http://qs321.pair.com?node_id=1066706


in reply to Accessing %ENV directly in script

Doing things with stuff is error-prone, but fortunately you don't catch cooties just from touching things that have been on the internet...

Just don't make any assumptions about it -- it's just some bytes. If you expect a string with some maximum length, or without certain characters, verify it. In your case, you're just looking at /-separated bits of URL-encoded text, so it's not a big deal.