Beefy Boxes and Bandwidth Generously Provided by pair Networks
Keep It Simple, Stupid
 
PerlMonks  

Re: CGI - hazardous characters

by bradcathey (Prior)
on Jul 20, 2010 at 02:19 UTC ( #850338=note: print w/ replies, xml ) Need Help??


in reply to CGI - hazardous characters

Not sure exactly what you are looking for, but here's some Perl that grabs the form value and then tests it for unwanted characters and untaints in the same step. I have a bunch of validation methods depending on what I'm testing for.

Calling script:

($sql{'name'}, $error) = $self->val_text( 1, 64, $self->query->param(' +name') ); if ( $error-> { msg } ) { push @error_list, { "name" => $error->{ m +sg } }; }

Validation script

sub val_alphanum { my $self = shift; my ($mand, $len, $value) = @_; if (!$value && $mand) { return (undef, { msg => 'cannot be blank' }); } elsif ($len && (length($value) > $len) ) { return (undef, { msg => 'is limited to '.$len.' characters.' }); } elsif ($value && $value !~ /^(\w*)$/) { return (undef, { msg => 'can only use letters, numbers and _' } else { my $tf = new HTML::TagFilter; return ($tf->filter($1)); } }

I've put a lot of work in to figuring out this CGI stuff—you can see more complete examples at Using Perl, jQuery, and JSON for Web development and A Tutorial for CGI::Application.

—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot


Comment on Re: CGI - hazardous characters
Select or Download Code

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://850338]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others about the Monastery: (5)
As of 2014-09-17 06:40 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (61 votes), past polls