develooper Front page | perl.perlfaq.workers | Postings from January 2005

perlfaq9: How do I decode a CGI form?

Thread Previous | Thread Next
January 3, 2005 11:18
perlfaq9: How do I decode a CGI form?
Message ID:

* How do I decode a CGI form?
   + I'm completely replacing this answer.  The previous version
   was pretty aggressive and ranted about cargo-culting.  It also
   digressed into a discussion of HTTP methods.

   + The new answer showcases, and gives a couple examples.
   I'd like people to use it because it's easier, not because we
   decreed it's use.

   + I also removed the reference to  It is 2005 now :)

Index: perlfaq9.pod
RCS file: /cvs/public/perlfaq/perlfaq9.pod,v
retrieving revision 1.18
diff -u -d -r1.18 perlfaq9.pod
--- perlfaq9.pod        3 Jan 2005 18:43:37 -0000       1.18
+++ perlfaq9.pod        3 Jan 2005 19:14:43 -0000
@@ -352,35 +352,38 @@
 =head2 How do I decode a CGI form?
-You use a standard module, probably  Under no circumstances
-should you attempt to do so by hand!
+(contributed by brian d foy)
-You'll see a lot of CGI programs that blindly read from STDIN the
-of bytes equal to CONTENT_LENGTH for POSTs, or grab QUERY_STRING for
-decoding GETs.  These programs are very poorly written.  They only work
-sometimes.  They typically forget to check the return value of the
-system call, which is a cardinal sin.  They don't handle HEAD requests.
-They don't handle multipart forms used for file uploads.  They don't
-with GET/POST combinations where query fields are in more than one
-They don't deal with keywords in the query string.
+Use the module that comes with Perl.  It's quick,
+it's easy, and it actually does quite a bit of work to
+ensure things happen correctly.  It handles GET, POST, and
+HEAD requests, multipart forms, multivalued fields, query
+string and message body combinations, and many other things
+you probably don't want to think about.
-In short, they're bad hacks.  Resist them at all costs.  Please do not
-tempted to reinvent the wheel.  Instead, use the or
-(available from CPAN), or if you're trapped in the module-free land
-of perl1 .. perl4, you might look into (available from
- ).
+It doesn't get much easier: the CGI module automatically
+parses the input and makes each value available through the
+C<param()> function.
-Make sure you know whether to use a GET or a POST in your form.
-GETs should only be used for something that doesn't update the server.
-Otherwise you can get mangled databases and repeated feedback mail
-messages.  The fancy word for this is ``idempotency''.  This simply
-means that there should be no difference between making a GET request
-for a particular URL once or multiple times.  This is because the
-HTTP protocol definition says that a GET request may be cached by the
-browser, or server, or an intervening proxy.  POST requests cannot be
-cached, because each request is independent and matters.  Typically,
-POST requests change or depend on state on the server (query or update
-a database, send mail, or purchase a computer).
+       use CGI qw(:all);
+       my $total = param( "price" ) + param( "shipping" );
+       my @items = param( "item ); # multiple values, same field name
+If you want an object-oriented approach, can do that too.
+       use CGI;
+       my $cgi = CGI->new();
+       my $total = $cgi->param( "price" ) + $cgi->param( "shipping" );
+       my @items = $cgi->param( "item" );
+Many people try to write their own decoder (or copy one from
+another program) and then run into one of the many "gotchas"
+of the task.  It's much easier and less hassle to use
 =head2 How do I check a valid mail address?

brian d foy,

Thread Previous | Thread Next Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at | Group listing | About