×
The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.
Brad Stone wrote:
...
Escaping/encoding.. The only "bug" (but listed as "bugs")
that you've brought up for the past 3 years. :)
You yourself say it's not rocket science. It isn't. So
why not "add that GPS" to our honda civic as a bif?
It's not the place of a programming language to add domain specific
functionality into the base language. For example, should RPG have a
compound interest BIF? or a set of accounts payable BIF's?
Web servers handle a lot of this on their own (escaping qs
text). As for encoding HTML, well, that I do in most
cases, and those that don't learn and apply it in about 5
seconds (ILE rules!). Not that difficult and not worth all
the fuss and not proving any point.
Web servers escape query string text? Really? How do they tell the
difference between a '&' coded as parameter separator or coded as
parameter value? Would a web server know the difference when a
CGI-RPG program writes out query string that's not URL-encoded and
fix that?
You encode HTML already in most cases? Do the examples in the first
two editions of your e-RPG book do proper HTML escaping? (or even
URL encoding?) As you agree, this ain't rocket science, so it should
be just as easy to get it right, eh? (BTW, are you working on a 3rd
edition of your e-RPG book?)
Not worth the fuss? Check out the O'Reilly book "Programming
Python". Certainly the authors of that particular book consider the
issues of escaping and URL encoding important enough to mention in
the chapters on web programming.
I don't know if CGIDEV2 has been updated to include this.
But updating CGIDEV2 to do this would take less than 10
minutes.
But has it? By your evasiveness, can I assume it *still* doesn't
have that basic functionality? The Python programmer can easily find
the functionality for escaping text in HTML in function cgi.escape()
or the functionality for URL encoding with function urllib.quote()
(among others).
My point is that the CGI RPG programmer is missing some fundamental
functionality in the available procedure libraries. Functionality
that programmers in other languages like Java and Perl and Python
take for granted in their class libraries. Functionality that's
necessary for the majority of CGI programs.
Certainly you're not basing this one "bug" as to why RPG
shouldn't be used for the web. It has nothing to do with
the capabilities of RPG itself. Unless it is because of
the lack of support of this "easy" function not included in
the base RPG package. As much as you mention this as the
your only real guff with RPG for the web, I would think you
would add a bif. But then, what would you have to complain
about. <smirk>
What I'm saying is that the resources on CGI programming in other
languages, like Java and Perl and Python (to name a few), generally
provide much much better advice on the subject, especially regarding
the risks. (And as you well know, there are risks to not escaping
text and URL-encoding query strings.) So yeah, for that reason alone
I'd recommend staying away from CGI RPG programming.
Cheers! Hans
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact
[javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
