Well since I just had a huge debate with my boss about reinventing good wheels, I may be a little on edge about this subject so please try not to take this as an attack, it's not.
reinventing good wheels is a waste of time. Why is it a waste of time?:
the time of coding (obvious)
the time of debugging
the time fixing the security holes you have introduced and must fix
the time checking to see if any of your previous security holes have been exploited, once found (ala M$)
the time to add the functionality of returning an array when when you have multiple values once you find out you need that functionality
the time Lincoln Stein (and others) have spent taking suggestions and implementing them
the time lost by other contributers who use the good wheel like Ovid and his CGI::Safe
Now notice I did not say that CGI.pm is the be all, end all, nor did say improving the wheel was bad (who would want to live in a world with out sporty rims), but rewriting a perfectly good piece of code and in the process introducing security holes (your admission) and broken functionality (another admission) is not only a waste of time, but a sure way to find yourself in a heap of trouble.
your points (as I see them):
Because it did things that i didnt know about - does it do them correctly? Do you have the source code? if the source is to hard to read is there a place to ask about the source?
How do i tell what was sent via 'get' and what was sent via 'post'? - $ENV{'REQUEST_METHOD'}
i prefer a hash - there are several examples of pushing cgi params into hash available here
Yes, using your own solution may be less secure, but you can fix that! - but what if you don't know what to fix? what about your apps before you fix them should they just be insecure when you have a secure alternative?
Using functions to output wellformed html - use CGI::Lite
provided a valuable learning oppurtunity - what's wrong with reading the source? You can always read the CGI RFC
it doesnt go around slurping up stdin when i dont want it to - what case would this matter? you have querystring and you have direct access to the parameter list
grep
grep> cd /pub grep> more beer |