I would devise several hashes, keyed on the name of the CGI parameter:
eg
error_string{'name_first'}='<p>The <strong>First Name field</strong> was
either blank or contained illegal characters. Please go back and re-enter
it.</p>';
regexp_string{'name_first'}='^(\w[\w ]*)$';
...
and then construct a loop to check them all.
Of course, such checking is more efficiently done in Javascript on the
client machine, and there are many such scripts. However, you still need to
validate the parameters, in case the client has suppressed or violated the
Javascript.
Regards
- Roger -
----- Original Message -----
From: "Mark Ross" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Thursday, August 09, 2001 8:16 PM
Subject: A better way for ugly code?
> Hi all,
>
> I'm curious how I can condense this code. I'm pulling
> my values from a Web submitted form (using CGI), and I
> need to untaint them.
>
> But, each form field has different requirement for
> what characters it can match (account number should
> only be numbers, etc).
>
> I was wondering if there's a better way to do go
> through these all without dupicating so much code? I'd
> be more than willing to give up the customized error
> messages if I could reduce these down to oneliners.
>
> <important_code_snip>
>
> if ((defined($q->param ( "name_first" ))) and
> ($q->param ( "name_first" ) =~ /^(\w[\w ]*)$/)) {
> $submission{"name_first"} = $1;
> }
> else {
> $submission{"name_first"} = "";
> $message .= "<p>The <strong>First Name field</strong>
> was either blank or contained illegal characters.
> Please go back and re-enter it.</p>";
> }
>
> if ((defined($q->param ( "name_last" ))) and
> ($q->param ( "name_last" ) =~ /^(\w[\w ]*)$/)) {
> $submission{"name_last"} = $1;
> }
> else {
> $submission{"name_last"} = "";
> $message .= "<p>The <strong>Last Name field</strong>
> was either blank or contained illegal characters.
> Please go back and re-enter it</p>";
> }
>
> if ((defined($q->param ( "account" ))) and ($q->param
> ( "account" ) =~ /^(\d*)$/)) {
> $submission{"account"} = $1;
> }
> else {
> $submission{"account"} = "";
> $message .= "<p>The Account field was either blank or
> contained illegal characters (it must contain only
> digits). Please go back and re-enter it</p>";
> }
>
> </important_code_snip>
>
> --Mark.
>
> __________________________________________________
> Do You Yahoo!?
> Make international calls for as low as $.04/minute with Yahoo! Messenger
> http://phonecard.yahoo.com/
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
>
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
