访问多个<select>使用 Perl CGI 的 -ed 参数
[英]Accessing multiple <select>-ed parameters with Perl CGI
问题描述
I am using the Perl CGI module.
我正在使用 Perl CGI模块。 If I have HTML like this如果我有这样的 HTML
<select multiple name="FILTER_SITE">
<option>1</option>
<option>2</option>
</select>
and submit my form I can get something like this in the URL: [..] FILTER_SITE=1&FILTER_SITE=2并提交我的表单,我可以在 URL 中得到类似的信息: [..] FILTER_SITE=1&FILTER_SITE=2
Perl's my $FILTER_SITE = $cgi->param('FILTER_SITE'); Perl 是my $FILTER_SITE = $cgi->param('FILTER_SITE'); wil capture only the first instance.将只捕获第一个实例。
How can I make use of both (in this case)?我如何利用两者(在这种情况下)? Hack it and parse the referrer myself and add them to an array is my first idea but it'd be a bit messy, then again I'm hardly versed in CGI.pm or Perl.破解它并自己解析引用并将它们添加到数组中是我的第一个想法,但它会有点混乱,然后我又几乎不精通 CGI.pm 或 Perl。
With Data::Dumper, interestingly有趣的是,使用 Data::Dumper
print "<pre>".Dumper($cgi->param('FILTER_SITE')) . "</pre>";
$VAR1 = '1';
$VAR2 = '2';
3 个解决方案
解决方案1
7 已采纳 2012-04-24 17:39:36
NOTE: Current documentation (as of 2020 May 29) says this method could cause a security vulnerability.注意:当前文档(截至 2020 年 5 月 29 日)表示此方法可能导致安全漏洞。 Please check my answer below.请在下面检查我的答案。
The param method supplies a single value in scalar context and (potentially) multiple values in list context. param方法在标量上下文中提供单个值,在列表上下文中(可能)提供多个值。 Read about it here . 在这里阅读。
So if you change your code to, for example因此,如果您将代码更改为,例如
my @FILTER_SITE = $cgi->param('FILTER_SITE');
then the array will contain all selected values of the option.那么该数组将包含该选项的所有选定值。
If it suits your code better, you can also write如果它更适合您的代码,您也可以编写
for my $FILTER_SITE ($cgi->param('FILTER_SITE')) {
:
}
解决方案2
2 2020-05-30 01:56:39
I know this is an old post, but looks like few things changed since this question was answered.我知道这是一个旧帖子,但自从这个问题得到回答后,看起来几乎没有什么变化。 I want to post the latest info on this, especially because the accepted answer is now considered a security vulnerability.我想发布有关此的最新信息,特别是因为已接受的答案现在被视为安全漏洞。 CGI.pm documentation says CGI.pm 文档说
{ Warning - calling param() in list context can lead to vulnerabilities if you do not sanitise user input as it is possible to inject other param keys and values into your code. This is why the multi_param() method exists, to make it clear that a list is being returned, note that param() can still be called in list context and will return a list for back compatibility. { Warning - calling param() in list context can lead to vulnerabilities if you do not sanitise user input as it is possible to inject other param keys and values into your code. This is why the multi_param() method exists, to make it clear that a list is being returned, note that param() can still be called in list context and will return a list for back compatibility. Warning - calling param() in list context can lead to vulnerabilities if you do not sanitise user input as it is possible to inject other param keys and values into your code. This is why the multi_param() method exists, to make it clear that a list is being returned, note that param() can still be called in list context and will return a list for back compatibility. } }
It is recommended to use $cgi->multi_param method instead.建议改用$cgi->multi_param方法。
解决方案3
0 2014-06-30 07:44:28
Example of parsing values解析值的例子
#!/usr/bin/perl
use Encode;
print "Content-Type: text/html; charset=UTF-8\n\n";
if($ENV{'REQUEST_METHOD'} eq "POST") {
read(STDIN, $querystring, $ENV{'CONTENT_LENGTH'});
print "<h1>POST</h1>";
} else {
print "<h1>GET</h1>";
$type = "display_form";
$querystring = $ENV{'QUERY_STRING'};
}
print "<p>$querystring</p>";
if (length ($querystring) > 0){
@pairs = split(/&/, $querystring);
foreach $pair (@pairs){
($name, $value) = split(/=/, $pair);
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
if (exists $in{$name}) {
$value = "$value,$in{$name}";
}
$in{$name} = $value;
}
}
foreach my $val (sort keys %in) {
print "<p>$val: $in{$val}</p>";
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.