André Warnier schrieb am 25.04.2010 um 12:44:56 (+0200):
> >use warnings;
> That's good. But this :
>
> >no warnings 'uninitialized';
>
> is very dubious.
I used to think so, too, but I've recently changed my mind.
> >$article_file = $q->param("articlefilename");
>
> will come back undef if :
> - there is no "articlefilename" input box on the submitted form
> - there is one, but it is not sent by the browser (as some browsers
> may do if the form field has not been filled-in)
> - someone just calls your script by a URL in the location bar, without
> parameters
True, the value will be undef, but so what? Perl treats undef as the
empty string or zero depending on the context, regardless of whether
you've resolved to have yourself harassed with warnings because of
uninitialized values or not; if, however, you *have* done so, then
you'll see those warnings on STDERR and feel that you should fix your
code by doing something like:
$str = $q->param("articlefilename") || '';
$num = $bla->calc_blub || 0;
So you're performing manually what Perl does automatically just to get
rid of the warning you've decided to turn on because you thought it was
good, or robust, or solid. If you think about it, you have to admit that
this is not exactly clever.
> >if ($debug) { $error .= qq{<p>$article_file</p>};}
>
> This then is dubious too, because you are essentially concatenating a
> string (which may also be undef), with an undef value.
So what? The undef is automatically converted to an empty string. That's
what you want anyway. Let Perl do it for you.
> (And before that, you are passing this undef value to the qq
> function). Who knows what this does ?
>
> Unfortunately, you will never know, because you have disabled warnings
> for that.
There's probably no need to know in this case. If your fix is to convert
undef to an empty string, why not have Perl do it for you?
> Why not do something more solid, like :
>
> remove the "no warnings" pragma.
>
> $article_file = $q->param("articlefilename") || '';
> (making it equal to an empty string if it is undefined), or more
> explicitly
> $article_file = $q->param("articlefilename");
> $article_file = '' unless defined $article_file;
>
> And the same for any other form parameter you receive.
I've been doing this for ten years now, but I've stopped, because it's
tedious and, I think, pointless. Perl does it for you.
> If you are programming for the web, where you essentially do not know
> which miscreant browser or user is at the other end, you have to
> program defensively. Suppressing warnings is the wrong way to go.
I wouldn't say so. Either you agree with Perl's automatic conversion of
undef to '' or 0 depending on the context (which apparently you do when
you write "|| ''" or "|| 0"), or you don't agree because you do not want
to tolerate undef at all (because you're counting money, for example).
In the former case, just do as the OP did (no warnings 'uninitialized');
in the latter case consider making your code really robust and the
warning fatal.
For the record, I've changed my mind about this uninitialized business
after reading the perldoc for common::sense by Marc Lehmann:
http://search.cpan.org/~mlehmann/common-sense-3.2/
--
Michael Ludwig
