My last post is assuming that the script is cgi. Not that it would hurt
anything if the script wasn't CGI and in fact, could still legit'ly be
helpful and prudent.
- Jim
On Wed, 2002-05-15 at 00:12, drieux wrote:
>
> On Tuesday, May 14, 2002, at 06:57 , Bill Akins wrote:
>
> > How about something like this:
> >
> > if (($s_field >= 1) && ($s_field <= 10)) {
> > do something;
> > }
> > else {
> > do something else;
> > }
>
>
> the problem is that as long as $s_field is always numeric,
> then there will be no 'issues' - but since of course we
> are all using strict, and -w, and when appropriate -T,
> to do the check for Tainting - because we are all going
> to make the big bucks doing WebFoo - one has to make
> sure that the WhineyNigglingHackers are not trying to
> attack us with GARBAGE - so you have to assume that
> the EVIL ONES have stuffed JUNK into $s_field - so
> you need to check that it is numeric...
>
> so you could do it with say
>
>
> if ( $val =~ /^\d+/ and $val > 0 and $val <11) {
> print "and is OK Still\n";
> }else {
> print "and is Still BAD BAD BAd\n";
> }
>
>
> since it will short circuit on the pattern match if
> it were a string and not a numeric.
>
> ciao
> drieux
>
> ---
>
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
