Beefy Boxes and Bandwidth Generously Provided by pair Networks
Do you know where your variables are?
 
PerlMonks  

Re^8: Removing malicious HTML entities (now with more questions!)

by techcode (Hermit)
on Sep 08, 2008 at 12:00 UTC ( #709737=note: print w/replies, xml ) Need Help??


in reply to Re^7: Removing malicious HTML entities (now with more questions!)
in thread Removing malicious HTML entities (now with more questions!)

Ugh I had to write so much of code that resembles what you have there - that at the end I wrote my own little DB "abstraction" (more like SQL generator and executer) to re-factor all that. It generates SQL by using placeholder for everything (values) and based on fields available in data/form and table. So I ended up with something like:
$DB->insert_record( table => 'mytable', data => $form, ); # But if you want timestamp => NOW() it should not be used as # placeholder so I added another parameter marking which fields # should be included as they are ... Of course this particular # example would better been done by setting default value of # timestamp field to NOW() and sending nothing here.... $form->{timestamp} ||= 'NOW()'; $DB->insert_record( table => 'mytable', data => $form, as_is_fields => $form->{timestamp} eq 'NOW()' ? [qw/timestamp/] : [ +], );
Now days I just pass around hashrefs from CGI to my DB-thing (through HTML::Entity and Data::FormValidator first), and from DB-thing to TemplateToolkit on output. And just take care to use same field names in all of those - so that DB-thing could do it's magic.

Have you tried freelancing/outsourcing? Check out Scriptlance - I work there since 2003. For more info about Scriptlance and freelancing in general check out my home node.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://709737]
help
Chatterbox?
[LanX]: they?
[LanX]: click!
[choroba]: they
[LanX]: why do you think it's more than one person?
[Your Mother]: Because we are LEGION! Fix YOUR SIG SIG BLOCK!!!!
[Your Mother]: Forgot to sign in as my sockpuppet, how embarrassing!
[1nickt]: pryrt I am creating a Type to check valid user IDs, which must be a whole number greater than or equal to zero. I would like to disallow 1.0 but because of this behaviour, by the time it is checked by the constraint, it *is* an Int.
[LanX]: should this be considered? Re: Parsing .txt into arrays
[LanX]: and this Re^4: Hash user input
[pryrt]: LanX, I would vote "keep" if it were considered: it's not helpful, but it could be taken multiple ways, not all of which are offenseive...

How do I use this? | Other CB clients
Other Users?
Others meditating upon the Monastery: (15)
As of 2017-05-24 20:11 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?