http://qs321.pair.com?node_id=255115


in reply to Sensible error handling

AFAIK, ";" is a perfectly valid separator for parameters and can be used instead of "&" (eg. http://myserver/page?msg=Hello+World;empty=;number=0). So it seems your parameter parsing code has a problem as well -- the invalid URLs aren't.

Apart from that, I second your statement -- it is often better to be a bit more liberal about validating your input than to throw unnecessary fatal errors at the user.

Replies are listed 'Best First'.
Re: Re: Sensible error handling
by vladb (Vicar) on May 02, 2003 at 19:03 UTC
    I didn't mention it, but this web application was running on a Tomcat web server, which didn't seem to recognize ';' as a valid query parameter delimiter. Regardless of the fact the web app was coded in Java, this issue of improper error handling is universal. In fact, I found similar instances in my other Perl web applications as well. ;-)

    _____________________
    # Under Construction
      If you read the W3 standards on this you'll find that & is the incorrect and outdated delimiter and ; is the favoured and the correct option. Nice to know Tomcat keeps up with such standards. :)

      As a side note, the CGI.pm module has supported both since the first release.

      http://www.w3.org/MarkUp/html-spec/html-spec_foot.html -- footnote #26.

      - wil