Re: "QUERY_STRING beast" Was "CGI ???"

Darren New (dnew@sgf.fv.com)
Fri, 17 Nov 1995 17:27:54 +0000

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Rawlings: "Re: Form-based File Upload in HTML"
Previous message: Larry Masinter: "Form-based File Upload in HTML"
In reply to: William F. Hammond: ""QUERY_STRING beast" Was "CGI ???""

> Some of the "ugliness" in the CGI standard arises from security
> concerns. Escaped characters exist in part to prevent processes on
> various systems from choking on characters that are special to those
> processes, and, therefore, to make CGI robust across many platforms.

Actually, I thought CGI stuff was escaped because it's basically
URL-like, and URLs are escaped so they are easy to read/print/etc.
Nothing to do with security.

> The QUERY_STRING may be empty and certainly does not need to be
> a "beast" if client data is dispatched with method POST -- the
> *recommended* way.

Well, you could certainly make the server decode the URL escapes instead
of the CGI script, but that doesn't mean having the CGI script do it is
somehow wrong.

Next message: Jeff Rawlings: "Re: Form-based File Upload in HTML"
Previous message: Larry Masinter: "Form-based File Upload in HTML"
In reply to: William F. Hammond: ""QUERY_STRING beast" Was "CGI ???""