in reply to Do I have to untaint all user input in a form?
How about something a little friendlier for your validation routines?
package Validate; sub word { my ($class, $tainted) = @_; return $1 if $tainted =~ /^([-A-Za-z -]+)$/; error_page(); }
You could call it more clearly with:
my $name = Validate->word( param('name' ) );
|
|---|