First off, the disclaimer. I would say that i am fairly new to perl and programming in general, only starting to use it semi-seriously in the past 6 months. But anyways, seeing that 'use cgi.pm' is such a favored mantra here, i thought i might introduce a different perspective on the matter. Also i would like to say that A) I recently made a cgi type application, and no i didnt use cgi.pm and B) no my cgi-parsing routine isnt nearly as robust and secure as cgi.pm, so i wont show it to you. One final caveat is that all this is from memory at this point, and from my experiences, so if something works a little differently then i remembered.. sorry.

Why i didnt use cgi. Because it did things that i didnt know about. For example, <STDIN>. When you 'use cgi.pm', everything in <Stdin> is sucked away! What if i dont want everything in stdin sucked away? How do i tell what was sent via 'get' and what was sent via 'post'? What exactly is cgi.pm doing to the vars it slurps in? I realize i could look at the source of cgi.pm, but since its something like Six Thousand lines, its a little hard to find exactly what is doing what. Also, what is with the param('paramname') usage? It just doesnt make sense to me, i prefer a hash. You may not, but isnt the motto 'timtowtdi' (or however thats spelled). And (unless im mistaken) if you have say, 'name=soemthing&name=blah', wont cgi.pm return an array for param('name')? What if your code doesnt want an array, what if you just want a nice little scalar value? Again this comes under the heading of 'what is it doing that i dont know about?'.

Alot of arguements against using your 'home rolled' input parsing libs revolve around security, and lack thereof. Yes, using your own solution may be less secure, but you can fix that!. Find an exploit (such as the null character..), and fix it. Its simple. Theres no reason (if you work at it) you couldnt write a function thats just as secure as cgi.pms. Its all perl.

"Using functions to output wellformed html". Right, like h1('text'); is any easier then print "<h1>text</h1>";? Its just as hard to remember to close your parens and so forth as it is to add closing tags, not to mention the fact that not closing your html tags just makes the page look kinda ugly, whereas not closing your parens breaks your script. (you could argue that then the compiler could catch your error, which is a small advantage, but you could easily see and find your error once you via it in a renderer. *shrug* i dont think that its that big of a deal, but ymmv).

Making my own functions to output cookies and parse incoming formdata (of various sorts) also provided a valuable learning oppurtunity, as i got to learn a lot more about how webclients work with headers and submit files in forms and so forth. This is a small benefit, but a benefit none the less, say, if i wanted to go write a cgi program in some other language that doesnt have nice purty functions to do it all for you.

To sum it all up, my "home rolled" cgi-parser may not be the best, fastest, most secure function in the world, but it does exactly what i want and tell it do, it doesnt go around slurping up stdin when i dont want it to.

In reply to A "newbies" thoughts on cgi.pm... by BUU

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post; it's "PerlMonks-approved HTML":



  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.