(Ovid - hand-rolled CGI review) Re: variables not posting?

stuffy claimed:

Before anyone rips me for not using CGI, I want to let it be known that I am unable to use CGI for this application due to the server I will be using it on.

Okay, I'm an idiot and I know better, but I'll bite. What is so different about your server that you can't use a standard module that's virtually guaranteed to already be present?

Also, you do know that your CGI form processing code is so riddled with bugs as to be virtually useless, right? Let's go through your code line by line:

  1. read (STDIN,my($temp), $ENV{'CONTENT_LENGTH'});
  2. my (@pairs) =split(/&/,$temp);
  3. my($item) = "";
  4. foreach $item(@pairs) {
  5.         my($key,$content) =split (/=/, $item, 2);
  6.         $content=~tr/+/ /;
  7.         $content=~s/%(..)/pack("c",hex($1))/ge;
  8.         my($fields{$key})=$content;
  9. }
[download]

Line 1: Only does POST, not GET.
Line 1: Why don't you check to see if the read was successful?
Line 1: You don't verify that the amount of data read is the same as $ENV{'CONTENT_LENGTH'}.

Hmm... three problems and we're still on the first line

Line 2: The semicolon is an alternate delimeter. An agent submits data using that and your code breaks. Of course, since you can't guarantee that the data in $temp isn't corrupt...
Line 3: Misplaced. $item should be scoped in the for loop:
for my $item ( @pairs ) {
Line 4: See line 3 comment above.
Line 5: If an equals sign is submitted in form data, it is encoded as %3D to avoid clashing with the name/value pair delimiter. Therefore, the third argument to split is superfluous (though I admit that I'm just nitpicking now).
Line 6: What about the key? Spaces are allowed in the keys, also. If you say, "yeah, but this is only for my forms", than you deliberately limit all future programs you write because you didn't bother to address this now. Don't forget to think about what you might need to use this for later.
Line 7: See line 6 comment above.
Line 8: Did you know the query string color=red&color=blue is quite valid? You code breaks on that.
Line 9: I can't find a problem with this line.

I don't mean to come across as harsh, but this is the reason why people say "don't hand-roll this stuff!" Read what merlyn wrote about how to get use CGI.pm when it's not allowed on your server.

Just looking at your code, one can tell that you have some basic programming issues to learn (sanity checking, scoping, the benefits of strict, etc). Do you really assume that your code snippet is superior to the collective wisdom of thousands of programmers the world over?

I realize that you said you were a newbie. Here's my confession: when I was a newbie, I also preferred to "roll my own." It took a lot of time for me to get over my basic stubborness and see the error of my ways. But let's keep this last paragraph between us, shall we? ;-)

Cheers,
Ovid

Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

Comment on (Ovid - hand-rolled CGI review) Re: variables not posting? Select or Download Code

Replies are listed 'Best First'.
Re: (Ovid - hand-rolled CGI review) Re: variables not posting? by dws (Chancellor) on May 03, 2001 at 21:24 UTC
Line 2: The semicolon is an alternate delimeter. An agent submits data using that and your code breaks. Of course, since you can't guarantee that the data in $temp isn't corrupt... I'd like to see some evidence. Of the various good arguments for using CGI.pm, this one has always struck me as the weakest. The use of a semicolon as an argument delimeter is so effectively deprecated as to be non-existent. When is the last time you heard of any agent using a semicolon as a delimeter (other than a hand-rolled agent whose purpose is to demonstrate that it can be done)? What browsers use a semicolon? I know of a few public web-based systems that have run for years without encountering a semicolon used as a parameter delimeter. Is that proof that such a thing can never happen? No. Are these systems at risk? No, unless some practical joker decides to hand-roll a request.	[reply]
Re: Re: (Ovid - hand-rolled CGI review) Re: variables not posting? by merlyn (Sage) on May 04, 2001 at 01:34 UTC
It's the opposite of deprecated. It's intended to be supported in the future, so if you don't start supporting it now, browsers which use it in the future will break your code. -- Randal L. Schwartz, Perl hacker	[reply]
Re: Re: Re: (Ovid - hand-rolled CGI review) Re: variables not posting? by dws (Chancellor) on May 04, 2001 at 01:47 UTC
It's intended to be supported in the future, so if you don't start supporting it now, browsers which use it in the future will break your code. Do I detect the faint scent of some large corporation sneaking this into some specification to guarantee the future obsolescence of everyone else's software? :-(	[reply]
Re: Re: Re: Re: (Ovid - hand-rolled CGI review) Re: variables not posting? by turnstep (Parson) on May 04, 2001 at 19:14 UTC
Re: (Ovid - hand-rolled CGI review) Re: variables not posting? by stuffy (Monk) on May 05, 2001 at 14:13 UTC
Instead of making me feel like a total looser for even trying to learn how to program in perl, would you be willing to show me how to fix those problems that do exist. I will be trying to use CGI.pm after reading merlyns post, but as for a learning referance, I would like to know how to do it the right way	[reply]
Re: Re: (Ovid - hand-rolled CGI review) Re: variables not posting? by merlyn (Sage) on May 05, 2001 at 21:10 UTC
The right way is to use CGI.pm. If you want to know how it works, CGI.pm has the source included. {grin} -- Randal L. Schwartz, Perl hacker	[reply]


go ahead... be a heretic
	PerlMonks