For an absolute beginner a bad explanation code looks like this:

open (FILE, ">$file") or die "Can't write to $file - $!";

It would be more simple to tell them:

open (FILE, ">$file");

Then they will understand more easy about how easy is to open a file for
writing.

After that you can tell about a write permission, tell that this operation
might not succeed and it might give an error.

You can tell that that error is printed in <STDERR> which is the screen, the
web server log file, nohup.out file, etc.

You need to explain then how the "or" or "||" work and then you can give the
example with the well written code:
open (FILE, ">$file") or die "Can't write to $file - $!";

Teddy,
Teddy's Center: http://teddy.fcc.ro/
Email: [EMAIL PROTECTED]

----- Original Message -----
From: "Ovid" <[EMAIL PROTECTED]>
To: "Octavian Rasnita" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>;
<[EMAIL PROTECTED]>
Sent: Tuesday, November 26, 2002 6:10 PM
Subject: Re: tutorials


--- Octavian Rasnita <[EMAIL PROTECTED]> wrote:
> Yes, but a good tutorial for beginners doesn't include all the advanced
> things.

Yes.

> It should be the simplest possible.

Yes.

> It should be not fully correct for all the cases but simple to understand.


Yes.

But it should not be wrong.  The information presented in CGI101 is simply,
flat-out wrong.  The
course is

1.  filled with cargo-cult code
2.  bad coding style
3.  poor security practices
4.  handles file access incorrectly
5.  doesn't use strict
6.  no warnings
7.  no taint checking

I don't like to be that harsh about anything or anyone and writer of the
course writes well, but
the material is simply bad.  There's no way to get around that or to justify
exposing a new
programmer to coding practices that he or she will have to *unlearn*.

As for "simple to understand", here's an example taken from Elizabeth
Castro's first book.  This
line is virtually identical to the one from CGI101 (there is only one
character of difference
between the two).  I think this fails the "simple to understand" rule
because brand-new
programmers cannot tell me what it does, much less what the bug is.

  $value =~ s/%([a-fA-F0-9] [a-fA-F0-9])/pack("C", hex($1))/eg;

> The reason most people that want to start programming in Perl change their
> mind and use another programming language like PHP, or ASP, etc, is that
> most examples are very complicated.

Complicated?  Here's a *good* way to grab form values:

  use CGI qw(:standard);

  my $first_name = param('first name');
  my $last_name  = param('last name');
  my @colors     = param('colors');
  my $email      = param('email');

That is not complicated.  That is not even remotely complicated.  You can
compare that with the
broken code from the CGI101 course and see that the above is *much* easier.
As an added bonus, it
works.  The CGI101 code will fail to handle that for many reasons.

I suppose we could argue that it's okay to let someone use poorly written,
dangerous code on just
their own box.  Of course, the first time their box gets hacked as a result,
they're going to be
miserable.  I've found plenty of examples of programmers using CGI101 style
techniques who leave
their boxes wide open to any attacker as a result.  Of course, if they
follow advice presented in
my course, or in any of the (relatively few) excellent books on the subject,
this is much less
likely.

Cheers,
Ovid

=====
"Ovid" on http://www.perlmonks.org/
Web Programming with Perl:  http://users.easystreet.com/ovid/cgi_course/
Silence Is Evil: http://users.easystreet.com/ovid/philosophy/decency.txt

__________________________________________________
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now.
http://mailplus.yahoo.com



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to