Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
for a perl cgi script, what is the difference (technically) between these two?
#!/usr/bin/perl
use CGI;
$cgi = new CGI;
print $cgi->header(),
$cgi->start_html(),
$cgi->pre($cgi->param()),
$cgi->end_html();
and
#!/usr/bin/perl
use CGI;
$cgi = new CGI;
print $cgi->header(),
$cgi->start_html(),
$cgi->pre($ENV{'QUERY_STRING'}),
$cgi->end_html();
Assume an HTTP request like this:
When run under a webserver with a conventional CGI interface, the environment variable QUERY_STRING will be
foo=bar&baz=buz. The environment variable will not be URL-unescaped. Printing it with$cgi->pre(...)will simply enclose the env var with<pre></pre>tags (or a single<pre />tag if the value is or is coerced to an empty string.$cgi->param(), on the other hand, and assuming a list context with no arguments, will return a list of URL-unescaped CGI parameter names, in this casefooandbar.(Note that
$cgi->pre(...)does not HTML-escape its argument, so$ENV{QUERY_STRING}might just jeopardize your cgi with a little cross-site scripting injection.)