HTML CSS PHP PERL

Q&A

 
Previous Table of Contents Next

Q&A

Q1:

I can't get the form submission to work; I keep getting an error.

A1:

Try using the CGI debugging guide from Hour 21, "Introduction to CGI," to find your problem. Just because it's a form doesn't mean that debugging it is any different from debugging normal CGI.

Q2:

I just found this great program on the Internet, but I don't understand why it's trying to use $ENV{QUERY_STRING} to get the form parameters.

A2:

The author of that program decided to forgo the CGI module's form-processing capabilities. This fact indicates that it is either a very old Perl program that predates the CGI module or that the author decided to use his or her own form-processing code. Either way, this is a good indication that the program should be looked at skeptically and used cautiously.

Q3:

When I run programs with the T option in the #! line, from the command prompt, I get the error Too late for T option and then the program stops. Why?

A3:

The T option must be given to Perl as soon as possible so that it knows to look for tainted data. By the time the #! line in your program was processed, it was too latePerl had already processed your command line options without tainting. To run Perl from a command promptfor example, in the debuggeryou need to specify the T on the command prompt as well, before any other options:


perl T d foo.cgi


Q4:

Will Perl's data-tainting capabilities keep me from making stupid mistakes in my CGI programs? Are they guaranteed to be secure now?

A4:

No CGI program is completely secure. The data-tainting capabilities of Perl go a long way toward keeping you from making silly mistakes, but they do not guarantee secure programs.

    Previous Table of Contents Next
    © 2000- NIV