Line 2: The semicolon is an alternate delimeter. An agent submits data using that and your code breaks. Of course, since you can't guarantee that the data in $temp isn't corrupt...
in reply to (Ovid - hand-rolled CGI review) Re: variables not posting?
in thread variables not posting?
I'd like to see some evidence.
Of the various good arguments for using CGI.pm, this one has always struck me as the weakest. The use of a semicolon as an argument delimeter is so effectively deprecated as to be non-existent. When is the last time you heard of any agent using a semicolon as a delimeter (other than a hand-rolled agent whose purpose is to demonstrate that it can be done)? What browsers use a semicolon?
I know of a few public web-based systems that have run for years without encountering a semicolon used as a parameter delimeter. Is that proof that such a thing can never happen? No. Are these systems at risk? No, unless some practical joker decides to hand-roll a request.