In addition to Randal's lucid explanation of your specific problem. I would
encourage you to also use taintmode flag and filter both subject and
filename as they are being used to create the file. The commented out
attempt to do this with $name shows that you basically may be aware of
this, but I figure that I would just raise it quickly since it's important
topic.
Another minor thing is that I thought ">>" was the operator for opening
with appending not "<<". But I haven't done appending in a long time so I
could be wrong.
At 09:51 PM 9/11/2001 +0100, Francesco Scaglioni wrote:
>Hi,
>
>I have a script which collects a comment than should write it to a
>file. Initialy several scripts did individual jobs but I am combining
>them. the opening gets the details like this:
>
>
> my $email = param( 'email' ) || '';
> my $text = param( 'text' ) || '';
> my $name = param( 'name' ) || '';
>
># ( my $name ) = ( param('name') =~ /^(\w+)$/ );
> my $filename = param( 'filename' ) || '';
> my $subject = param( 'subject' ) || '';
> my $action = param( 'action' ) || '';
> my $heading = param( 'heading' ) || '';
> my $title = param( 'title' ) || '';
>
>and then like this:
>
>
> if ( $action eq 'start' ) { start(); }
> elsif ( $action eq 'list' ) { list( $subject ) ; }
> elsif ( $action eq 'display' ) { display( $subject , $filename ); }
> elsif ( $action eq 'get_comment' ) { get_comment( $heading , $subject ,
> $filename ); }
> elsif ( $action eq 'write_comment'){ &write_comment( $name , $email ,
> $text , $subject , $filename ); }
> else { start() }
>
>
>Then the write bit is:
>
>sub write_comment {
>
> $name = $_[0];
> $email = $_[1];
> $text = $_[2];
> $subject = $_[3];
> $filename = $_[4];
>
># $COMMENT_DIR = ("../data/$subject/.comments");
> $COMMENT_FILE = ("../data/$subject/.comments/$filename") ;
>
>if ( ! $name ) {
>
>die "No value for name";
>}
>
>else {
>
>
>local *WRITE_COMMENT;
>
> open ( WRITE_COMMENT, "<<$COMMENT_FILE" ) || die "$COMMENT_FILE : $!";
> flock WRITE_COMMENT, LOCK_EX || die "cannot lock comment file: $!";
> print ($text, $name, $email ) || die "cannot print hello : $!";
> close WRITE_COMMENT || die "Cannot write to comment file ; $!";
>}
>}
>
>
>
>What is throwing me is that none of it errors or dies but the file
>remains blank. What am I missing?
>
>TIA
>
>Francesco
>
>--
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
__________________________________________________
Gunther Birznieks ([EMAIL PROTECTED])
eXtropia - The Open Web Technology Company
http://www.eXtropia.com/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
