Am Freitag, 20. Mai 2005 02.52 schrieb Randal L. Schwartz: > >>>>> "Charles" == Charles K Clarkson <[EMAIL PROTECTED]> writes: > > Charles> So what should be written there? How does the OP untaint data > properly?
> There is never a general answer to that question. "data" doesn't have > an "untaint". Instead, write a specific regex for the narrowest possible > acceptable values, and use the pattern match to vet the data from "bad" > to "good". And in the regex(es), do "Accept only what is allowed" and not "Reject everything that is not allowed" (whenever it is possible - hmmm... is it ever impossible? Randal?) With the 1st strategy, you must _exactly_ define what's allowed, whereas with the 2nd, the possibility of forgetting something still remains. joe -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
