In message <40504.1382576...@server1.tristatelogic.com>, I wrote: >>> Well, I added to the script some rudimentary filtering/validation of >>> the input strings in question also. >> >>you need more than rudimentary filtering. make sure the from field is >>one string, no newlines or anything but printable text. > >Um, yes, sorry. I failed to make my meaning plain. > >When I said "rudimentary filtering" of the input strings, what I really >had intended to say was that I implemented "quick and dirty" filtering of >the strings in question that is grotesquely *over*-restrictive in each >case. (The input validation steps for both name and e-mail address >*should*, ideally, be much looser than what I have now, but I am too >busy just now to deal with it.) > >For example, if you try *now* to use my contact form and if you try to >use any ``funny'' characters at all in either your name or your e-mail >address, the current data collection script will basically refuse that >data and then tell you to try again. > >(I hope that nobody from Europe who has umlauts or grave accents in the >correct spellings of their names needs to use that form to contact me >anytime soon. :-)
As a hypothetical, assume for the moment that one day I will have time to implement the validation of the input strings ``properly''. Does anyone wnat to pass me a free clue or two as to how I might do this? The contact form is *really* simple: http://www.tristatelogic.com/contact2.html I know that parsing e-mail address _properly_, i.e. according to all current RFC rules can be really rather complex, so I'll start by looking around to see if there is some existing off-the-shelf Perl package that will do this for me. (Anybody know which one I should be looking at on CPAN?) And I also know that if I want to be really persnickety, I'll even check the domain name part to make sure it has either an associated MX or A record in DNS. I may do that too, but I don't need any help for that, because I already know my way around the DNS:: stuff. As regards to the (person's) name data, can anybody suggest a good and proper filter for that? I'd like it to reject any string that contains *any* characters that simply do not ever belong in a person's name... not just newlines and such. For example, I don't know anybody who writes their name with a (US) dollar sign or exclamation point or a asterisk, or most other special characters. But I don't really know poo about international character sets or how to handle them properly, so I really have no idea how to even start working on a ``proper'' filter for the name string. Any helpful tips would be appreciated. Regards, rfg -- To unsubscribe, e-mail: beginners-unsubscr...@perl.org For additional commands, e-mail: beginners-h...@perl.org http://learn.perl.org/