Hello Mr. Poe & All,
Thank you very much for your articulate & thorough answers. I'm sure
you've enlightened others as well with your response.
I'm a Site Designer turning Perl Hacker over the last 5-6 months &
I'm just concerned about being dangerous in the transition. IMO It's
better that I ask questions & do the homework than to risk my clients
data & servers.
Your contributions to this list and online lessons are of great help.
Thank You!
Best regards,
K.L. Hayes
Monday, January 07, 2002, 2:24:42 PM, you wrote:
CP> --- "K.L. Hayes" <[EMAIL PROTECTED]> wrote:
>> 17: if ( $tainted_username =~ /^([a-zA-Z\d_]+)$/ )
>> 18: {
>> 19: $username = $1;
>> 20: }
>> 21: else
>> 22: {
>> 23: display_page( $message );
>> 24: exit;
>> 25: }
>>
>> OK... The questions...
>>
>> 1. Why doesn't "use strict" complain about the $1 not being declared?
CP> "use strict", amongst other things, complains about misspelled lexical variables
or misspelled
CP> global variables that have been declared with the "use vars" pragma or the new
"our" keyword (tip:
CP> "use vars" is better than "our"). The "dollar digit" variables (excluding $0,
which is the
CP> program name) are special global variables built into Perl. These variables
contain the
CP> corresponding subpattern that has been matched in the last successful regex match.
Since they are
CP> built into Perl, they do not need to be declared (kind of like $_, @_, etc.).
CP> One important thing to note, though, is that you should usually localize these
variables if used
CP> in a subroutine.
CP> sub foo
CP> {
CP> my $data = shift;
CP> local $1;
CP> return $1 if $data = /(bar)/;
CP> }
CP> That's important because someone calling your subroutine may also be doing regex
matching and may
CP> depend on the value of $1, so you don't want to step on this value (of course,
this is typically
CP> true of all Perl built-in globals). See 'perldoc -f local' for more information.
>> 2. How can I filter ALL of my form input variables with this regex? Or
>> maybe better asked; How can this be WRITTEN to filter ALL of my form
>> variables at once?
CP> Check out the Untaint or CGI::Untaint modules. Also, future versions of my
CGI::Safe module (also
CP> on the CPAN) will include this functionality.
CP> Cheers,
CP> Curtis "Ovid" Poe
CP> =====
CP> "Ovid" on http://www.perlmonks.org/
CP> Someone asked me how to count to 10 in Perl:
CP> push@A,$_ for reverse q.e...q.n.;for(@A){$_=unpack(q|c|,$_);@a=split//;
CP> shift@a;shift@a if $a[$[]eq$[;$_=join q||,@a};print $_,$/for reverse @A
CP> __________________________________________________
CP> Do You Yahoo!?
CP> Send FREE video emails in Yahoo! Mail!
CP> http://promo.yahoo.com/videomail/
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
