access the data in "thing". The regular expression should only specify the absolute minimum necessary for program functionality. The more it allows in $1, the greater the chance for a security hole.

    Further, the or die is necessary when untainting. If the match fails, $1 could still carry the data from a previous match, thus setting $thing to an undesireable value.


Re: CGI variables
by cianoz (Friar) on Sep 16, 2000 at 21:43 UTC
    if you use you can do
    so you can access it with $NAMESPACE::thing
    importing into namespace 'main' will do the trick but is a _major_ security risk!!
    don't do that!
    (someone could override your own variables.. in PHP :)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://32818]
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (10)
As of 2016-02-11 13:33 GMT
Find Nodes?
    Voting Booth?

    How many photographs, souvenirs, artworks, trophies or other decorative objects are displayed in your home?

    Results (368 votes), past polls