CGI
[1/4] from: sharriff::aina::med-iq::de at: 4-Oct-2000 8:58
Hi guys!
Sorry to bother you with this newbie question:
Why does one have to "make object!" after a "decode-cgi" ? just curious...
Sharriff Aina
med.iq information & quality in healthcare AG
Gutenbergstr. 42
41564 Kaarst
tel.: 02131-3669-0
fax: 02131-3669-599
www.med-iq.de
[2/4] from: al:bri:xtra at: 4-Oct-2000 2:08
Sharriff Aina wrote:
> Sorry to bother you with this newbie question:
> Why does one have to "make object!" after a "decode-cgi" ? just curious...
Actually, one doesn't have to, but it's safer for your software if you so,
as you can put arbitrary Rebol code in the cgi url. Putting the results of
the decode-cgi in a object minimises the damage the Rebol code can do.
Andrew Martin
ICQ: 26227169
http://members.nbci.com/AndrewMartin/
http://members.xoom.com/AndrewMartin/
[3/4] from: brett:codeconscious at: 4-Oct-2000 21:25
Though, as noted on an earlier message on this list, doing so means that you
will only get one value from a multi-select input.
Brett.
[4/4] from: sterling:rebol at: 4-Oct-2000 10:44
It simply makes an easy-access object out of the data:
decode-cgi "foo=10&bar=20"
== [foo: 10 bar: 20]
when you make an object out of it with:
cgi: make object! decode-cgi "foo=10&bar=20"
you can access the form values like this:
cgi/foo
== 10
cgi/bar
== 20
The reason you might not make an objects is if you have multiple form
items on the page with the same name so your cgi query string looks
like this:
foo=10&bar=20&bar=30
Then if you make an object, you'll only get one value for 'bar.
WARNING
You can also DO the decoded cgi block and it will set the words to
their respective valus. This is neat but remember that any word can
come in through cgi so if you do this:
do decode-cgi "foo=10&bar=20&read=0"
will stomp all over the word 'read... not a good idea. And since you
do not have control over what somebody could hack pu and send in to
you cgi program it is not generally a good idea to DO the decode-cgi
block.
WARNING
Sterling