I used an approach like this in CGI::Search, which could be adapted to your situation CGI.

A series of subroutines are used to validate the input. The subs take in the data to validate and return a list of three values. The first value is a boolean value of wheather the data validated or not. The second is the data that was validated, but in untained form (see perlsec). The third is a string that can be used as an error message if the data didn't validate.

To preform the validation, you make a hash-of-arrays with three elements in the array portion. The key of the hash is the name of the field. The zeroth element of the array is the data to validate. The first element is a referance to a validation subroutine. The second element is a boolean value of wheather the given data is required or not. If that second element is false, than the field is allowed to be blank. If true, then the data still has to pass the validator.

Tieing it all together:

use CGI qw(:standard);

# Validation subroutines defined elsewhere

my %DATA = (
    field1 => [ param('field1'), \&INTEGER, 1 ], 
    field2 => [ param('field2'), \&EMAIL,   1 ], 
    field3 => [ param('field3'), \&WORD,    0 ], 
);

sub do_validation 
{
    foreach my $key (keys %DATA) {
        if($DATA{$key}[2]) {
            my @result = $DATA{$key}[1]->($DATA{$key}[0]);
            die "Didn't validate: $result[2]" unless $result[0];
        }
    }
}

[download]

The advantage of this compared to a regex is flexibility. A subroutine can do whatever checks it wants to the data. For instance, a credit card validator can run Business::CreditCard on the data.

WWW::Form does something similar, but adds the ablity to put the subrountines in an array. This means that a single peice of data must pass more than one validation sub.

----
I wanted to explore how Perl's closures can be manipulated, and ended up creating an object system by accident.
-- Schemer

Note: All code is untested, unless otherwise stated

In reply to Re: Validating incoming CGI form data by hardburn
in thread Validating incoming CGI form data by Anonymous Monk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.