| Q1: | I can't get the form submission to work; I keep getting an error. |
|
A1:
| Try using the CGI debugging guide from Hour 21, "Introduction to CGI," to find your problem. Just because it's a form doesn't mean that debugging it is any different from debugging normal CGI. |
| Q2: | I just found this great program on the Internet, but I don't understand why it's trying to use $ENV{QUERY_STRING} to get the form parameters. |
|
A2:
| The author of that program decided to forgo the CGI module's form-processing capabilities. This fact indicates that it is either a very old Perl program that predates the CGI module or that the author decided to use his or her own form-processing code. Either way, this is a good indication that the program should be looked at skeptically and used cautiously. |
| Q3: | When I run programs with the –T option in the #! line, from the command prompt, I get the error Too late for –T option and then the program stops. Why? |
|
A3:
| The –T option must be given to Perl as soon as possible so that it knows to look for tainted data. By the time the #! line in your program was processed, it was too late—Perl had already processed your command line options without tainting. To run Perl from a command prompt—for example, in the debugger—you need to specify the –T on the command prompt as well, before any other options:
perl –T –d foo.cgi
|
| Q4: | Will Perl's data-tainting capabilities keep me from making stupid mistakes in my CGI programs? Are they guaranteed to be secure now? |
|
A4:
| No CGI program is completely secure. The data-tainting capabilities of Perl go a long way toward keeping you from making silly mistakes, but they do not guarantee secure programs. |
