Re: "QUERY_STRING beast" Was "CGI ???" from Darren New on 1995-11-17 (www-talk@w3.org from November to December 1995)

From: Darren New <dnew@sgf.fv.com>
Date: Fri, 17 Nov 1995 17:27:54 +0000
To: "William F. Hammond" <hammond@csc.albany.edu>
Cc: www-talk@w3.org
Message-Id: <Pine.3.89.9511171715.A1751-0100000@sgf.fv.com>

> Some of the "ugliness" in the CGI standard arises from security
> concerns.  Escaped characters exist in part to prevent processes on
> various systems from choking on characters that are special to those
> processes, and, therefore, to make CGI robust across many platforms.

Actually, I thought CGI stuff was escaped because it's basically 
URL-like, and URLs are escaped so they are easy to read/print/etc.
Nothing to do with security.

> The QUERY_STRING may be empty and certainly does not need to be
> a "beast" if client data is dispatched with method POST -- the
> *recommended* way.

Well, you could certainly make the server decode the URL escapes instead 
of the CGI script, but that doesn't mean having the CGI script do it is 
somehow wrong.

Received on Friday, 17 November 1995 17:28:21 UTC