If you're concerned about invalid or malicious data, I'd suggest also enabling Taint checking in your scripts.
At the start, on the hash bang line, add -T:
#!/usr/bin/perl -wT
That will cause the interpreter to see if you're interpreting any user data insecurely.
It won't catch everything, but it will catch some nasty things.
Also, CGI takes most of the work out of handling CGI stuff. You'll probably love it once you figure it out. | [reply] |
The CGI qw/:standard/ just imports the functions and variables that CGI.pm lumps in the "standard" export group. That includes things like cookie(), header(), param(), blah blah blah.
Using CGI.pm and param() is a nice, easy way to get to the args passed to your program. Just instantiate a CGI object ($cur_cgi = CGI->new()) and use the param method with the name of arg you want to grab.
IOW: $arg = $cur_cgi->param('arg_name'); # grabs from GET and POST as
+necessary
Of course, this only works really well when you know what args you'll be looking for. If you need something more dynamic, stick with parsing the QUERY_STRING in the way that best suits you.
| [reply] [d/l] |