Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

CGI variables

by damian1301 (Curate)
on Sep 16, 2000 at 21:19 UTC ( #32818=perlquestion: print w/replies, xml ) Need Help??
damian1301 has asked for the wisdom of the Perl Monks concerning the following question:

Can I use
<form action="test.cgi" method="post"> <input type="text" name="thing"> </form>
and call it in the script by using $thing?

Replies are listed 'Best First'.
Re: CGI variables
by Ovid (Cardinal) on Sep 17, 2000 at 05:43 UTC
    Properly, you do something like the following:
    #!/usr/bin/perl -Tw use strict; use CGI; my $query = new CGI; $query->param('thing') =~ /^([\w\s\d]+)$/ or die "Tainted data in thin +g!"; my $thing = $1;
    That allows you to properly (and safely) access the data in "thing". The regular expression should only specify the absolute minimum necessary for program functionality. The more it allows in $1, the greater the chance for a security hole.

    Further, the or die is necessary when untainting. If the match fails, $1 could still carry the data from a previous match, thus setting $thing to an undesireable value.


Re: CGI variables
by cianoz (Friar) on Sep 16, 2000 at 21:43 UTC
    if you use you can do
    so you can access it with $NAMESPACE::thing
    importing into namespace 'main' will do the trick but is a _major_ security risk!!
    don't do that!
    (someone could override your own variables.. in PHP :)

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://32818]
[Corion]: Mhmm. I'm writing a database export, and two supposedly identical files compress to different sizes... So either the order of rows is different (which would be OK) or something else is bad (which wouldn't be OK). I guess I have to test with smaller tables

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (5)
As of 2018-04-25 07:37 GMT
Find Nodes?
    Voting Booth?