Syntactic Confectionery Delight | |
PerlMonks |
comment on |
( [id://3333]=superdoc: print w/replies, xml ) | Need Help?? |
Well, being kind of a "CGI guy", you might expect that I would take the time to look over this code. As usual, it has many issues. You can see Lesson 2 of my online CGI course for more information, or check out use CGI or die;. You've made most of the common errors.
Are you aware that the semicolon ';' is an alternate delimeter for name/value pairs? Also, what happens if there is a problem with $ENV{'CONTENT_LENGTH'} not matching the actual data length? You need to test for that or risk occassionally having corrupted data. Also, you may also want a test if the read is successful. I see where you are going with removing ASCII zero and "dangerous" characters, but this limits the flexibility of your code. What if someone really needs these characters to be uploaded? What are their options?
Aaagh!!!! I get tired of seeing this. The real purpose of this is to strip out SSIs from incoming data, in case this data gets written out to a Weg page that someone else might call up. The reality is, it's a horrible regex (dot star, alternation on single characters, and will slurp up multiple SSI's or HTML Comments and anything in between. Plus, what if someone wants HTML comments or SSI's to be submitted? Again, you have the non-orthogonal code issue. See list above. No. What if someone wants the extra whitespace? Non-orthogonal. The intent of your code is to have them do something like this: Hmmm... what happens if some enters a value with a comma and space? That's right, they think they have an extra value. Of course, your code doesn't handle file uploads, either, but that's a whole 'nother ball of wax. I'm sorry, but this is terrible cargo-cult code. Your heart is in the right place, but this code is terrible.
Cheers, Join the Perlmonks Setiathome Group or just click on the the link and check out our stats. In reply to (Ovid - cargo-cult CGI) Re: Re: subparseform.lib
by Ovid
|
|