Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: CGI queries without '?'

by japhy (Canon)
on Feb 19, 2001 at 11:07 UTC ( [id://59348]=note: print w/replies, xml ) Need Help??


in reply to CGI queries without '?'

Most web servers support the PATH_INFO behavior. If your web server can execute a program at http://www.foo.com/prog, then going to http://www.foo.com/prog/this/too will set $ENV{PATH_INFO} to "/this/too".

japhy -- Perl and Regex Hacker

Replies are listed 'Best First'.
Re: CGI queries without '?'
by ryan (Pilgrim) on Feb 19, 2001 at 11:52 UTC
    Indeed it does.

    This being the case, can CGI.pm correctly handle such information gathering, or is it up to the programmer to risk it all and handle the variable on their own? ... (I'm not saying I condone this practice)

[reply]

      IMHO it is better to use CGI.pm to access the Path Info string than to access $ENV{PATH_INFO} directly, with the CGI::path_info method. There's alot of good reasons to do this, here are some of mine:

      • CGI deals with implementation issues. If the structure of the %ENV hash ever changed, my code wouldn't break, assuming the module is kept up to date.
      • CGI::path_info corrects common problems in certain web servers, providing a more portable solution than direct access to $ENV{PATH_INFO}.
      • You get documentation of the CGI::path_info method to explain what it does. This means less documentation for me, I like that =) It's much more difficult to find docs explaining the %ENV hash well.
      • It just looks prettier.

      In general, anytime I need to access the %ENV hash, I try to look in CGI.pm's docs for a method to get at the data I want.

[reply]
[d/l]
[select]
        The best reason of all to use CGI.pm's functions to access the ENV hash is that if your URL string happens to contain an unusual character, say a percent sign or a caret, then directly parsing the environmental variables will usually break your program. CGI.pm, on the other hand, will seamlessly preserve the unusual character and return it the same way it went in. MS-DOS directory names, for instance, can contain percent signs, so this possibility is not merely theoretical.

        Also, I suspect that a clever hacker may be able to engage in misdeeds by submitting unusual input after the '?' or '/'. CGI.pm, which is written by a really brilliant programmer named Lincoln D. Stein, probably screens for at least some types of miscreant CGI input.

        For those who are as clueless concerning CGI.pm as I was a few months ago, it is built into current versions of Perl, so there is no need to download or install it.

        Hail Lincoln Stein! I do not like to engage in hero worship, because we can all be heroic programmers someday, but this piece of open source work by Mr. Stein is really superb.

[reply]

      ??? It has nothing to do with CGI.pm. The pathinfo will be in the %ENV hash. 

        my $pathinfo = $ENV{PATH_INFO} || '';

      [download]

      update: Good point, dkubb. Thanks. I didn't realize I could get the PATH_INFO from CGI itself.

[reply]
[d/l]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://59348]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others meditating upon the Monastery: (3)
As of 2024-04-18 23:04 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found