CGI.pm Escaping query strings - ampersand issue

Discussion in 'Perl Misc' started by Matthew Salerno, Apr 30, 2004.

  1. I have a cgi/mod_perl script that at one point it generates url's based on
    directories:

    foreach (@dirs){
    my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"
    ONCLICK="window.open('index.cgi?List=$_&testid=$testid',
    '$testid','toolbar=no,location=no,directories=no,status=no,menubar=no,scroll
    bars=yes,resizable=yes, width=450,height=230,left=100,top=100'); return
    false">|;
    print "$lnk1 here </a><br>";
    }

    The problem is that some of the directories contain ampersands "&".

    If there is an ampersand in the directory name, the the rest of the query
    string gets all messed up.

    ex.
    If the directory is titled:
    Paperwork_&_Cover
    The URL becomes
    http://testserv/index.cgi?List=Paperwork_&_Cover&testID=70821

    Before the print statement, I have tried the following:

    escape($lnk);
    Gives me:
    Software error:
    /TestDocs/70822/Paperwork_ No Documents in this system No such file or
    directory at /docs/index.cgi line 345.

    $_ =~ s/\&/\&amp\;/g;
    Gives me:
    Software error:
    /TestDocs/70822/Paperwork_ No Documents in this system No such file or
    directory at /docs/index.cgi line 345.

    $_ =~ s/\&/%26/g;
    Gives me:
    Software error:
    /TestDocs/70822/Paperwork_%26_Cover No Documents in this system No such file
    or directory at /docs/index.cgi line 345.

    I am going nuts trying to figure out how to get this to work. Can anyone
    offer up a bit of wisdom.

    Thanks,

    Matt
    Matthew Salerno, Apr 30, 2004
    #1
    1. Advertising

  2. "Matthew Salerno" <> wrote in message
    news:2Kykc.98000$...
    >
    > I have a cgi/mod_perl script that at one point it generates url's based on
    > directories:
    >
    > foreach (@dirs){
    > my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid"

    TARGET="$testid"
    > ONCLICK="window.open('index.cgi?List=$_&testid=$testid',
    >

    '$testid','toolbar=no,location=no,directories=no,status=no,menubar=no,scroll
    > bars=yes,resizable=yes, width=450,height=230,left=100,top=100'); return
    > false">|;
    > print "$lnk1 here </a><br>";
    > }
    >


    My apologiex, obvious typo:

    print "$lnk1 here </a><br>";

    Should be:
    print "$lnk here </a><br>";
    Matthew Salerno, Apr 30, 2004
    #2
    1. Advertising

  3. Matthew Salerno wrote:
    > I have a cgi/mod_perl script that at one point it generates url's
    > based on directories:


    <snip>

    > The problem is that some of the directories contain ampersands "&".


    <snip>

    > $_ =~ s/\&/%26/g;
    > Gives me:
    > Software error:
    > /TestDocs/70822/Paperwork_%26_Cover No Documents in this system No
    > such file or directory at /docs/index.cgi line 345.


    URI-escaping the directory name, i.e. converting the '&' character to
    '%26', should do the trick. I don't understand what kind of test you
    are doing to conclude that that does not work.

    It is a URL, right? If you submit

    http://testserv/index.cgi?List=Paperwork_&_Cover&testID=70821

    with the browser, doesn't CGI.pm unescape the directory name back to
    Paperwork_&_Cover?

    --
    Gunnar Hjalmarsson
    Email: http://www.gunnar.cc/cgi-bin/contact.pl
    Gunnar Hjalmarsson, Apr 30, 2004
    #3
  4. Matthew Salerno

    gnari Guest

    "Matthew Salerno" <> wrote in message
    news:2Kykc.98000$...
    >

    [ query string ]
    >
    > The problem is that some of the directories contain ampersands "&".
    >
    > If there is an ampersand in the directory name, the the rest of the query
    > string gets all messed up.
    >
    > ...
    > $_ =~ s/\&/%26/g;
    > Gives me:
    > Software error:
    > /TestDocs/70822/Paperwork_%26_Cover No Documents in this system No such

    file
    > or directory at /docs/index.cgi line 345.


    you are using CGI.pm are you not?

    by the way, you should properly urlencode your querystring parameters,
    as there are more characters that may appear in filenames but are
    not valid in querystrings.

    gnari
    gnari, May 1, 2004
    #4
  5. Matthew Salerno

    Bob Walton Guest

    Matthew Salerno wrote:

    > I have a cgi/mod_perl script that at one point it generates url's based on
    > directories:
    >
    > foreach (@dirs){
    > my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"
    > ONCLICK="window.open('index.cgi?List=$_&testid=$testid',
    > '$testid','toolbar=no,location=no,directories=no,status=no,menubar=no,scroll
    > bars=yes,resizable=yes, width=450,height=230,left=100,top=100'); return
    > false">|;
    > print "$lnk1 here </a><br>";
    > }
    >
    > The problem is that some of the directories contain ampersands "&".
    >
    > If there is an ampersand in the directory name, the the rest of the query
    > string gets all messed up.
    >
    > ex.
    > If the directory is titled:
    > Paperwork_&_Cover
    > The URL becomes
    > http://testserv/index.cgi?List=Paperwork_&_Cover&testID=70821
    >
    > Before the print statement, I have tried the following:
    >
    > escape($lnk);
    > Gives me:
    > Software error:
    > /TestDocs/70822/Paperwork_ No Documents in this system No such file or
    > directory at /docs/index.cgi line 345.
    >
    > $_ =~ s/\&/\&amp\;/g;
    > Gives me:
    > Software error:
    > /TestDocs/70822/Paperwork_ No Documents in this system No such file or
    > directory at /docs/index.cgi line 345.
    >
    > $_ =~ s/\&/%26/g;
    > Gives me:
    > Software error:
    > /TestDocs/70822/Paperwork_%26_Cover No Documents in this system No such file
    > or directory at /docs/index.cgi line 345.
    >
    > I am going nuts trying to figure out how to get this to work. Can anyone
    > offer up a bit of wisdom.

    ....
    > Matt


    Just a WAG: Try something like:

    for(@dirs){
    my $i=$_;
    $i=s/&/%26/g;
    ... #using $i instead of $_
    }

    It looks like the errors might possibly be coming from something you are
    doing with array @dir later on, and the code you have is placing the
    escape codes into @dir, which then means @dir won't work when used for
    other stuff later. I say this mostly because the errors you are getting
    don't appear to be from a browser, but from Perl.

    --
    Bob Walton
    Email: http://bwalton.com/cgi-bin/emailbob.pl
    Bob Walton, May 1, 2004
    #5
  6. Matthew Salerno

    pkent Guest

    In article <2Kykc.98000$>,
    "Matthew Salerno" <> wrote:

    > I have a cgi/mod_perl script that at one point it generates url's based on
    > directories:
    >
    > foreach (@dirs){
    > my $lnk = qq|<A HREF="index.cgi?List=$_&TestID=$testid" TARGET="$testid"


    You can't just put any old string into a query string value, or key, and
    expect it to work. Only certain characters are safe - in particular you
    noticed that & is special, because that's the thing used to separate
    key-value pairs! [There are other specials, of course, but you can read
    the RFC for them]

    So, you need to url-escape $_ _before_ you whack it into a query string
    value or key. Look at the URI::Escape module.

    And then, don't forget that '&' itself is a special character in HTML
    and needs to be escaped there too.

    P

    --
    pkent 77 at yahoo dot, er... what's the last bit, oh yes, com
    Remove the tea to reply
    pkent, May 1, 2004
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Matthew Warren

    Raw strings and escaping

    Matthew Warren, Oct 3, 2006, in forum: Python
    Replies:
    7
    Views:
    314
    Scott David Daniels
    Oct 3, 2006
  2. Replies:
    3
    Views:
    437
  3. Gene Kahn
    Replies:
    5
    Views:
    102
    David N. Springer
    Nov 22, 2004
  4. Krishna Rokhale

    Escaping strings

    Krishna Rokhale, Mar 7, 2010, in forum: Ruby
    Replies:
    3
    Views:
    97
    Krishna Rokhale
    Mar 7, 2010
  5. Marek
    Replies:
    5
    Views:
    223
    Peter J. Holzer
    Aug 31, 2009
Loading...

Share This Page