Slightly off your original question (which has been thoroughly answered anyway):
1. qr
Why did you build up your regex from a list, anyway? It's more usual to write something like:
my $regex = qr/abcde/;
If you're going to be re-using the same regex, this is a good way to do it. Like all generic quoting mechanisms, you can choose your delimiters.
2. Removing Special Characters
You are trying to remove special characters, which looks very like you are sanitizing input, perhaps to pass a taint check. By now, you have a way to do that -- but it may still not be the best thing to do.
It's very easy to let a character slip by which, sooner or later, winds up being parsed by something that gets fouled up, opening a hole to an attacker. It's considered safer not to reject unsafe characters but to test to see that the string in question is as you expect; and only as you expect:
sub untaint_name {
# replace non-word chars with nothing
my $name = shift;
$name =~ s/\W//g;
return $name;
};
This does not guarantee correctness or perfect security but it's considered more robust; certainly a bit easier to read and understand.
If you know you only want lowercase input, lc() it. You might make your database tables and fields all uppercase. Do this after the above regex replacement.
If you wanted to accept only a numeric input, you might use \D to eliminate all non-numeric chars. By 'numeric', here we mean the digits 0-9; the positive integers with or without leading zeros. To deal with various fixed, floating point, or negative formats, you would have to accept (not reject) [.-+E] as well. You might just want, after your input passes the regex, to further sanitize by $number = 1+ $string -1; (Just adding 0 will probably be optimized away, no matter how you do it.) If you know your input should lie between certain bounds, test for that.
The key point is to demand what you want, not reject what you don't want.
- the lyf so short, the craft so long to lerne -
|