× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. WEB400
  3. October 2002

Re: CGI URL

Brad Stone wrote:

You have yet to need this functionality?!? You have got
to be joking.


Nope, don't have it in one application that I've written
yet.  And, if I ever need it, I'll do it then.

Wait, I do...  I use my simple #Replace subprocedure on the
forum software I wrote to convert < to &LT; so that HTML and
Javascript show up as such, and not mess up the page.  But,
that's the only char I need to convert right now.

But, I don't recall doing it in my "business" apps, maybe
Aaron could check the code.  We tend not to have many people
with the name Fre<derick Sm>ith.  ;)

Brad, do you *really* not have a need for escaping text and
URL-encoding query strings? Let's take a quick look at some of your
published programs:

Let's take program ITEMLIST on pages 220-222 of your first e-RPG
book. At the top of page 222, the program places database data into
the HTML document without escaping it. If a field contained the '<'
character, it and all the following text in the field would be
ignored. And probably, the layout of the rest of the row would get
messed up too. Later, in the middle of the page, you construct an
anchor tag with a query string without properly URL-encoding the
arguments. If a field contained the '&' character (to pick one), it
would be considered a parameter separator. The subsequent text in
the string would be interpreted as a parameter name, and not as part
of the previous argument. Other characters like '+', '=', and '%'
also have special meaning in a query string.

Want another example? You've got a similar program in your article
"Supercharge your e-RPG with SQL" in an issue of "iSeries 400
Experts Journal" with the exact same problems. No escaping of
database text at line 96, and no URL-encoding of query string
arguments at line 132.

OK, maybe your own personal test data doesn't include the
troublesome characters. But real-life production data may well
include characters other than just the alphanumerics. Characters
'<', '>', and '&' need to be escaped in HTML documents. Characters
other than 'A-Z', 'a-z', '0-9', '_', '-', and '.' need to be URL
encoded. I'm not making this up, Brad - thems the rules of CGI
programming.

Cheers!  Hans

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Follow-Ups:
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.