|
Anneq has asked for the wisdom of the Perl Monks concerning the following question:
I'm using Data::FormValidator, which has saved me many lines of code and has greatly simplified my validation logic. Excellent module.
However, due my lack of Perl experience, I'm having trouble creating a D::FV profile to apply multiple constraints to a single query parameter. I've searched the POD, perlmonks and googled but didn't find anything that helped me see how to do it. Here is a snippet of what I've got so far:
my $ca_obj = shift; # CGI::Application object
my $q = $ca_obj->query();
my $dfv_profile =
{
required => [qw (userid)],
constraints =>
{
userid =>
{
name => 'userid_exists',
constraint => sub {
return !MyDBITools->user_exists($ca_obj); },
},
userid =>
{
name => 'userid_untaint',
constraint => qr/^[-\@\w.]+$/,
},
},
msgs =>
{
format => '%s',
constraints =>
{
'userid_exists' => "User ID already exists.",
'userid_untaint'=> "User ID contains bad stuff",
},
},
};
my $results = Data::FormValidator->check($q, $dfv_profile);
Using the code above, as I fully expected it to, the userid_untaint constraint is overriding the userid_exists constraint, because the second instance of the userid hash key is trashing the first. This is clear from my results. I get the "User ID contains bad stuff" error and the already existing user gets registered. If I remove the userid_untaint constraint, I get the expected error message "User ID already exists."
Does anyone know the proper syntax to write multiple constraints for a single variable?
|
Re: Mulitple constraints for Data::FormValidator
by Anonymous Monk on Apr 17, 2004 at 00:45 UTC
|
$q->param( userid_untaint => 'dummy junk' );
my $dfv_profile =
{
required => [qw (userid_untaint)],
dependencies => {
userid_untaint => [ qw( userid ) ],
},
constraints =>
{
userid =>
{
name => 'userid_exists',
constraint => sub {
return !MyDBITools->user_exists($ca_obj); },
},
userid_untaint =>
{
name => 'userid_untaint',
constraint => sub {
my $tmp = $q->param( 'userid' );
$tmp =~ s/^[-\@\w.]+$/;
$q->param( userid => $tmp );
},
},
},
msgs =>
{
format => '%s',
constraints =>
{
'userid_exists' => "User ID already exists.",
'userid_untaint'=> "User ID contains bad stuff",
},
},
};
The idea being to use a dummy constraint to do the untainting. This
assumes that the module will perform the userid_untaint first because
it's required, that will re-set the userid parameter with an untainted
version, then dependencies will force the userid to be required also,
then the module will run the userid validation which then performs
the original function on the now untainted value.
I have no idea if this will actually work.
Why can't you untaint and check your database at the same time? | [reply]
[d/l] |
|
|
Bloody excellent, anon.
I never would have figured to do that clever trick. I tested it and it worked like a charm.
However I changed a few things from your suggested code to get exactly what I needed. I'm including them here in case others might want to use this ingenious tactic.
I reverted to my original regexp constraint for the userid_untaint constraint because I wanted users to know that they had entered invalid characters and didn't want the password silently changed, because then they wouldn't be able to log back in using their original password.
As well, I changed $q->param( userid_untaint => 'dummy junk' ); to $q->param( userid_untaint => $q->param('userid')); and took out the dependancy. Then I added both userid and userid_untaint to the required list. This way, the userid_untaint (I must change the name to something like userid2 or some such) becomes like an additional variable to be tested.
I'll ++ you tomorrow when I have some votes. Its a shame you are anon, because your excellent idea should be recognized.
Why can't you untaint and check your database at the same time?
I wanted a clear separation between each test to make it easier to send messages to the user and to make my code more maintainable. I included only a snippet of code in my OP, however, there are many more tests, including passord confirmation, email validation, etc. I am trying to take full advantage of the power of the D::FV module.
Many thanks,
Anne
| [reply]
[d/l]
[select] |
|
|
I had a similar problem yesterday (and found this thread while doing a bit of research) but found an alternative solution in the module docs and thought I'd write it up here for the next time someone searches.
From the docs:
Multiple constraints can be applied to a single field by defining the value of the constraint to be an array reference.
I needed to (sort of) check the validity of an email address and make sure that the address' owner was not already registered.
To complicate matters a bit further, I needed to check that the entry in a field to confirm the email address matched.
Here's an abridged version of the form profile I used. It presupposes the existence of a Class::DBI derived package that knows about users:
my $profile = {
required => [ qw(
user_name
user_email
user_email_confirm
# more stuff here...
) ],
msgs => {
prefix => q[e_],
constraints => {
# helpful error messages:
user_email_valid => q[Invalid address],
user_email_lookup => q[Already registered],
emails_match => q[Emails don't match],
},
},
# tidy entries:
filters => ['trim','strip'],
constraints => {
user_email => [
{
name => q[user_email_valid],
constraint => q[email],
},
{
name => q[user_email_lookup],
constraint => sub {
# have a look in database:
!My::Content::User->search(
user_email => $_[0],
);
},
params => [ qw(
user_email
) ],
}
],
user_email_confirm => {
name => q[emails_match],
constraint => sub { $_[0] eq $_[1] },
params => [ qw(
user_email
user_email_confirm
) ],
},
# more constraints, perhaps...
},
};
HTH someone,
| [reply]
[d/l] |
|
|
