note
merlyn
Why, oh why, do people insist on
<a href="http://www.stonehenge.com/cgi/go/http://www.tuxedo.org/~esr/jargon/html/entry/cargo-cult-programming.html ">cargo cult code</a>?
<p>
This code fails in the same ways that this code always fails, and then we get to repeat the same failure modes. For example:
<ul>
<li>You fail to verify that it was POST vs GET.
<li>You fail to validate the existence or sanity of <tt>CONTENT_LENGTH</tt>.
<li>You break multiple-select fields.
</ul>
Please stop with the cargo cult programming. use <tt>CGI.pm</tt>. It's there. It does the job.
<p>-- <a href="http://www.stonehenge.com/merlyn/">Randal L. Schwartz, Perl hacker</a></p>
<table border=1 colspacing=0 colpadding=2
style="color: black" bgcolor="#ffddff"
><tr><td>
<b>UPDATE:</b>
OK, I don't understand these downvotes. I'm passing along information that
is accurate, and designed to prevent security violations, and to make the code
more maintainable.
<p>
Are the anonymous cowards that are downvoting me doing it because it's technically
incorrect, because security isn't that important, or something else entirely?
<p>
Or would people prefer nicey-nice "blind leading the blind" like we get in
<a href="news:alt.perl">alt.perl</a>? Because that's what'll happen if you keep
disrespecting some of us that have been around the block a few times.
<p>
I'd gladly be willing to be called wrong on anything I post. If you think you have to
protect someone else with a thin skin, you're damaging both yourself <i>and</i>
them.
<p>
{sigh} Why do I bother?
</td></tr></table>
25016
25314