perl-modperl mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From André Warnier>
Subject Re: Getting a / when regex should produce nothing
Date Sun, 25 Apr 2010 10:44:56 GMT
Chris Bennett wrote:

Personal observations :

> use warnings;
That's good. But this :

> no warnings 'uninitialized';

is very dubious.

> $article_file = $q->param("articlefilename");

will come back undef if :
- there is no "articlefilename" input box on the submitted form
- there is one, but it is not sent by the browser (as some browsers may 
do if the form field has not been filled-in)
- someone just calls your script by a URL in the location bar, without 

> if ($debug) { $error .= qq{<p>$article_file</p>};}

This then is dubious too, because you are essentially concatenating a 
string (which may also be undef), with an undef value. (And before that, 
you are passing this undef value to the qq function).
Who knows what this does ?

Unfortunately, you will never know, because you have disabled warnings 
for that.

Why not do something more solid, like :

remove the "no warnings" pragma.

$article_file = $q->param("articlefilename") || '';
(making it equal to an empty string if it is undefined), or more explicitly
$article_file = $q->param("articlefilename");
$article_file = '' unless defined $article_file;

And the same for any other form parameter you receive.

If you are programming for the web, where you essentially do not know 
which miscreant browser or user is at the other end, you have to program 
defensively.  Suppressing warnings is the wrong way to go.

View raw message