[email protected] wrote:
Guys, if the user is clicking on the submit button in step 6, that's a
POST request. So, why is the a 'query parameters' block present? From my
understanding, a query_parameter block is for GET requests.
Doing a POST to /foo?id=58 will fill query_parameters, as you would expect.
I know that to get the 'id' I want which is from the body parameters, I
should use $c->request->body_parameters{'id'} but in doing so, it looks
like I am avoiding the problem and its cause rather than understand what
it is about.
And so if you submit a form to /foo?id=58, with id=58 in the body of the
post request, you _will_ have multiple values of the parameter.
This is a general issue - unless you're aware of it, your app is likely
to be fairly easy to break by supplying multiple values for a parameter,
for example /foo?id=58&id=58 will generate [qw/ 58 58 /] in your
query_parameters.
This is why you validate both the content, and structure of all incoming
data :)
The neatest way to get around this, on a small scale is probably:
use Moose::Autobox;
my $field = ($c->query_parameters->{id}->flatten)[0];
(untested, but something like that)..
I wouldn't recommend writing that for every single parameter ever
however - use a form handling abstraction which will do the work for you.
Cheers
t0m
_______________________________________________
List: [email protected]
Listinfo: http://lists.scsys.co.uk/cgi-bin/mailman/listinfo/catalyst
Searchable archive: http://www.mail-archive.com/[email protected]/
Dev site: http://dev.catalyst.perl.org/
