cgi • Async.fi

QUERY_STRING parsing in plain C

January 10, 2011

As far as I can tell (which, I'll be the first one to admit, doesn't count for that much) this code is so simple that there are no holes that could be exploited.

  char * query = getenv("QUERY_STRING");
  char * pair;
  char * key;
  double value;

  if(query &amp;&amp; strlen(query) > 0) {
    pair = strtok(query, "&amp;");
    while(pair) {
      key = (char *)malloc(strlen(pair)+1);
      sscanf(pair, "%[^=]=%lf", key, &amp;value;);
      if(!strcmp(key, "lat")) {
        lat = value;
      } else if(!strcmp(key, "lng")) {
        lng = value;
      }
      free(key);
      pair = strtok((char *)0, "&amp;");
    }
  }

Tagged with: cgi

Categorised as: snippet