The best reason of all to use CGI.pm's functions to access the ENV hash is that if your URL string happens to contain an unusual character, say a percent sign or a caret, then directly parsing the environmental variables will usually break your program. CGI.pm, on the other hand, will seamlessly preserve the unusual character and return it the same way it went in. MS-DOS directory names, for instance, can contain percent signs, so this possibility is not merely theoretical.
Also, I suspect that a clever hacker may be able to engage in misdeeds by submitting unusual input after the '?' or '/'. CGI.pm, which is written by a really brilliant programmer named Lincoln D. Stein, probably screens for at least some types of miscreant CGI input.
For those who are as clueless concerning CGI.pm as I was a few months ago, it is built into current versions of Perl, so there is no need to download or install it.
Hail Lincoln Stein! I do not like to engage in hero worship, because we can all be heroic programmers someday, but this piece of open source work by Mr. Stein is really superb.
| [reply] |