Re: if statement

"Chris H" <socialism001@xxxxxxxxx> wrote in
news:1130456186.193121.312170@xxxxxxxxxxxxxxxxxxxxxxxxxxxx:

> if $query->param('distribution') {

Hmmm ... post real code.

Also:

use strict;
use warnings;

missing

> $newline2 =
> join(',','code9',$ENV{'REMOTE_HOST'},$now_string,$ENV{'REMOTE_ADDR'},
> $query->param('email'),$query->param('distribution'),
> $query->param('-max'),$query->param('-min'),$query->param('~=use'),
> $query->param('~=city'))
> ;

Are you trying to make your code hard to read on purpose?

my $newline2 = join(',',
'code9',
$ENV{'REMOTE_HOST'},
$now_string,
$ENV{'REMOTE_ADDR'},
$query->param('email'),
$query->param('distribution'),
$query->param('-max'),
$query->param('-min'),
$query->param('~=use'),
$query->param('~=city')
);

Note that IMHO $query is not a great name for the CGI object (even
thought the docs use it). I prefer to use $cgi.

> open (FILE_H, ">>$write_email" ) ||
> error_out( "Unable to open file: $!" );

This can be a security hole giving potential crackers information about
your system which you might not want to give.

> if ($LOCK_EX) {
> flock(FILE_H, $LOCK_EX);
> }

I am not 100% positive on this but it seems to me that passing $LOCK_EX,
rather than LOCK_EX from Fcntl, to flock is an error. It is way too
confusing for you to have a variable named after a constant exported by
a standard Perl module.

> print FILE_H $newline2;

This is a giant security hole. You are allowing arbitrary amounts of
data to be written to whatever filename is given by $write_email.

You are not checking if flock succeeded.

> close (FILE_H);

You are not checking if close succeeded.

> chmod ( 0666, $write_email );

I am not sure what you think this is useful and/or necessary.

Sinan

--
A. Sinan Unur <1usa@xxxxxxxxxxxxxxxxxxx>
(reverse each component and remove .invalid for email address)

comp.lang.perl.misc guidelines on the WWW:
http://mail.augustmail.com/~tadmc/clpmisc/clpmisc_guidelines.html

.