You ask why your code is broken, so here goes:

Your suggestion on how to parse the CGI code reveals a subtle flaw that is, unfortunately, all to common in programming: it's not robust.

Here's the original FORM tag:

<FORM METHOD=POST ACTION="http://CanadaAllergy.com/~canadaal/cgi-bin/s
+hopcart.pl?action=additem">
[download]

my $query_srting = $ENV{QUERY_STRING};
my ( $query, $action ) = split /=/, $query_string;
[download]

That code is going to work perfectly fine and as long as the format string remains the same, you can test it all day long and not notice problems. However, the following query strings will all break:

<form method="post" action="http://someserver.com/index.cgi?action=add
+item&id=12345">
<form method="post" action="http://someserver.com/index.cgi?action=add
+item&action=checkout">
<form method="post" action="http://someserver.com/index.cgi?action=pro
+cess r%E9sum%E9">
[download]

All of the above are valid query strings (even the second with duplicate parameter names), but will cause your code to fail, or in the case of the last one, to produce output the programmer may not be testing for ($action eq 'process r%E9sum%E9'). The problem is that while your code works now, the first time some programmer in the future tries to do something unexpected with the query string, your code will fail. Part of our job as programmers is to anticipate issues like this and write code that is robust enough to handle these issues.

Now, if I may apologize for a couple of shameless plugs, you can read more about this at use CGI or die; and Lesson 2 of my online CGI course.

Hope this helps!

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.