[Catalyst] Similar attribute appears twice despite a single POST
(submit) request.
Tomas Doran
bobtfish at bobtfish.net
Wed Apr 29 12:38:41 GMT 2009
kakimoto at tpg.com.au wrote:
> Guys, if the user is clicking on the submit button in step 6, that's a
> POST request. So, why is the a 'query parameters' block present? From my
> understanding, a query_parameter block is for GET requests.
Doing a POST to /foo?id=58 will fill query_parameters, as you would expect.
> I know that to get the 'id' I want which is from the body parameters, I
> should use $c->request->body_parameters{'id'} but in doing so, it looks
> like I am avoiding the problem and its cause rather than understand what
> it is about.
And so if you submit a form to /foo?id=58, with id=58 in the body of the
post request, you _will_ have multiple values of the parameter.
This is a general issue - unless you're aware of it, your app is likely
to be fairly easy to break by supplying multiple values for a parameter,
for example /foo?id=58&id=58 will generate [qw/ 58 58 /] in your
query_parameters.
This is why you validate both the content, and structure of all incoming
data :)
The neatest way to get around this, on a small scale is probably:
use Moose::Autobox;
my $field = ($c->query_parameters->{id}->flatten)[0];
(untested, but something like that)..
I wouldn't recommend writing that for every single parameter ever
however - use a form handling abstraction which will do the work for you.
Cheers
t0m
More information about the Catalyst
mailing list