Re: CGI parameters

Tue, 25 Oct 2005 01:52:50 -0700 

On 24 Oct 2005 at 11:48, Ovid wrote:

> > I am trying to access the parameter list from a form. I keep getting 
> > a "Not an ARRAY reference at (eval...)". The error seems to refer to 
> > 
> > my @names = $q->param;
> 
> I suspect you're off by a couple of lines:
> 
>   my @names = $q->param;
>   my $params = Vars;
>  
>   my $len = @{$params}; # $params should be a hashref
> 
> Vars() returns a hashref, not an array ref.  
Dohh. Yes reading that paragraph more clearly now. I guess I need a 
slice of the hash ref??

I still get the error if I remove those lines:
      1  #!/usr/bin/perl -w
     2
     3  use strict;
     4
     5  use CGI qw\standard cgi-lib\;
     6  use CGI::Carp qw(fatalsToBrowser);
     7
     8  $CGI::POST_MAX = 1024 * 1000; # Set limit to 1MB
     9
    10
    11  my $q = new CGI;
    12
    13  my @names = $q->param;
    14  #my $params = Vars;
    15  #my $len = @{$params};
....snip

Software error:

Not an ARRAY reference at (eval 33) line 12.

If I do it the other way:
     3  #use strict;
     4
     5  use CGI qw\standard cgi-lib\;
     6  use CGI::Carp qw(fatalsToBrowser);
     7
     8  $CGI::POST_MAX = 1024 * 1000; # Set limit to 1MB
     9
    10
    11  my $q = new CGI;
    12
    13  #my @names = $q->param;
    14  my $params = Vars;
    15  my $len = @{$params};
...snip

It runs without error.

So I am not sure why the param list is failing - I have to suspect 
that it is the content of the file upload as it works if I pass the 
script a url type string on the command line.

 Becuase it
> separates values with null bytes, you run the risk of exposing you code
> to a security hole known as the "null byte hack".  I explain the latter
> in lesson three of my CGI course: 
> http://users.easystreet.com/ovid/cgi_course/lessons/lesson_three.html

Wasn't aware of this. The script, as I said, tries to deal with a 
file upload so the taint part of this articles is very helpfully

I only tried to use Vars because I was failing to fetch the param 
list with $q->param. It was just another way of tring to get the 
params but I obviously have some work to do there.
> Cheers,
> Ovid
Thank you.

Don't supose you have any suggestion on how to create a hash slice of 
the input field names??


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>

Reply via email to