Howdy Mike:
> >>cgi-in: make object! decode-cgi form-data
>
> Now the object 'cgi-in' contains all of the variables that
> the form returned.
>
> >> probe cgi-in
>
> make object! [
> Query: "scsi" SearchView: "wwwV4R1" MaxResults: ""
> Sort: "1"
> ]
>
> Much safer.
This really is the safest route. There are some scripts
that I have seen various people write (including me!) that
do this:
do decode-cgi system/options/cgi/query-string
Thinking that setting all the desired variables at the
global scope is convenient. Of course, besides the fact
that John Curtis will ridicule this very side effecty way of
doing things, this presents a little bit of a risk to the
CGI script.
This method isn't safe because if people know the source of
your CGI program they can arbitrarily reassign one of your
variables to a string passed in. IE:
read http://your.site/your-script.r?somevar=do+something+bad
If this variable ever gets LOADed or DOne then something bad
could happen. Of course, since all good CGI scripts
establish sane security settings first and foremost, the
possibilities for mischief are minimized. :-)
-jeff
