Hi all, I'w writing a simple form with just one input text from the user. This input should be an array where each element can be a number or a variable name.
I've been able to check the input format to be correct, and I can
identify each single element. So after the user submits the array
containing some numbers and some variable names I ask him/her values for
all variables he/she included in the array.
The user has thus to input an array eventually containing some variable
names and submit it. If some elements are variable names the user has to
input their values and submit again.
Finally I can substitute (after I checked them to be really numbers) these
values in the original array getting an array where each element is a number.
Now my doubt is related to security: I limited variable names to
correspond to this reg_exp: /^([a-zA-Z](\w){0,6})$/
But is there any possibility for the user to input a particular variable
name that can let him to get reserved information or worse?
Or: is there any better way to get my goal?
I attached my script (it's just a first try, so the input has to be a 3
elements array, where elements are separated by a comma).
Thanks for any hint.
Paolo
es_1.pl
Description: Perl program
-- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
