[Date Prev][Date Next][Thread Prev][Thread Next] [Search] [Date Index] [Thread Index]

Re: [MacPerl-WebCGI] Filters



 
tedd wrote:
How does one control what a user enters in a text field when
gathering information via a perl cgi script?

Such as: 1) To filter the text to remove anything that could be
malicious (basically keeping a-z,A-Z,0-9, and standard punctuation
'.;:-' with quote marks; 2) And, to keep the length of the input to a
certain limit of characters.

Are there standard routines for this? It seems like it would be a
common concern.
 

I know two methods:
(1.) "Offline" within the user's browser by means of JavaScript;
Advantage: very quick; disadvantage: you might have to bother
about  all those different browser types;
(2.) "Online" on the remote server; you read out the the parameters
returned by the CGI and perform RegExs on them.

If you do (1.), nevertheless you should do (2.), because (1.) might be
not so reliable.

(1.) is being described in
      http://www.netzwelt.com/selfhtml/tedf.htm
-- The explanations are German, a dictionary might be useful to you;
but the code is JavaScript  ;-)   --

For (2.) you have to learn RegExs. Do you have sample scripts
to learn from?

You could try something like this:

#############    Perl   ############
#use CGI;             remove those   #

#$q = new CGI;
#$name = $q{name};    ## if you have named it "name" in your HTML-form
$\="\n";

$name = 'ABCD  Jürgen Müller@provider.com ---';      ## just for testing
$name =~ s/[^-\w.;:@]//g;   ### leaves only a-z, A-Z, -.:;@   removes:  space äöüÄÖÜ ß é ?! ()[]  etc.
print $name;
 

####  or do it like this:
$name = 'ABCD  Jürgen_Müller@provider.com ---';      ## just for testing
$name =~ s/ü/ue/g;          ###   ü  ->  ue
$name =~ s/[^-\w.;:@]//g;   ### leaves only a-z, A-Z, -.:;@   removes:  space äöüÄÖÜ ß é ?! ()[]  etc.
print $name;
__END__
############   End of Perl   #############

Detlef Lindenthal <detlef@linddenthal.com>