form validation

damian has asked for the wisdom of the Perl Monks concerning the following question:

Replies are listed 'Best First'.
Re: form validation by perlmonkey (Hermit) on May 10, 2000 at 06:13 UTC
Your code looks okay (dispite the nonformatting). But you are using double negative logic. By using`/[^a-zA-Z-0-9]/` with the leading '^' you are matching anything that is not in the that group. Then you are notting that result with the '!', so you are saying: If the user name has one character not not in a-zA-Z0-9_ then print error. Better stated: if username has a valid character print error. By the way: /\W/ is the same as the above regex. You need something like: `if($FORM{'username'} =~ /\W/)) { print "Content-type: text/html\n\n"; print " Error: spaces not allowed\n"; exit; } else { &proceed; }` [download] where the \W means non word character (ie not a-zA-Z0-9_). So if the username matches a single non word character then print error.	[reply] [d/l] [select]
Re: form validation by plaid (Chaplain) on May 10, 2000 at 06:08 UTC
Your regular expression seems to work fine.. it's kind of hard to read, but I assume the regular expression is supposed to be `/[^a-zA-Z0-9_]/` [download] First off, you don't need to negate the return value of the regular expression.. it's fine as it is. The only suggestion I could give would be that you might instead want to simplify by saying: `/[^\w]/` [download] As the \w metacharacter is equal to exactly a-zA-Z0-9_. To simplify further: `/\W/` [download] As \W is the opposite of \w	[reply] [d/l] [select]
Re: form validation by damian (Beadle) on May 12, 2000 at 05:06 UTC
yup, thanks guys for your suggestions..... i was only checking for whitespaces not invalid characters so i used <code> if($FORM{'username'} =~ /\S/) { ..... } this will check if $FORM{'username'} contains whitespace. thanks again guys.	[reply]
Re: form validation by ZZamboni (Curate) on May 10, 2000 at 06:13 UTC
(Next time, remember to use the <code> tag to enclose your code) It should work if you remove the negation. Right now it says "if the username does not contain a non-alphanumeric character, generate an error", which is exactly the opposite of what you want. Remove the "!" and it should be corrected. Also, remember that \w in Perl regular expressions represents the "alphanumeric plus underscore" class, exactly the class you used, and \W represents its complement. So you could do the test like this: `if ($FORM{username} =~ /\W/) { &error; } else { &proceed; }` [download] IMHO it is clearer and safer to check that the string contains only valid characters, instead of checking if it contains invalid ones. Like this: `if ($FORM{username} =~ /^\w+$/) { &proceed; } else { &error; }` [download] --ZZamboni	[reply] [d/l] [select]
RE: Re: form validation by perlmonkey (Hermit) on May 10, 2000 at 06:25 UTC
IMHO it is clearer and safer to check that the string contains only valid characters, instead of checking if it contains invalid ones. I disagree that it is safer, I find the one with less characters easier to read. Also your prefered method is slower. It is easier to find one bad apple than to look through and validate every one. The net result maybe the same but only in the 'worst case' senario. But that is only IHMO also.	[reply]


Perl Monk, Perl Meditation
	PerlMonks