Chris Bennett wrote:
...
Personal observations :
use warnings;
That's good. But this :
no warnings 'uninitialized';
is very dubious.
$article_file = $q->param("articlefilename");
will come back undef if :
- there is no "articlefilename" input box on the submitted form
- there is one, but it is not sent by the browser (as some browsers may
do if the form field has not been filled-in)
- someone just calls your script by a URL in the location bar, without
parameters
if ($debug) { $error .= qq{<p>$article_file</p>};}
This then is dubious too, because you are essentially concatenating a
string (which may also be undef), with an undef value. (And before that,
you are passing this undef value to the qq function).
Who knows what this does ?
Unfortunately, you will never know, because you have disabled warnings
for that.
Why not do something more solid, like :
remove the "no warnings" pragma.
$article_file = $q->param("articlefilename") || '';
(making it equal to an empty string if it is undefined), or more explicitly
$article_file = $q->param("articlefilename");
$article_file = '' unless defined $article_file;
And the same for any other form parameter you receive.
If you are programming for the web, where you essentially do not know
which miscreant browser or user is at the other end, you have to program
defensively. Suppressing warnings is the wrong way to go.
