开发者

What is the difference between pre($ENV{'QUERY_STRING}) and ($cgi->param())?

问答 作者:

for a perl cgi script, what is the difference (technic开发者_StackOverflowally) between these two?

#!/usr/bin/perl 
use CGI; 
$cgi = new CGI; 
print $cgi->header(),
$cgi->start_html(),
$cgi->pre($cgi->param()), 
$cgi->end_html();

and

#!/usr/bin/perl 
use CGI; 
$cgi = new CGI; 
print $cgi->header(),
$cgi->start_html(), 
$cgi->pre($ENV{'QUERY_STRING'}), 
$cgi->end_html();

Assume an HTTP request like this:

GET my.cgi?foo=bar&baz=buz

When run under a webserver with a conventional CGI interface, the environment variable QUERY_STRING will be foo=bar&baz=buz. The environment variable will not be URL-unescaped. Printing it with $cgi->pre(...) will simply enclose the env var with <pre></pre> tags (or a single <pre /> tag if the value is or is coerced to an empty string.

$cgi->param(), on the other hand, and assuming a list context with no arguments, will return a list of URL-unescaped CGI parameter names, in this case foo and bar.

(Note that $cgi->pre(...) does not HTML-escape its argument, so $ENV{QUERY_STRING} might just jeopardize your cgi with a little cross-site scripting injection.)

The param method on the CGI object returns a list of all query parameters, including GET and POST parameters. Unless you pass in an argument, in which case it looks for a parameter with that name and returns the value.

The QUERY_STRING environment variable contains the unparsed query string.

This would have been pretty obvious if you had tried the code in question.

Here is the documentation for param.

Per the source of CGI.pm

#### Method: param
# Returns the value(s)of a named parameter.
# If invoked in a list context, returns the
# entire list.  Otherwise returns the first
# member of the list.
# If name is not provided, return a list of all
# the known parameters names available.
# If more than one argument is provided, the
# second and subsequent arguments are used to
# set the value of the parameter.

QUERY_STRING is set by the web server it is simply the query string from the uri: you can read more about it here

继续阅读:cgienvironment-variablesparametersperl

更多精彩内容

0

上一篇:

下一篇:

精彩评论

暂无评论...
登录 注册
Qedev.com
验证码 换一张
取 消

最新问答

问答排行榜

法律声明:本站内容均为网友上传,网站举办方负责审核和监督,

如存在版权或非法内容,欢迎举报,我们将尽快予以删除。

Copyright © 2018-2020 开发者. All rights reserved.

Powered by 开发者

ICP备案号: 京ICP备10032868号-9