[Date Prev][Date Next][Thread Prev][Thread Next][Minivend by date ][Minivend by thread ]

RE: [mv] How can I access/set non minivend varibles within minivend from a url string

To: <minivend-users@minivend.com>
Subject: RE: [mv] How can I access/set non minivend varibles within minivend from a url string
From: "Jeff Carnahan" <jcarnahan@networq.com>
Date: Thu, 25 May 2000 20:24:54 -0700
Importance: Normal
In-Reply-To: <NCBBIDAPCKKIGDBNDGAOCEPODKAA.minivend@hq.com.au>
Reply-To: minivend-users@minivend.com
Sender: owner-minivend-users@minivend.com

******    message to minivend-users from "Jeff Carnahan" <jcarnahan@networq.com>     ******

You can access those variables via:

[perl]
  $var1 = $CGI->{'var1'};
  $var2 = $CGI->{'var2'};

...

[/perl]

Of course however, you don't want to pass those variables directly into
other parts/functions in your site. Validate them first. Ensure that there
aren't any malicious commands or data in there or else you could open
yourself up to security vulnerabilities.

My suggestion:

[perl]
  $var1 = $CGI->{'var1'};
  $var1 =~ s/[^\w\-_\s]//g;

  $Scratch->{'var1'} = $var1;
[/perl]

This will filter out non-alpha numerics, hyphens spaces or underscores.
(Note I escape the hyphen for compatibility with Perl 5.6)...

--
Jeff Carnahan - jcarnahan@networq.com

> -----Original Message-----
> From: owner-minivend-users@minivend.com
> [mailto:owner-minivend-users@minivend.com]On Behalf Of Geoff
> Sent: Thursday, May 25, 2000 07:53 PM
> To: Minivend-Users
> Subject: [mv] How can I access/set non minivend varibles within minivend
> from a url string
>
>
> ******    message to minivend-users from "Geoff"
> <minivend@hq.com.au>     ******
>
> I am trying to set variables like this
> http://mysite.com/cgi-bin/minivend/test.html?var1=hello&var2=baby
>
> How can I then display/convert the variables to scratch from minivend?
>
> I know how to use ;var; and the get the [data arg session] but that is a
> little lame....(considering you have to have a bodgy looking url
> and use XXX
> markers or whatever to call a perl split function....
>
> Any ideas?
>
> -
> To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
> email with 'UNSUBSCRIBE minivend-users' in the body to
> Majordomo@minivend.com.
> Archive of past messages: http://www.minivend.com/minivend/minivend-list
>

-
To unsubscribe from the list, DO NOT REPLY to this message.  Instead, send
email with 'UNSUBSCRIBE minivend-users' in the body to Majordomo@minivend.com.
Archive of past messages: http://www.minivend.com/minivend/minivend-list

References:
- [mv] How can I access/set non minivend varibles within minivend from a url string
  - From: "Geoff" <minivend@hq.com.au>

Prev by Date: [mv] How can I access/set non minivend varibles within minivend from a url string
Next by Date: [mv] double-byte language problem
Prev by thread: [mv] How can I access/set non minivend varibles within minivend from a url string
Next by thread: RE: [mv] How can I access/set non minivend varibles within minivend from a url string
Index(es):
- Date
- Thread