Newbie: form checkboxes & param

[Nadine]

I have a script to print out the values of a form's fields to a file.
That works fine. However I wanted to print out the values of all the
checkboxes, not just the ones checked, to make analysis easier. I
shortened my script to deal with just the checkboxes until I got this
matter settled. I found several ideas on the web about using param
with checkboxes. I tried two but, being a newbie, I do not know how to
fix the script. Debug says I have compilation errors near line 24 and
"0". I tried a couple things but got nowhere.

My checkboxes are called "c1", "c2", "c3", "c4".

#!/usr/bin/perl -w
use CGI qwstandard);

print "Content-type:text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}

print "<html><head><title>Results</title></head>\n";
print "<body>\n";
print "<h2>Results</h2>\n";

@boxes = ("c1", "c2", "c3", "c4");
my $key;
my $box;
foreach $key(@boxes) {
$box=param($FORM{$key})||'0'; # print value or zero
print "$box|\n";
}

print "</body></html>\n";

Thanks in advance for your help.

 

[gibbering poster]

I have a script to print out the values of a form's fields to a file.
That works fine. However I wanted to print out the values of all the
checkboxes, not just the ones checked, to make analysis easier. I
shortened my script to deal with just the checkboxes until I got this
matter settled. I found several ideas on the web about using param
with checkboxes. I tried two but, being a newbie, I do not know how to
fix the script. Debug says I have compilation errors near line 24 and
"0". I tried a couple things but got nowhere.

Untested:

#!/usr/bin/perl -l
use CGI qw ':standard';
use strict;
use warnings;

print header, start_html;

print title ('Results');
print '<body>';
print h2 ('Results');

print "$_ => @{[ param ($_) ]}" for grep /^c/, param();

print '</body></html>';


if you name all your checkboxes starting with a 'c' ... you will get the
name, and values of only those parameters...

 

[Tore Aursand]

#!/usr/bin/perl -w
use CGI qwstandard);

Good! You're using the CGI module. You should, however, use the strict
module as well;

#!/usr/bin/perl
#
use strict;
use warnings;

print "Content-type:text/html\n\n";

You could also let the CGI module do this work for you:

print $cgi->header(-type => 'text/html');

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}

Aaaargh! Earlier on you declared that you wanted to use the CGI module,
but you're not! Do _not_ parse STDIN yourself. Instead use the famous
CGI module. Example:

my $cgi = CGI->new();
my $value = $cgi->param( 'keyword' ) || '';

@boxes = ("c1", "c2", "c3", "c4");
my $key;
my $box;
foreach $key(@boxes) {
$box=param($FORM{$key})||'0'; # print value or zero
print "$box|\n";
}

Use the CGI.pm module and rewrite this as something like this:

foreach my $box ( qw(c1 c2 c3 c4) ) {
my $value = $cgi->param( $box ) || 0;
print $value . "|\n";
}

 

[Eric J. Roode]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a script to print out the values of a form's fields to a file.
That works fine. However I wanted to print out the values of all the
checkboxes, not just the ones checked, to make analysis easier. I
shortened my script to deal with just the checkboxes until I got this
matter settled. I found several ideas on the web about using param
with checkboxes. I tried two but, being a newbie, I do not know how to
fix the script. Debug says I have compilation errors near line 24 and
"0". I tried a couple things but got nowhere.

My checkboxes are called "c1", "c2", "c3", "c4".

#!/usr/bin/perl -w
use CGI qwstandard);


print "Content-type:text/html\n\n";

read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}

Gah!! This is the third or fourth time in the past two weeks that same
code for parsing CGI parameters! IT IS VERY VERY BAD CODE!! Where are
you people *getting* this crap??

You are already using the excellent CGI module. It does the CGI
parameter parsing for you, and it does not suffer from the many bugs that
the parsing code you're actually using has:

1. It fails if CGI parameters are separated by semicolons.
2. It fails if a CGI value has an unencoded equals sign in it.
3. It fails if a CGI parameter has multiple values (eg checkboxes).
4. It will not work for GET method, only POST method.
5. It does not limit the quantity of data uploaded, leaving you open
to possible DOS attacks.
6. It does not unencode escaped characters in the parameter name.

Seven lines of code, six bugs.

Delete these seven lines, and start writing "param($name)" instead of
"$FORM{$name}". Also, start writing

print header();
instead of
print "Content-type: yadda yadda yadda\n\n";

One, it's less typing; two, you're less likely to make a typo that will
give you confusing 500 errors.

Now, on to your actual question:

$box=param($FORM{$key})||'0'; # print value or zero

I don't see any syntax error on this line. What specific error message
did you get? Is this your actual code, or did you make a transcription
error when re-typing it? (if so, please copy/paste code instead of re-
typing it).

There is a bad logic error in the above line. You have manually parsed
out the CGI parameters into the %FORM variable. So $FORM{$key} is the
value of the $key CGI variable. However, you mysteriously then pass that
to the CGI.pm param() function, which does the same thing. So if your
checkbox is named "c1", and its value is "yes", then you're calling
param("yes"), which attempts to look up the value of the "yes" variable.
Either use %FORM or use param(), not both. Since I highly recommend that
you ditch your %FORM variable, read that as "use param($key) instead"!

- --
Eric
$_ = reverse sort $ /. r , qw p ekca lre uJ reh
ts p , map $ _. $ " , qw e p h tona e and print

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 7.0.3 for non-commercial use <http://www.pgp.com>

iQA/AwUBP3LPUGPeouIeTNHoEQKx2ACeMdMroTBTyTeB23pC+G2dVbClUJkAoOkD
fKQCDcDT3D8vD+eeBrELUqiH
=JBwi
-----END PGP SIGNATURE-----