# A sub to take CGI parameters, untaint and validate them.
# Returns: a hash with ready-to-insert data,
#          or undef if any field fails to validate or untaint;
# Arguments: A CGI object, the name of a table to prepare.

sub preinsert {
    my $page = shift;
    my $tbl = shift;
    my (%fields, %retval);

    foreach ($page->param) {
	if ($_ =~ /^$tbl\./) {
	    s/^($tbl\.)//;
	    $fields{$_} = $page->param("$tbl.$_");
	}
    }

#There's a table XML descriptor, and it's just fine.
    my $dsc = XMLin(M_LIB."/$tbl.descriptor", 
		    ForceArray => ['field']);

    foreach my $fieldref (keys %{$dsc->{field}}) {
	my %tags = %{$dsc->{field}->{$fieldref}};
	my $untaint;

	return undef if ($fields{$fieldref} !~ /$tags{untaint}/);
	$untaint = $1;
	print STDERR "recieved $1\n";
	if ($untaint =~ /$tags{validate}/) {
	    print STDERR "transmitted", ($retval{$fieldref} = $untaint), "\n";
	} else {
	    print STDERR "Invalid data";
	    return undef;
	}
    }
    return %retval;
}