* How do I decode a CGI form? + I'm completely replacing this answer. The previous version was pretty aggressive and ranted about cargo-culting. It also digressed into a discussion of HTTP methods.
+ The new answer showcases CGI.pm, and gives a couple examples. I'd like people to use it because it's easier, not because we decreed it's use. + I also removed the reference to cgi-lib.pl. It is 2005 now :) Index: perlfaq9.pod =================================================================== RCS file: /cvs/public/perlfaq/perlfaq9.pod,v retrieving revision 1.18 diff -u -d -r1.18 perlfaq9.pod --- perlfaq9.pod 3 Jan 2005 18:43:37 -0000 1.18 +++ perlfaq9.pod 3 Jan 2005 19:14:43 -0000 @@ -352,35 +352,38 @@ =head2 How do I decode a CGI form? -You use a standard module, probably CGI.pm. Under no circumstances -should you attempt to do so by hand! +(contributed by brian d foy) -You'll see a lot of CGI programs that blindly read from STDIN the number -of bytes equal to CONTENT_LENGTH for POSTs, or grab QUERY_STRING for -decoding GETs. These programs are very poorly written. They only work -sometimes. They typically forget to check the return value of the read() -system call, which is a cardinal sin. They don't handle HEAD requests. -They don't handle multipart forms used for file uploads. They don't deal -with GET/POST combinations where query fields are in more than one place. -They don't deal with keywords in the query string. +Use the CGI.pm module that comes with Perl. It's quick, +it's easy, and it actually does quite a bit of work to +ensure things happen correctly. It handles GET, POST, and +HEAD requests, multipart forms, multivalued fields, query +string and message body combinations, and many other things +you probably don't want to think about. -In short, they're bad hacks. Resist them at all costs. Please do not be -tempted to reinvent the wheel. Instead, use the CGI.pm or CGI_Lite.pm -(available from CPAN), or if you're trapped in the module-free land -of perl1 .. perl4, you might look into cgi-lib.pl (available from -http://cgi-lib.stanford.edu/cgi-lib/ ). +It doesn't get much easier: the CGI module automatically +parses the input and makes each value available through the +C<param()> function. -Make sure you know whether to use a GET or a POST in your form. -GETs should only be used for something that doesn't update the server. -Otherwise you can get mangled databases and repeated feedback mail -messages. The fancy word for this is ``idempotency''. This simply -means that there should be no difference between making a GET request -for a particular URL once or multiple times. This is because the -HTTP protocol definition says that a GET request may be cached by the -browser, or server, or an intervening proxy. POST requests cannot be -cached, because each request is independent and matters. Typically, -POST requests change or depend on state on the server (query or update -a database, send mail, or purchase a computer). + use CGI qw(:all); + + my $total = param( "price" ) + param( "shipping" ); + + my @items = param( "item ); # multiple values, same field name + +If you want an object-oriented approach, CGI.pm can do that too. + + use CGI; + + my $cgi = CGI->new(); + + my $total = $cgi->param( "price" ) + $cgi->param( "shipping" ); + + my @items = $cgi->param( "item" ); + +Many people try to write their own decoder (or copy one from +another program) and then run into one of the many "gotchas" +of the task. It's much easier and less hassle to use CGI.pm. =head2 How do I check a valid mail address? -- brian d foy, [EMAIL PROTECTED]
