These are quite basic questions but I'm farely new to perl cgi and mysql, although I've been programming in C (non-web) for a few years.
I've created a simple directory using cgi and mysql, I call one cgi script that reads from the database and generates the appropriate category page and one that the category page calls to update the hit count in the database and redirect to the new url.
Everthing is working ok but when I check the parameters passed to the scripts and find they are incorrect, what action should I take? I'm currently just generating a page that says error invalid parameters, then exits the script and sits there.
Also, is there any security issues I should be particulary aware of when using cgi and mysql? I'm keeping the admin scripts off site as I can run them from my computer just as easily.
Thanks for any help!
If the parameter are supplied by the user via a form you would obviously show the form again, with form fields prepopulated and mark the error clearly within that form.
If the parameter are supplied by your script and the user has been tampering with them, then I´d just gracefully redirect to the home page. If they play with your parameter they cannot expect to get what they want.
>>security issues
Obviously you are already checking each and every data that is supplied by the user. Use the -T switch in your shebang line to enable Perl [perl.com]´s tainted mode. This will detect all unsafe operations using tainted values.
[url=http://www.perldoc.com/perl5.8.0/pod/func/use.html]use[/url] [url=http://www.perldoc.com/perl5.8.0/lib/strict.html]strict[/url]Andreas
Yes the parameters are supplied by my script I'm just checking for people tampering with it, I was going to redirect to the home page but thought there might be something else I should do, but thats what I will do.
I'm using strict and -w but when I try -T I'm getting error too late for this.
Anyway thanks for your help, much appreciated.
