[Catalyst] Similar attribute appears twice despite a single POST (submit) request.

[Tomas Doran]

kakimoto at tpg.com.au wrote:
> Guys, if the user is clicking on the submit button in step 6, that's a
> POST request. So, why is the a 'query parameters' block present? From my
> understanding, a query_parameter block is for GET requests.

Doing a POST to /foo?id=58 will fill query_parameters, as you would expect.

> I know that to get the 'id' I want which is from the body parameters, I
> should use $c->request->body_parameters{'id'} but in doing so, it looks
> like I am avoiding the problem and its cause rather than understand what
> it is about.

And so if you submit a form to /foo?id=58, with id=58 in the body of the 
post request, you _will_ have multiple values of the parameter.

This is a general issue - unless you're aware of it, your app is likely 
to be fairly easy to break by supplying multiple values for a parameter, 
for example /foo?id=58&id=58 will generate [qw/ 58 58 /] in your 
query_parameters.

This is why you validate both the content, and structure of all incoming 
data :)

The neatest way to get around this, on a small scale is probably:

use Moose::Autobox;
my $field = ($c->query_parameters->{id}->flatten)[0];

(untested, but something like that)..

I wouldn't recommend writing that for every single parameter ever 
however - use a form handling abstraction which will do the work for you.

Cheers
t0m