Re: troublesome inputs
От | Mark Cowlishaw |
---|---|
Тема | Re: troublesome inputs |
Дата | |
Msg-id | 026b01c09a0f$c933dc60$5250460a@meta2k обсуждение исходный текст |
Ответ на | Re: troublesome inputs (Lincoln Yeoh <lyeoh@pop.jaring.my>) |
Список | pgsql-general |
> At 02:49 PM 2/17/01 -0500, Michelle Murrain wrote: > >in an unrecoverable error. What I need to do is two-fold - escape stuff that > >is easy (like single quotes), and do testing of types (make sure they are > not > >putting non-numerics in int fields, etc.) > > Input parameter testing in perl is quite straightforward using regex matching. I do this on my input parameters (assumes you are using CGI.pm): my $bar = validate(trim($cgi->param('bar')), '^\d+$') or push(@error_list, "Missing or Invalid Bar"); where trim() removes leading/trailing whitespace: (s/^\s*/; s/\s*$/;) and validate() performs a regex match and returns undef on no match. Save all the errors in a list for processing later so you dont make the user re-enter the form details 5 times before they get told about all their errors. For doing stuff like escaping strings for input into the database, I've found that using the prepared statement mechanism very helpful since it does this for you -- there is probably some performance hit doing it this way but I think using Perl to start with obviates most performance concerns ;-) my $sth = $dbh->prepare("insert into foo (a,b,c) values (?,?,?)"); $sth->execute(1,2,"some random string with funny chars");
В списке pgsql-general по дате отправления: