Well, it depends on the context - for *known* data input, I would rather use existing tools than re-invent the wheel. In the example you gave, surely some sort of user input sanitisation goes on first? Nick
| [reply] |
"for *known* data input, I would rather use existing tools than re-invent the wheel.
As touched on in Passing a regex from a CGI HTML form security is an issue. Here you replied to someone who is obviously struggling with the basics and provided them a foot gun... 'I use this on a couple of my CGI scripts', mentioning nothing about sanitizing the data. Since you're already using perl I see no reason why you don't just write to a file from your script rather than shelling out, running sed with no error checking. Rather than reinvent the wheel this is like taking a unicycle along with you when riding your bike. Sure you could do it, but what's the point? Seems unnecessarily messy.
| [reply] |
As I said, it depends on the context (i.e. HTML form drop down boxes etc.). Also, even if you did just use perl to write to file, you still need to sanitise the data first anyway, no? So whatever method is used, all user input data needs to be sanitised before using it - I thought that was a foregone conclusion. I once made a unicycle and taught myself to ride it :) Nick EDIT: Also, I just answered the question and showed one way to do it - I didn't think I needed to provide a full synopsis of how to do the whole lot!
| [reply] |