Okay, I get what you're saying about \z, sort of, assuming that the user doesn't have to enter in the text at a prompt and you're not reading from a file where lines are delimited by newlines, but I don't get where this ties into security. Could you explain?
-----Original Message----- From: Randal L. Schwartz [mailto:[EMAIL PROTECTED]] Sent: Thursday, February 21, 2002 7:50 PM To: [EMAIL PROTECTED]; Timothy Johnson; Jeff 'japhy' Pinyan Subject: Re: Allow only letters and numbers? >>>>> "Timothy" == Timothy Johnson <[EMAIL PROTECTED]> writes: Timothy> If you don't mind having underscores in your text, you could also do this: Timothy> if($string !~ /^\w+$/){ #If the string does not have only letters, digits, Timothy> and underscores from start to finish (\w) Nope, that also permits "fred\n". Remember that $ is the same as /\n?\z/. You want \z instead. Very common mistake, and could have drastic effects on security. Bad. -- Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095 <[EMAIL PROTECTED]> <URL:http://www.stonehenge.com/merlyn/> Perl/Unix/security consulting, Technical writing, Comedy, etc. etc. See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl training! -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] -------------------------------------------------------------------------------- This email may contain confidential and privileged material for the sole use of the intended recipient. If you are not the intended recipient, please contact the sender and delete all copies. -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
