http://qs321.pair.com?node_id=259789


in reply to cgi security regex in subroutine

Hey there,

In addition to Ovid's excellent advice, I'd also like to recomment checking out the Data::FormValidator module on CPAN. It provides a number of simple methods to validate the parameters sent to you from the browser. Are the fields required or optional? Do you just want to see if anything at all was entered into them, or do you want fine grained control over what was entered? It lets you choose all of that. Here is an example of how you might use it:
### Note: untested code # Require food_name and food_group # color is optional, but validate it if they pass it in my $fields_profile = { required => [ "food_name", "food_group" ], optional => [ "color" ], constraints => { food_name => \&validate_word, food_group => \&validate_word, color => \&validate_word, }, # Untaint a field if and only if it passes a constraint untaint_all_constraints => 1, }; # You can simply pass in your CGI object along with your fields pr +ofile my $results = Data::FormValidator->check($q, $fields_profile); # If data is missing or invalid, just print it out if ($results->has_missing or $results->has_invalid) { print "Missing: ", join ", ", $results->missing; print "Invalid: ", join ", ", $results->invalid; } else { print "Excellent food submission!"; } # Called by Data::FormValidator when it needs to validate our para +meters sub validate_word { my $val = shift; return $val =~ /^[\w ]+$/ }
Hopefully, that gives you a decent example of how it might work. Be sure to read the docs, they give lots of examples. Good luck!
-Eric

--
Lucy: "What happens if you practice the piano for 20 years and then end up not being rich and famous?"
Schroeder: "The joy is in the playing."