Beefy Boxes and Bandwidth Generously Provided by pair Networks
No such thing as a small change
 
PerlMonks  

(Ovid - why your CGI code is broken) Re(2): "Action" variables and form data

by Ovid (Cardinal)
on Apr 10, 2001 at 11:44 UTC ( #71279=note: print w/replies, xml ) Need Help??


in reply to Re: "Action" variables and form data
in thread "Action" variables and form data

You ask why your code is broken, so here goes:

Your suggestion on how to parse the CGI code reveals a subtle flaw that is, unfortunately, all to common in programming: it's not robust.

Here's the original FORM tag:

<FORM METHOD=POST ACTION="http://CanadaAllergy.com/~canadaal/cgi-bin/s +hopcart.pl?action=additem">
Here's your code to parse it:
my $query_srting = $ENV{QUERY_STRING}; my ( $query, $action ) = split /=/, $query_string;

That code is going to work perfectly fine and as long as the format string remains the same, you can test it all day long and not notice problems. However, the following query strings will all break:

<form method="post" action="http://someserver.com/index.cgi?action=add +item&id=12345"> <form method="post" action="http://someserver.com/index.cgi?action=add +item&action=checkout"> <form method="post" action="http://someserver.com/index.cgi?action=pro +cess r%E9sum%E9">

All of the above are valid query strings (even the second with duplicate parameter names), but will cause your code to fail, or in the case of the last one, to produce output the programmer may not be testing for ($action eq 'process r%E9sum%E9'). The problem is that while your code works now, the first time some programmer in the future tries to do something unexpected with the query string, your code will fail. Part of our job as programmers is to anticipate issues like this and write code that is robust enough to handle these issues.

Now, if I may apologize for a couple of shameless plugs, you can read more about this at use CGI or die; and Lesson 2 of my online CGI course.

Hope this helps!

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://71279]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (4)
As of 2019-11-22 02:34 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    Strict and warnings: which comes first?



    Results (107 votes). Check out past polls.

    Notices?