Is it a security risk to use identical names for database fields and html forms?

[Michael R. Fahey]

Hi,

I was looking at a perl script where the developer used different names
for the incoming parameters and the database field names. He told me
that this was done for security reasons-- to ensure that malicious users
would not be able to discover the field names in the database being
updated or queried. How dangerous is this? I think it would be easier to
work with a hash of parameters from the input form.

I'm using cg.pm, DBI, and postgresql.

Thanks.

Michael Fahey

--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Can't convert big5 to utf-8

[Michael R. Fahey]

I'd like to take some strings encoded in big5, convert them to utf-8,
and send them to the browser. The following script runs but doesn't
convert the strings correctly. The cgi is run by Apache on Redhat 7.1.
Perl is 5.6.0. Have I garbled the syntax for Unicode::Map and
Unicode::String?
Thanks,

Michael Fahey

#!/usr/bin/perl -w

#uni.pl

use CGI;
use Unicode::Map;
use Unicode::String qw(utf8 latin1 utf16);

my $Map = new Unicode::Map("BIG5"); 

my $cgi = new CGI;
$cgi->charset('utf-8');
print $cgi->header();
print $cgi->start_html();

my $data_file = '../data/uni.txt'; #see below for contents of uni.txt
open (IN, $data_file) or die "Couldn't open $data_file: $!\n";

#print some test unicode characters

print "\x{263A}", "","\x{263B}", "",
"\x{2630B}", "", "\x{7C70}", "";
while (){
chomp;
print "This is the raw string: $_", "";
my $utf16 = $Map ->to_unicode ($_);
print $utf16, "";
my $u = utf8($utf16);
print $u->utf8;
print "";


}
print $cgi->end_html();


##uni.txt###
uni.txt contains the characters for 'big', 'middle', and 'small' in
following three lines:

¤j
¤¤
¤p