Re: Perplexing header problem

Wed, 13 Jun 2001 11:17:50 -0700 

--- Peter Cline <[EMAIL PROTECTED]> wrote:
> >CGI.pm, FETCHING THE PARAMETER LIST AS A HASH :
> >$params = $q->Vars;
> >print $params->{'address'};
> >
> >And in your case it may be :
> >
> >my @param_list       = qw ( request_id request_priority request_title .. );
> >my %hash             = (); # the hash we gonna fill up and send to the 
> >function
> >@hash{ @param_list } = @{ $q->Vars }{ @param_list }
> >BugTrack->update_request ( %hash );
> >
> >That's it ! Much shorter and arguments list can be controlled by
> >changing @param_list only.
> Excellent, I will give this a go.  Definitely looks easier than what I've 
> been doing.

Ugh!  Personally, I wouldn't use the Vars() function from CGI.pm.  If you have a name 
with
multiple values, it separates the values with an ASCII zero, which could potentially 
open up a
nasty security hole (http://www.perlmonks.org/index.pl?node_id=38548).  Here's a safe 
alternative:

my $q = CGI->new;
my %vals = map { $_, format_param( $q, $_ ) } $q->param;

sub format_param {
    my ( $cgi, $param ) = @_;
    if ( scalar @{ [ $cgi->param( $_ ) ] } > 1 ) {
        [ $cgi->param( $_ ) ];
    } else {
        $cgi->param( $_ );
    }
}

The address param can then be accessed with $vals{ 'address' }.  The reason for the 
'format_param'
sub is to handle special cases where you have multiple values mapped to the same name. 
 For
instance, if you have a query string like "color=red;color=blue", then $vals{'color'} 
will contain
an anonymous array ref.  To get to all of the values of 'color', you could then do:

foreach my $color ( @{ $vals{'color'} } ) {
    # do something
}

Or you could access each color value directly:

    my $second_color = $vals{ 'color' }->[1];

Or you could put them in a separate array, if you feel more comfortable with that:

    my @colors = @{ $vals{'color'} };

I know that this seems more complicated than what you were considering, but I 
*strongly* recommend
to people not to use CGI.pm's &Vals subroutine due to the ASCII zero problem.

Cheers,
Curtis Poe


    



=====
Senior Programmer
Onsite! Technology (http://www.onsitetech.com/)
"Ovid" on http://www.perlmonks.org/

__________________________________________________
Do You Yahoo!?
Get personalized email addresses from Yahoo! Mail - only $35 
a year!  http://personal.mail.yahoo.com/

Reply via email to