Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses

Re: (nrd) Quality Perl/CGI programs?

by newrisedesigns (Curate)
on Feb 09, 2003 at 18:28 UTC ( #233936=note: print w/replies, xml ) Need Help??

in reply to Quality Perl/CGI programs?

This is by no means a definite sign of a good program, however I find that if a Perl/CGI program looks like this:

#!/usr/bin/perl -wT use strict; use CGI;

It's a good sign that the programmer took some precautions with his or her code, and that it is more likely to be reliable than not. Of course, there are always exceptions to the rule...

John J Reiser

Replies are listed 'Best First'.
Re: Re: (nrd) Quality Perl/CGI programs?
by coolmichael (Deacon) on Feb 09, 2003 at 19:25 UTC
    I sat through a code review a few months ago. It was my first time, and quite the experience. The person's CGI script started just like yours does above. Then, about thirty or so lines in, there was
    $filename =~ m/(.*)/gi; $filename = $1; open FILE, "$filename";
    I was shocked, as this was code written by a "professional." I can count about six errors in those three lines of code.

    1. Poor taint checking (none really.)
    2. Not checking if the match succeeds. I guess it doesn't matter if it's just matching dot star.
    3. Not checking if the open succeeds.
    4. Should use the three form of open
    5. The match is stupid. dot-star doesn't care about case insensitivity (/i).
    6. The match is really stupid. /g is (i think) for trying to match multiple times in a loop. This doesn't do that.

    You are quite right, warnings, strict, CGI, and taint are a good start. But you do need to still read the code before you use it. I don't think there is anything to help avoid a good code review.

    update: The programmer still works there. I don't, by my own choice.

    -- - all things inbetween.

      coolmichael++. Whatever happened to the above code/programmer(s)?

      Another good measure of quality of a download-and-use CGI script is to see how many people use it. Of course, like shown above, this rule can also be broken (see MSA's formmail, v1.6 or less allows you to easily spam anyone).

      John J Reiser

Re: Re: (nrd) Quality Perl/CGI programs?
by Wysardry (Pilgrim) on Feb 10, 2003 at 00:01 UTC

    The main problem with that check is that you need to download and unpack the program first.

    By the time I'd gone through every program available at HotScripts, the Perl Archive and/or the CGI Resource Index many of them would have been updated, and I'd likely be a lot older. ;o)

    I was hoping that someone here had already found another source of quality scripts on their travels and could let the rest of us know.

    "Every program has at least one bug and can be shortened by at least one instruction -- from which, by induction, one can deduce that every program can be reduced to one instruction which doesn't work." -- (Author Unknown)

      There's always the tried and true method: searching PerlMonks. You may only find a few snippets, but occasionally there are some full programs available on the site.

      Hope this helps,

      John J Reiser

          There's always the tried and true method: searching PerlMonks. You may only find a few snippets, but occasionally there are some full programs available on the site.

        Not to mention plenty of people willing to help you turn snippets into a full program, if you're so inclined.

        Another option is to ask the Chatterbox: one or two people around here have done some Perl hacking, and might have code that'll do the right thing, or maybe they've written an article or two on the subject.

        F o x t r o t U n i f o r m
        Found a typo in this node? /msg me
        The hell with paco, vote for Erudil!

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://233936]
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others exploiting the Monastery: (4)
As of 2018-06-25 05:27 GMT
Find Nodes?
    Voting Booth?
    Should cpanminus be part of the standard Perl release?

    Results (126 votes). Check out past polls.