Re: Checking Submitted Form Data

i think this should be a comprehensive solution to your problem. this folds in suggestions by the other monks, and adds accuracy (which is important).

first off, i've turned on warnings and diagnostics, and disabled output buffering (this last one may be cargo-cult programming, but i always do it by default). i've used the object-oriented style of CGI programming, as it's my preference, and it's faster as per the documentation.

the meat of the error checking algorithm is this:

error if number of passed parameters does not match number of required parameters (this assumes the all required parameters, and only required parameters, should be passed -- your logic may vary)
```
    scalar( @reqform    ) 
    != 
    scalar( $q->param() )
[download]
```

error if passed parameter names do not match required parameter names

    join( $; , sort( @reqform    ) ) 
    ne 
    join( $; , sort( $q->param() ) )
[download]

error if required parameters are missing values

    while( ( $key, $value) = each %form )
    {
        push @missing_params, $key if $value eq '';
    }

    if( scalar @missing_params ) # ...
[download]

here's the full code. i must say, i've done all this work, but i haven't tested it. feel free to come down on me if it doesn't work, i deserve it.

#!/usr/bin/perl -w
use strict;
use diagnostics;
$|++;

use CGI;


my $q = new CGI;
my @reqform = qw( var1, var2, var3 );

print $q->header();

if( 
    ( # different number of elements
        scalar( @reqform    ) 
        != 
        scalar( $q->param() )
    )
    || 
    ( # element names do not match
        join( $; , sort( @reqform    ) ) 
        ne 
        join( $; , sort( $q->param() ) ) 
    )
)
{ # print error message for mismatched parameters
    print
        $q->start_html(),
        $q->p( "ERROR: mismatched parameters:" ), 
        $q->p( "required: ", join ' ', sort @reqform    ), 
        $q->p( "passed: ",   join ' ', sort $q->param() ), 
        $q->end_html();
}

# get variables from submitted form
my %form = $q->Vars(); # note: this does not work with isindex tags

my ( $key, $value, @missing_params );

while( ( $key, $value) = each %form )
{
    push @missing_params, $key if $value eq '';
}

if( scalar @missing_params )
{ print error message
    print
        $q->start_html(),
        $q->p( "ERROR: undefined parameter(s): @missing_params" ), 
        $q->end_html();
}

# carry on...
[download]

~Particle ;Þ

riding the unicode bandwagon...

Comment on Re: Checking Submitted Form Data Select or Download Code

Replies are listed 'Best First'.
Re: Re: Checking Submitted Form Data by Thathom (Acolyte) on Feb 27, 2002 at 16:30 UTC
Thanks everyone!! Im going to take all these tips and stick them together. Im still learning but getting there :) ThAtH0M	[reply]