Well since I just had a huge debate with my boss about reinventing good wheels, I may be a little on edge about this subject so please try not to take this as an attack, it's not.

reinventing good wheels is a waste of time. Why is it a waste of time?:

  • the time of coding (obvious)
  • the time of debugging
  • the time fixing the security holes you have introduced and must fix
  • the time checking to see if any of your previous security holes have been exploited, once found (ala M$)
  • the time to add the functionality of returning an array when when you have multiple values once you find out you need that functionality
  • the time Lincoln Stein (and others) have spent taking suggestions and implementing them
  • the time lost by other contributers who use the good wheel like Ovid and his CGI::Safe
  • Now notice I did not say that CGI.pm is the be all, end all, nor did say improving the wheel was bad (who would want to live in a world with out sporty rims), but rewriting a perfectly good piece of code and in the process introducing security holes (your admission) and broken functionality (another admission) is not only a waste of time, but a sure way to find yourself in a heap of trouble.

    your points (as I see them):

  • Because it did things that i didnt know about - does it do them correctly? Do you have the source code? if the source is to hard to read is there a place to ask about the source?
  • How do i tell what was sent via 'get' and what was sent via 'post'? - $ENV{'REQUEST_METHOD'}
  • i prefer a hash - there are several examples of pushing cgi params into hash available here
  • Yes, using your own solution may be less secure, but you can fix that! - but what if you don't know what to fix? what about your apps before you fix them should they just be insecure when you have a secure alternative?
  • Using functions to output wellformed html - use CGI::Lite
  • provided a valuable learning oppurtunity - what's wrong with reading the source? You can always read the CGI RFC
  • it doesnt go around slurping up stdin when i dont want it to - what case would this matter? you have querystring and you have direct access to the parameter list

  • grep
    grep> cd /pub
    grep> more beer

    In reply to Re: A "newbies" thoughts on cgi.pm... by grep
    in thread A "newbies" thoughts on cgi.pm... by BUU

    Use:  <p> text here (a paragraph) </p>
    and:  <code> code here </code>
    to format your post; it's "PerlMonks-approved HTML":

  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.