Re: troublesome inputs

Поиск
Список
Период
Сортировка
От Mark Cowlishaw
Тема Re: troublesome inputs
Дата
Msg-id 026b01c09a0f$c933dc60$5250460a@meta2k
обсуждение исходный текст
Ответ на Re: troublesome inputs  (Lincoln Yeoh <lyeoh@pop.jaring.my>)
Список pgsql-general
> At 02:49 PM 2/17/01 -0500, Michelle Murrain wrote:
> >in an unrecoverable error. What I need to do is two-fold - escape stuff
that
> >is easy (like single quotes), and do testing of types (make sure they are
> not
> >putting non-numerics in int fields, etc.)
> >

Input parameter testing in perl is quite straightforward using regex
matching.  I do this on my input parameters (assumes you are using CGI.pm):

my $bar = validate(trim($cgi->param('bar')), '^\d+$')
    or push(@error_list, "Missing or Invalid Bar");

where trim() removes leading/trailing whitespace: (s/^\s*/; s/\s*$/;)
and validate() performs a regex match and returns undef on no match.

Save all the errors in a list for processing later so you dont make the user
re-enter the form details 5 times before they get told about all their
errors.

For doing stuff like escaping strings for input into the database, I've
found that using the prepared statement mechanism very helpful since it does
this for you  -- there is probably some performance hit doing it this way
but I think using Perl to start with obviates most performance concerns ;-)

my $sth = $dbh->prepare("insert into foo (a,b,c) values (?,?,?)");
$sth->execute(1,2,"some random string with funny chars");




В списке pgsql-general по дате отправления:

Предыдущее
От: Tom Lane
Дата:
Сообщение: Re: How to use gethostbyname()
Следующее
От: newsreader@mediaone.net
Дата:
Сообщение: I've followed the faq and still getting too many clients errr