Re: accessing CGI.pm params directly

Thu, 07 Feb 2002 14:42:40 -0800 

From:                   "Scott Lutz" <[EMAIL PROTECTED]>
> I want to access parameters right out of the query_string with out
> having to declare them into distinct variables first, but always come
> up with hash reference errors.
> 
> This is what I tried : 
> print qq{<input type="hidden" name="bill_email"
> value="$q->param('owner_email')">\n};
> 
> and get this output :
> <input type="hidden" name="bill_email"
> value="CGI=HASH(0x810ca00)->param('owner_email')">

You cannot interpolate a method call within a string. You either 
have to write it like this:

print q{<input type="hidden" name="bill_email" value="},
        $q->param('owner_email'),q{">\n};

or this dirty trick:

print qq{<input type="hidden" name="bill_email" value="@{[$q-
>param('owner_email')]}">\n};

(Just keep in mind that the @{[]} proviced a list context to $q-
>param()!)

or 

        use Interpolation query => sub {
                return scalar($q->param($_[0]));
        };
        print qq{<input type="hidden" name="bill_email" 
value="$query{'owner_email'}">\n};

or ... slightly safer ...

        {
                my %escape = ( '>' => '&gt;', '<' => '&lt;', "'" => '&#39;', '"' 
=> '&dblquote;');
                use Interpolation queryHTML => sub {
                        my $value = $q->param($_[0]);
                        $value =~ s/&/&amp;/g;
                        $value =~ s/([<>])/$escape{$1}/g;
                        return $value
                };
                use Interpolation queryTAG => sub {
                        my $value = $q->param($_[0]);
                        $value =~ s/&/&amp;/g;
                        $value =~ s/([<>'"])/$escape{$1}/g;
                        return $value
                };
        }
        print qq{<input type="hidden" name="bill_email" 
value="$queryTAG{'owner_email'}">\n};

This last one is longest, but it works fine even if the owner_email 
parameter contains double and single quotes.

Jenda

P.S.: I am not using Perl for CGI but ... I looked for a "proper" 
widely used & tested HTML escape function in the common 
modules and did not find any. I was not looking hard enough, right?

=========== [EMAIL PROTECTED] == http://Jenda.Krynicky.cz ==========
There is a reason for living. There must be. I've seen it somewhere.
It's just that in the mess on my table ... and in my brain.
I can't find it.
                                        --- me

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to