On 15 Apr 2002 22:46:33 -0400, [EMAIL PROTECTED] (Daniel Falkenberg) wrote:
>I am just about to go ahead and start validating form data. I was
>thinking about tackling it in the following way...
>
>$data1 = param("data1");
>$data2 = param("data2");
>$data3 = param("data3");
>$data4 = param("data4");
>
>if ($data1 ne "Whatever") {
> print "Not equal";
>elsif ($data2 ne "Test") {
> print "Hello world";
>Of coarse I will be making it a little for stringent :) but is there a
>better way of tackling this?
Hi, if you are going to test your form input, you may as well
do it the suggested "perl way" and use the "taint checking"
process. Read perldoc perlsec. Put -T on your shebang line,
and you are in "taint-checking mode". To taint check, you
setup a regex to extract the $1 from it. Anything passing thru the
$1 variable is considered clean. This way, you will be checking your
variable, and doing the taintchecking at the same time.
The generic variable testing takes this form, where you
put in a more suitable regex for your variable.
if ($data1 !~ /^(Whatever)$/) { $data1 = $1; # $data now untainted
} else {die "Bad data in $data1"; # log this somewhere
}
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
