What is the difference between pre($ENV{'QUERY_STRING}) and ($cgi->param())?
for a perl cgi script, what is the difference (technic开发者_StackOverflowally) between these two?
#!/usr/bin/perl
use CGI;
$cgi = new CGI;
print $cgi->header(),
$cgi->start_html(),
$cgi->pre($cgi->param()),
$cgi->end_html();
and
#!/usr/bin/perl
use CGI;
$cgi = new CGI;
print $cgi->header(),
$cgi->start_html(),
$cgi->pre($ENV{'QUERY_STRING'}),
$cgi->end_html();
Assume an HTTP request like this:
GET my.cgi?foo=bar&baz=buz
When run under a webserver with a conventional CGI interface, the environment variable QUERY_STRING will be foo=bar&baz=buz
. The environment variable will not be URL-unescaped. Printing it with $cgi->pre(...)
will simply enclose the env var with <pre></pre>
tags (or a single <pre />
tag if the value is or is coerced to an empty string.
$cgi->param()
, on the other hand, and assuming a list context with no arguments, will return a list of URL-unescaped CGI parameter names, in this case foo
and bar
.
(Note that $cgi->pre(...)
does not HTML-escape its argument, so $ENV{QUERY_STRING}
might just jeopardize your cgi with a little cross-site scripting injection.)
The param
method on the CGI object returns a list of all query parameters, including GET and POST parameters. Unless you pass in an argument, in which case it looks for a parameter with that name and returns the value.
The QUERY_STRING
environment variable contains the unparsed query string.
This would have been pretty obvious if you had tried the code in question.
Here is the documentation for param
.
Per the source of CGI.pm
#### Method: param
# Returns the value(s)of a named parameter.
# If invoked in a list context, returns the
# entire list. Otherwise returns the first
# member of the list.
# If name is not provided, return a list of all
# the known parameters names available.
# If more than one argument is provided, the
# second and subsequent arguments are used to
# set the value of the parameter.
QUERY_STRING
is set by the web server it is simply the query string from the uri: you can read more about it here
精彩评论