I'm not aware of any comparisons. I like CGI::Simple because it's a drop-in replacement. Converting your code will be ridiculously simple. Since CGI_Lite does not share the same interface you have a longer conversion time and a greater likelyhood of bugs.

One feature of CGI_Lite that you have to contend with is the setting of the OS type to determine line endings with file uploads. If someone simply hardcodes the OS in there, you now have non-portable code.

I just took a look at the CGI_Lite code and spotted a bug. The separator for query strings is defined in the module as an ampersand. It should also support a semi-colon as that's the recommended separator -- though I confess that few use it.

I also noticed that the CGI_Lite::is_dangerous() method skips the null byte. Oh wait! It's not even a method, it's a function, so you can't subclass it. If you need to subclass it (though it sounds like you don't), you'd have to reimplement all of the functions in there that don't pass $self as the first argument.

All in all, CGI_Lite looks like a nice module, but I see some issues with it that could stand some fixing.

Cheers,
Ovid

Update: I just noticed that the is_dangerous function also explicitly returns a zero for false. While I think it's clear that this is to be called in a scalar or boolean contect, if someone were to accidentally assign the results to an array, the array would automatically evaluate as true. Boolean responses should have a bare return for false, but now I think I'm just getting picky. It still appears to be a very useful module.

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.