Not sure exactly what you are looking for, but here's some Perl that grabs the form value and then tests it for unwanted characters and untaints in the same step. I have a bunch of validation methods depending on what I'm testing for.
Calling script:
($sql{'name'}, $error) = $self->val_text( 1, 64, $self->query->param('
+name') );
if ( $error-> { msg } ) { push @error_list, { "name" => $error->{ m
+sg } }; }
Validation script
sub val_alphanum {
my $self = shift;
my ($mand, $len, $value) = @_;
if (!$value && $mand) {
return (undef, { msg => 'cannot be blank' });
} elsif ($len && (length($value) > $len) ) {
return (undef, { msg => 'is limited to '.$len.' characters.' });
} elsif ($value && $value !~ /^(\w*)$/) {
return (undef, { msg => 'can only use letters, numbers and _'
} else {
my $tf = new HTML::TagFilter;
return ($tf->filter($1));
}
}
I've put a lot of work in to figuring out this CGI stuff—you can see more complete examples at Using Perl, jQuery, and JSON for Web development and A Tutorial for CGI::Application.
—Brad "The important work of moving the world forward does not wait to be done by perfect men." George Eliot
|