And lets not forget to remove all nulls from the user input. Nulls can
be used to trick the script into thinking its getting valid input and
its usually good practice to just strip em. It certainly can't hurt
anything and most certainly can help everything.
- Jim
$s_field =~ s/\0//g;
On Wed, 2002-05-15 at 00:12, drieux wrote:
>
> On Tuesday, May 14, 2002, at 06:57 , Bill Akins wrote:
>
> > How about something like this:
> >
> > if (($s_field >= 1) && ($s_field <= 10)) {
> > do something;
> > }
> > else {
> > do something else;
> > }
>
>
> the problem is that as long as $s_field is always numeric,
> then there will be no 'issues' - but since of course we
> are all using strict, and -w, and when appropriate -T,
> to do the check for Tainting - because we are all going
> to make the big bucks doing WebFoo - one has to make
> sure that the WhineyNigglingHackers are not trying to
> attack us with GARBAGE - so you have to assume that
> the EVIL ONES have stuffed JUNK into $s_field - so
> you need to check that it is numeric...
>
> so you could do it with say
>
>
> if ( $val =~ /^\d+/ and $val > 0 and $val <11) {
> print "and is OK Still\n";
> }else {
> print "and is Still BAD BAD BAd\n";
> }
>
>
> since it will short circuit on the pattern match if
> it were a string and not a numeric.
>
> ciao
> drieux
>
> ---
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
