--- Octavian Rasnita <[EMAIL PROTECTED]> wrote:
> Yes, but a good tutorial for beginners doesn't include all the advanced
> things.
Yes.
> It should be the simplest possible.
Yes.
> It should be not fully correct for all the cases but simple to understand.
Yes.
But it should not be wrong. The information presented in CGI101 is simply, flat-out
wrong. The
course is
1. filled with cargo-cult code
2. bad coding style
3. poor security practices
4. handles file access incorrectly
5. doesn't use strict
6. no warnings
7. no taint checking
I don't like to be that harsh about anything or anyone and writer of the course writes
well, but
the material is simply bad. There's no way to get around that or to justify exposing
a new
programmer to coding practices that he or she will have to *unlearn*.
As for "simple to understand", here's an example taken from Elizabeth Castro's first
book. This
line is virtually identical to the one from CGI101 (there is only one character of
difference
between the two). I think this fails the "simple to understand" rule because brand-new
programmers cannot tell me what it does, much less what the bug is.
$value =~ s/%([a-fA-F0-9] [a-fA-F0-9])/pack("C", hex($1))/eg;
> The reason most people that want to start programming in Perl change their
> mind and use another programming language like PHP, or ASP, etc, is that
> most examples are very complicated.
Complicated? Here's a *good* way to grab form values:
use CGI qw(:standard);
my $first_name = param('first name');
my $last_name = param('last name');
my @colors = param('colors');
my $email = param('email');
That is not complicated. That is not even remotely complicated. You can compare that
with the
broken code from the CGI101 course and see that the above is *much* easier. As an
added bonus, it
works. The CGI101 code will fail to handle that for many reasons.
I suppose we could argue that it's okay to let someone use poorly written, dangerous
code on just
their own box. Of course, the first time their box gets hacked as a result, they're
going to be
miserable. I've found plenty of examples of programmers using CGI101 style techniques
who leave
their boxes wide open to any attacker as a result. Of course, if they follow advice
presented in
my course, or in any of the (relatively few) excellent books on the subject, this is
much less
likely.
Cheers,
Ovid
=====
"Ovid" on http://www.perlmonks.org/
Web Programming with Perl: http://users.easystreet.com/ovid/cgi_course/
Silence Is Evil: http://users.easystreet.com/ovid/philosophy/decency.txt
__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
