--- "K.L. Hayes" <[EMAIL PROTECTED]> wrote:
> 17: if ( $tainted_username =~ /^([a-zA-Z\d_]+)$/ )
> 18: {
> 19: $username = $1;
> 20: }
> 21: else
> 22: {
> 23: display_page( $message );
> 24: exit;
> 25: }
>
> OK... The questions...
>
> 1. Why doesn't "use strict" complain about the $1 not being declared?
"use strict", amongst other things, complains about misspelled lexical variables or
misspelled
global variables that have been declared with the "use vars" pragma or the new "our"
keyword (tip:
"use vars" is better than "our"). The "dollar digit" variables (excluding $0, which
is the
program name) are special global variables built into Perl. These variables contain
the
corresponding subpattern that has been matched in the last successful regex match.
Since they are
built into Perl, they do not need to be declared (kind of like $_, @_, etc.).
One important thing to note, though, is that you should usually localize these
variables if used
in a subroutine.
sub foo
{
my $data = shift;
local $1;
return $1 if $data = /(bar)/;
}
That's important because someone calling your subroutine may also be doing regex
matching and may
depend on the value of $1, so you don't want to step on this value (of course, this is
typically
true of all Perl built-in globals). See 'perldoc -f local' for more information.
> 2. How can I filter ALL of my form input variables with this regex? Or
> maybe better asked; How can this be WRITTEN to filter ALL of my form
> variables at once?
Check out the Untaint or CGI::Untaint modules. Also, future versions of my CGI::Safe
module (also
on the CPAN) will include this functionality.
Cheers,
Curtis "Ovid" Poe
=====
"Ovid" on http://www.perlmonks.org/
Someone asked me how to count to 10 in Perl:
push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//;
shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A
__________________________________________________
Do You Yahoo!?
Send FREE video emails in Yahoo! Mail!
http://promo.yahoo.com/videomail/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
