Regex, Taint, Review
Hello All,
I have a script to process an inquiry form.(go figure ;)
Anyway, if someone could take a quick look and see if I'm missing
anything obvious or see anything that would allow a breach in
security, I would appreciate it.
Particularly my regex filters may need a third eye to catch something
because they still aggravate my brain tumor to figure out sometimes.
Also, I'd like to turn on taint checking but I believe that my
$ENV{'HTTP_REFERER'} $ENV{REMOTE_ADDR} are the cause of errors when
I do. If someone could show me how to fix this, I'll name my third
born after you.
Also, before anybody gets their panties in a bundle, I've read all the
banter on this list about validating email addresses how it can't be
done 100% of the time, the mods to look at such. I'm just shooting
for a high 80% success. I got fred[EMAIL PROTECTED] taken care of
the rest can read my error page telling them to just send me an e-mail
with the info... ;)
Code is below, thanks a bunch!
CODE
#!/usr/bin/perl -w
use strict;
use CGI qw(:standard);
$CGI::DISABLE_UPLOADS = 1;
$CGI::POST_MAX= 512 * 1024;
my ($ENV,$sendmail,$time,$name,$email,$subject,$comments,
$bad_name,$bad_email,$bad_subject,$bad_comments);
$sendmail = '/usr/sbin/sendmail';
$time = localtime(time);
$bad_name = param('name');
if ( $bad_name =~ /^([a-zA-Z\s_]+)$/ ) {
$name = $1; }
else {
error();
exit; }
$bad_email = param('email');
if( $bad_email =~ m/\w\S+\@\w\S+\./) {
$bad_email =~ /([\w+\-\\._]+\@[\w+\.\-_]+)/;
$email = $1; }
else {
error();
exit; }
# A one-word drop-down menu selection for this one. If they try to
# send anything else here... they can bite me ;)
$bad_subject = param('subject');
if ( $bad_subject =~ /^([a-zA-Z]+)$/ ) {
$subject = $1; }
else {
error();
exit; }
$bad_comments = param('comments');
if ( $bad_comments =~ /^([a-zA-Z\d\s\-\.\?!,_]+)$/ ) {
$comments = $1; }
else {
error();
exit; }
if (($ENV{'HTTP_REFERER'} eq http://www.my-domain.com/contact/index.html;) ||
($ENV{'HTTP_REFERER'} eq http://my-domain.com/contact/index.html;) ||
($ENV{'HTTP_REFERER'} eq http://www.my-domain.com/contact/;) ||
($ENV{'HTTP_REFERER'} eq http://my-domain.com/contact/;))
{
# DO NADA - JUST CONTINUE ON
}
else {
invalid();
exit; }
if(param()) {
open (MAIL, | $sendmail -t -oi) || die Can't open $sendmail : $!\n;
print MAIL To: webmaster\@my-domain.com\n;
print MAIL From: webmaster\@my-domain.com\n;
print MAIL Subject: $subject\n\n;
print MAIL On $time\n;
print MAIL This information was received:\n\n;
## Personal Information ##
print MAIL Inquiry Information:\n;
print MAIL $ENV{REMOTE_ADDR}\n;
if($name) {
print MAIL Name: $name\n; }
else { error(); }
if($email) {
print MAIL E-Mail: $email\n; }
else { error(); }
if($subject) {
print MAIL Subject: $subject\n; }
else { error(); }
if($comments) {
print MAIL Comments: $comments\n; }
else { error(); }
close(MAIL);
print Location: http://www.my-domain.com/thankyou.html\n\n;;
exit; }
print Location: http://www.my-domain.com/contact/index.html\n\n;;
sub error {
print Location: http://www.my-domain.com/contact/error.html\n\n;;
}
sub invalid {
print Location: http://www.my-domain.com/contact/invalid.html\n\n;;
}
/CODE
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
+=+
+ Only two things are infinite, the universe and +
+ human stupidity, and I'm not sure about the former.+
+ -- Albert Einstien +
+=+
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: Cgi on IIS
Hello Maureen,
The only time I've seen the HTTP Error 405- when submitting a form is
when I've inadvertently used action=post instead of action=POST
which I see you've done in your script.
I must have banged my head on that for over an hour before I figured
it out. Hope this helps.
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
Wednesday, January 16, 2002, 1:18:39 PM, you wrote:
m I hope someone can help me out.
m I set up this cgi file and html form on a Unix server. The script
m changes a user's password in a text file.
m This works correctly on a Unix Server. However, I need to move these
m files to an IIS server.
m In testing on the IIS server, I get an HTTP Error 405- Method not
m allowed when the form is submitted.
m I did some research, but was unable to determine how to correct the
m error.
m If anyone could help me out, I'd really appreciate it.
m Thanks, Maureen
m #!/usr/bin/perl
m require cgi-lib.pl;
m #process incoming form data
m ReadParse;
m #set content type
m print PrintHeader;
m #initialize variables
m $pwfile =
m /data1/hypermart.net/worldwidewebstrategies/datafile/pwdata.txt;
m $tmpfile =
m /data1/hypermart.net/worldwidewebstrategies/datafile/pwdata.tmp;
m $lokfile =
m /data1/hypermart.net/worldwidewebstrategies/datafile/pwlock.fil;
m #Print initial tags for web page
m print HTMLBODY\n;
m #check for existence of password file
m unless (-e $pwfile)
m {
m #password file doesn't exist!
m #print message shut down
m print PrintTag;
m H1Sorry!/H1
m P$pwfile has't been uploaded to the
m proper directory. Please contact the webmaster./P
m /BODY
m /HTML
m PrintTag
m exit(0);
m }
m #check for blank form fields
m if ($in{'oldname'}eq || $in{'oldpw'}eq)
m {
m #re-create form and shut down program
m print PrintTag;
m PBERROR:/B Please type your current username and
m password in the spaces provided./P
m FORM
m ACTION=http://server37.hypermart.net/worldwidewebstrategies/cgi-bin/changepw.cgi;
METHOD=post
m PYour current username:BR
m INPUT TYPE=text NAME=oldname VALUE=$in{'oldname'}/P
m PYour current password:BR
m INPUT TYPE=textNAME=oldpw VALUE=$in{'oldpw'}/P
m PYour new password:BR
m INPUT TYPE=text NAME=newpw1 VALUE=$in{'newpw1'}/P
m PType your new password again:BR
m INPUT TYPE=text NAME=newpw2 VALUE=$in{'newpw2'}/P
m P
m PrintTag
m if ($in{'delete'} eq yes)
m {
m print INPUT TYPE=\checkbox\
m NAME=\delete\ VALUE=\yes\ CHECKED\n;
m }
m else
m {
m print \n;
m }
m print PrintTag;
m /P
m INPUT TYPE=submit VALUE=Change
m /FORM
m /BODY
m /HTML
m PrintTag
m exit(0);
m }
m #make sure new passwords match
m if ($in{'newpw1'} ne $in{'newpw2'})
m {
m #re-create form and shut down program
m print PrintTag;
m PBERROR:/B Your new passwords didn't match.
m You must type your new password exactly the same way twice.
m Please try again./P
m FORM
m ACTION=http://server37.hypermart.net/worldwidewebstrategies/cgi-bin/changepw.cgi;
METHOD=post
m PYour current username:BR
m INPUT TYPE=text NAME=oldname VALUE=$in{'oldname'}/P
m PYour current password:BR
m INPUT TYPE=text NAME=oldpw VALUE=$in{'oldpw'}/P
m PYour new password:BR
m INPUT TYPE=text NAME=newpw1/P
m PType your new password again:BR
m INPUT TYPE=text NAME=newpw2/P
m INPUT TYPE=submit VALUE=Change
m /FORM
m /BODY
m /HTML
m PrintTag
m exit(0);
m }
m #check for existence of lock file
m if (-e $lokfile)
m {
m #lock file exists! print message shut down
m print PrintTag;
m H1Try again!/H1
m PThe database is in use. Please try again later./P
m /BODY
m /HTML
m PrintTag
m exit(0);
m }
m #everything is okay. Create lock file.
open(LOCK_FILE, $lokfile) ||
m die Couldn't create $lokfile\n;
m #open password file in read-only mode
m open(FILE,$pwfile) ||
m die Can't find $pwfile.\n;
m #store database contents in an array and close file
m @indata = FILE;
m close(FILE);
m #open temp file in overwrite mode
open(TEMP,$tmpfile) ||
m die Can't create $tmpfile.\n;
m #copy password file contents to temp file
m #use a foreach loop to process each record in the array
m foreach $i (@indata)
m {
m #remove hard return character from each record
m chomp($i);
m #split fields on pipe character
m #assign a variable name to each of the fields
m ($username,$password) = split(/\|/,$i);
m if ($username eq $in{'oldname'}
m $password eq $in{'oldpw'}
m $in{'delete'} ne yes)
m {
m print TEMP $in{'oldname'}|$in{'newpw1'}\n;
m print Ph1 Success!/h1Your password has been changed./P\n;
m }
m elsif ($username eq $in{'oldname'}
m $in{'delete'} eq yes)
m {
m print PYour password has been deleted./P\n;
m }
m else
m {
m print TEMP $i\n;
m }
m }
m #close temp file
m close(TEMP);
m #change file names
m rename($pwfile, $pwfile..old);
m rename($tmpfile, $pwfile);
m #close and delete lock file
m close(LOCK_FILE);
m unlink($lokfile);
m #close web page
m print PThank you! /P\n;
m print /BODY/HTML\n;
m #end of script
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Won't write IP address to file
Hello All,
Could somebody please help me figure out why the following code will
not write the IP address to a file?
I've verified that the code can find the file, open it overwrite any
junk/test data already there with nothing. I've also printed out the
IP address on the previous page using just the print statement.
CODE
sub pcheck {
if (param('pwd') eq $pw ) {
open (CHECK,${path}dmp.dat) || die Cannot open dmp.dat: $!;
flock (CHECK, 2) if ($flock);
while (CHECK) {
print $ENV{'REMOTE_ADDR'}; }
close (CHECK);
flock (CHECK, 8) if ($flock);
} else { invalid_info; }
ad2;
}
/CODE
All help is appreciated. Thank you for your time.
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
+=+
+ Only two things are infinite, the universe and +
+ human stupidity, and I'm not sure about the former.+
+ -- Albert Einstien +
+=+
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Won't write IP address to file
Hello Robert,
Duh! Thanks! I knew it was something stupid/simple. I just couldn't
figure IT out AND be pulled in 20 other directions at the same time.
Sometimes another eye planted in the middle of my forehead would
really come in handy... *;) Thanks again for your time!
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
Wednesday, January 16, 2002, 12:32:06 PM, you wrote:
HR It looks like you forgot to specify the file handle when printing.
HR print CHECK $ENV{'REMOTE_ADDR'}; }
HR Rob
HR -Original Message-
HR From: K.L. Hayes [mailto:[EMAIL PROTECTED]]
HR Sent: Wednesday, January 16, 2002 6:23 PM
HR To: [EMAIL PROTECTED]
HR Subject: Won't write IP address to file
HR Hello All,
HR Could somebody please help me figure out why the following code will
HR not write the IP address to a file?
HR I've verified that the code can find the file, open it overwrite any
HR junk/test data already there with nothing. I've also printed out the
HR IP address on the previous page using just the print statement.
HR CODE
HR sub pcheck {
HR if (param('pwd') eq $pw ) {
HR open (CHECK,${path}dmp.dat) || die Cannot open dmp.dat: $!;
HR flock (CHECK, 2) if ($flock);
HR while (CHECK) {
HR print $ENV{'REMOTE_ADDR'}; }
HR close (CHECK);
HR flock (CHECK, 8) if ($flock);
HR } else { invalid_info; }
HR ad2;
HR }
HR /CODE
HR All help is appreciated. Thank you for your time.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Won't write IP address to file
Hello Robert,
After trying your advise it still didn't write to the file. Went had
some dinner... came back it was obvious... Took the while (CHECK)
statement out it worked like a charm.
Whomever says that your stomach brain aren't connected... is just
wrong... in my case anyway... ;)
Posted the solution in case anybody wanted to know.
Thanks again!
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
Wednesday, January 16, 2002, 12:32:06 PM, you wrote:
HR It looks like you forgot to specify the file handle when printing.
HR print CHECK $ENV{'REMOTE_ADDR'}; }
HR Rob
HR -Original Message-
HR From: K.L. Hayes [mailto:[EMAIL PROTECTED]]
HR Sent: Wednesday, January 16, 2002 6:23 PM
HR To: [EMAIL PROTECTED]
HR Subject: Won't write IP address to file
HR Hello All,
HR Could somebody please help me figure out why the following code will
HR not write the IP address to a file?
HR I've verified that the code can find the file, open it overwrite any
HR junk/test data already there with nothing. I've also printed out the
HR IP address on the previous page using just the print statement.
HR CODE
HR sub pcheck {
HR if (param('pwd') eq $pw ) {
HR open (CHECK,${path}dmp.dat) || die Cannot open dmp.dat: $!;
HR flock (CHECK, 2) if ($flock);
HR while (CHECK) {
HR print $ENV{'REMOTE_ADDR'}; }
HR close (CHECK);
HR flock (CHECK, 8) if ($flock);
HR } else { invalid_info; }
HR ad2;
HR }
HR /CODE
HR All help is appreciated. Thank you for your time.
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Won't write IP address to file
Hello John,
Just wanted to say Thank You for ripping my poor little code segment
apart the way you did. Some might be offended if you did it to them,
but not me... IT MAKES ME A BETTER PERL HACKER! :)
Thanks for opening my eyes to some of my stupid code enlightening
me to some new ways of doing things. Since some of my reference
material is a couple years old, I welcome the help in getting it
right. In the future I'll make it a point to cross reference my books
to perldoc to save everybody some time.
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
Wednesday, January 16, 2002, 2:12:13 PM, you wrote:
JWK K.L. Hayes wrote:
Hello All,
JWK Hello,
Could somebody please help me figure out why the following code will
not write the IP address to a file?
I've verified that the code can find the file, open it overwrite any
junk/test data already there with nothing. I've also printed out the
IP address on the previous page using just the print statement.
CODE
sub pcheck {
if (param('pwd') eq $pw ) {
open (CHECK,${path}dmp.dat) || die Cannot open dmp.dat: $!;
flock (CHECK, 2) if ($flock);
JWK use Fcntl ':flock';
JWK if ( $flock ) {
JWK flock( CHECK, LOCK_EX ) or die Cannot lock dmp.dat: $!;
JWK }
while (CHECK) {
JWK You need this line only if you are reading data IN from a file, not
JWK writing OUT to a file.
print $ENV{'REMOTE_ADDR'}; }
JWK print CHECK $ENV{'REMOTE_ADDR'};
close (CHECK);
flock (CHECK, 8) if ($flock);
JWK There is no point in trying to unlock the file now, the close() has
JWK already unlocked it.
} else { invalid_info; }
JWK } else { invalid_info() }
ad2;
JWK ad2();
JWK When you call subroutines you shouldn't use an ampersand unless you
JWK understand how and why it behaves differently.
JWK perldoc perlsub
}
/CODE
All help is appreciated. Thank you for your time.
JWK John
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Should I use -e -d or opendir ?
Hello All,
I've found lot's of info on how to check if a file exists but nothing
about checking if a directory exists. I've posted the relevant code
below along with 3 variations of how I think it might work. If
somebody could point to the one that is correct or knows of a better
way I'd appreciate the help. Thank you.
CODE_SNIP
use constant USER_PATH = '/home/~client/htdocs/clients/';
$path = USER_PATH . $personal_key;
## Is This Correct? ##
if (-e $path) {
get_on_with_it }
else { errorMsg }
## Or This? ##
opendir(CLIENT, $path) or die errorMsg ;
closedir(CLIENT);
get_on_with_it
## Or Is It This? ##
if (-d $path) {
get_on_with_it }
else { errorMsg }
!CODE_SNIP
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
+=+
+ Only two things are infinite, the universe and +
+ human stupidity, and I'm not sure about the former.+
+ -- Albert Einstien +
+=+
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Should I use -e -d or opendir ?
Hello John,
Thank you for responding. That's what I like most about this list. Ask
a question, you usually end up getting a buffet of answers when all
you could reasonably hope for was a light snack. :)
I appreciate your time will keep your response for future reference
as well.
Hungry for knowledge,
K.L. Hayes
Wednesday, January 09, 2002, 8:17:23 PM, you wrote:
JWK K.L. Hayes wrote:
Hello All,
JWK Hello,
I've found lot's of info on how to check if a file exists but nothing
about checking if a directory exists. I've posted the relevant code
below along with 3 variations of how I think it might work. If
somebody could point to the one that is correct or knows of a better
way I'd appreciate the help. Thank you.
JWK No reason to think about it. Read the perlfunc documentation and
JWK write a small program to test it.
JWK $ perl -le'
JWK if (-f $ARGV[0]) {print file} else {print NOT a file}
JWK if (-d _) {print directory} else {print NOT a directory}
JWK if (-r _) {print readable} else {print NOT readable}
JWK if (-w _) {print writable} else {print NOT writable}
JWK if (-x _) {print executable} else {print NOT executable}
JWK if (-e _) {print exists} else {print NOT exists}
JWK if (-s _) {print size} else {print NO size}
JWK ' test.txt
JWK file
JWK NOT a directory
JWK readable
JWK writable
JWK NOT executable
JWK exists
JWK size
JWK $ perl -le'
JWK if (-f $ARGV[0]) {print file} else {print NOT a file}
JWK if (-d _) {print directory} else {print NOT a directory}
JWK if (-r _) {print readable} else {print NOT readable}
JWK if (-w _) {print writable} else {print NOT writable}
JWK if (-x _) {print executable} else {print NOT executable}
JWK if (-e _) {print exists} else {print NOT exists}
JWK if (-s _) {print size} else {print NO size}
JWK ' bin
JWK NOT a file
JWK directory
JWK readable
JWK writable
JWK executable
JWK exists
JWK size
JWK perldoc -f -X
use constant USER_PATH = '/home/~client/htdocs/clients/';
$path = USER_PATH . $personal_key;
## Is This Correct? ##
if (-e $path) {
get_on_with_it }
else { errorMsg }
## Or This? ##
opendir(CLIENT, $path) or die errorMsg ;
closedir(CLIENT);
get_on_with_it
## Or Is It This? ##
if (-d $path) {
get_on_with_it }
else { errorMsg }
JWK The Perl motto is There Is More Than One Way To Do It :-)
JWK John
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Curtis Poe Script/Lesson Questions
Hello Mr. Poe All,
Thank you very much for your articulate thorough answers. I'm sure
you've enlightened others as well with your response.
I'm a Site Designer turning Perl Hacker over the last 5-6 months
I'm just concerned about being dangerous in the transition. IMO It's
better that I ask questions do the homework than to risk my clients
data servers.
Your contributions to this list and online lessons are of great help.
Thank You!
Best regards,
K.L. Hayes
Monday, January 07, 2002, 2:24:42 PM, you wrote:
CP --- K.L. Hayes [EMAIL PROTECTED] wrote:
17: if ( $tainted_username =~ /^([a-zA-Z\d_]+)$/ )
18: {
19: $username = $1;
20: }
21: else
22: {
23: display_page( $message );
24: exit;
25: }
OK... The questions...
1. Why doesn't use strict complain about the $1 not being declared?
CP use strict, amongst other things, complains about misspelled lexical variables
or misspelled
CP global variables that have been declared with the use vars pragma or the new
our keyword (tip:
CP use vars is better than our). The dollar digit variables (excluding $0,
which is the
CP program name) are special global variables built into Perl. These variables
contain the
CP corresponding subpattern that has been matched in the last successful regex match.
Since they are
CP built into Perl, they do not need to be declared (kind of like $_, @_, etc.).
CP One important thing to note, though, is that you should usually localize these
variables if used
CP in a subroutine.
CP sub foo
CP {
CP my $data = shift;
CP local $1;
CP return $1 if $data = /(bar)/;
CP }
CP That's important because someone calling your subroutine may also be doing regex
matching and may
CP depend on the value of $1, so you don't want to step on this value (of course,
this is typically
CP true of all Perl built-in globals). See 'perldoc -f local' for more information.
2. How can I filter ALL of my form input variables with this regex? Or
maybe better asked; How can this be WRITTEN to filter ALL of my form
variables at once?
CP Check out the Untaint or CGI::Untaint modules. Also, future versions of my
CGI::Safe module (also
CP on the CPAN) will include this functionality.
CP Cheers,
CP Curtis Ovid Poe
CP =
CP Ovid on http://www.perlmonks.org/
CP Someone asked me how to count to 10 in Perl:
CP push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//;
CP shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A
CP __
CP Do You Yahoo!?
CP Send FREE video emails in Yahoo! Mail!
CP http://promo.yahoo.com/videomail/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Interpolate in Location:
Hello Mr. Showalter, Friday, December 21, 2001, 7:14:40 AM, you wrote: BS As Michael said, your code looks OK. The 's don't need to be BS escaped. BS When you construct a URL, you should run it through URI::Escape's BS uri_escape() method to encode any URI-special chars. Thanks for the advise on URI::Escape/method. I didn't know it existed until now. Also wanted to thank you for _ALL_ your inadvertent help over the last 4-5 months. I've got over 700 Of Interest mails saved from this list most involve you Japhy. Just want to let you know that your time, knowledge patience is greatly appreciated. I wish you yours, health prosperity in the coming year. Thank you. -- Best regards, K.L. Hayes mailto:[EMAIL PROTECTED] +=+ + Only two things are infinite, the universe and + + human stupidity, and I'm not sure about the former.+ + -- Albert Einstien + +=+ -Original Message- From: K.L. Hayes [mailto:[EMAIL PROTECTED]] Sent: Thursday, December 20, 2001 7:34 PM To: [EMAIL PROTECTED] Subject: Interpolate in Location: Hello All, Could somebody please help me with this? CODE print Location: https://secure.whatever.com/business=email\@address.com\item_ name=Product+Name\item_number=QX000\amount=$total_amount\sh ipping=0.00\return=https://blah.com/ty.html\n\n;; /CODE I'm trying to interpolate the $total_amount in the above URL while escaping the other special characters. I've never tried to do this before just can't wrap my ears around it now when I need to -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re[2]: Off-Topic (200%) - Where are you from?
I'm from da UP, eh... Michigans' Upper Peninsula - The sun vacations here... sometimes. ;) Tuesday, November 13, 2001, 12:58:27 PM, you wrote: From Alicante - SPAIN ( Mediterranean Coast ) The sun lives here... -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
Re: CGI.pm and form validation
Hello Jim,
I noticed a response telling you to use JavaScript to validate your
form input.
Personally I browse with my JavaScript turned off to avoid pop-up ads
so I don't believe it is a good idea to try to validate information
using it.
Here is an excerpt from my Sams book that could help you with
solving the problem:
print_header;
my $return=param(return_addr);
if (! defined $return or ! $return) {
print You must supply an e-mail addressP;
exit;
}
my $subject=param(subject);
if (! define $subject or ! $subject) {
print You must supply a subjectP;
exit;
}
Of course you will still have to verify that the info is in the proper
format yourself. But, I believe that by doing this way, you will be
assured of ACTUALLY getting ALL the form data in the first place.
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
+=+
+ Only two things are infinite, the universe and +
+ human stupidity, and I'm not sure about the former.+
+ -- Albert Einstien +
+=+
Friday, July 13, 2001, 8:17:20 AM, you wrote:
SJR I've created a CGI program that asks a user to fill in a number of fields.
SJR I would like to validate that the required data is present and in correct
SJR format.
SJR A date, time, phone number, Ip Address etc.
SJR Obviously I could code a number of regex's, but I was wondering if there was
SJR a module or script
SJR that I could use along with CGI.pm.
SJR Any Suggestions ?
SJR Regards,
SJR JimBob
--
Best regards,
K.L. Hayes
mailto:[EMAIL PROTECTED]
+=+
+ Only two things are infinite, the universe and +
+ human stupidity, and I'm not sure about the former.+
+ -- Albert Einstien +
+=+
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
Re: I did it!!!
Hello Newbie, And let us not forget to scold you on your non-use of strict. The use of it in this list will help avoid future flames find errors in longer, more complex scripts. I'll demonstrate the use of it, include the tips posted thus far... #!c:/perl/bin/perl -w use strict; my $number; my $mult; my $result; print Enter a number: ; chomp($number = STDIN); print Enter a multiplier: ; chomp($mult = STDIN); $result = $number * $mult; print The result you ignorant fool is: $result\n; ## OR ## #!c:/perl/bin/perl -w use strict; print Enter a number: ; chomp(my $number = STDIN); print Enter a multiplier: ; chomp(my $mult = STDIN); my $result = $number * $mult; print The result, you ignorant fool, is: $result\n; ## OR ## #!c:/perl/bin/perl -w use strict; my ($number,$mult,$result); print Enter a number: ; chomp($number = STDIN); print Enter a multiplier: ; chomp($mult = STDIN); $result = $number * $mult; print The result, you ignorant fool, is: $result\n; Thursday, July 05, 2001, 5:01:20 PM, you wrote: CS Im sure I could get flamed for this, but I just successfully wrote my first CS program! Yaaahhh! CS ## perl CS #!c:/perl/bin/perl -w CS print STDOUT Enter a number: ; CS chop($number = STDIN); CS print STDOUT Enter a multiplier: ; CS chop($mult = STDIN); CS $result = $number * $mult; CS print STDOUT The result you ignorant fool is: $result\n; CS Cool, huh? Not gonna win any awards, but at least I know how to use STDIN CS and STDOUT. -- Best regards, K.L. Hayes mailto:[EMAIL PROTECTED] +===+ + Inherently, each one of us has the substance + + within to achieve whatever our goals and dreams + + define. What is missing from each of us is the + + training, education, knowledge and insight to + + utilize what we already have. -- Mark Twain+ +===+
