Hey there,

In addition to Ovid's excellent advice, I'd also like to recomment checking out the Data::FormValidator module on CPAN. It provides a number of simple methods to validate the parameters sent to you from the browser. Are the fields required or optional? Do you just want to see if anything at all was entered into them, or do you want fine grained control over what was entered? It lets you choose all of that. Here is an example of how you might use it:
     ### Note: untested code

     # Require food_name and food_group
     # color is optional, but validate it if they pass it in
     my $fields_profile = {
        required => [ "food_name", "food_group" ],
        optional => [ "color" ],
        constraints => {
            food_name  => \&validate_word,
            food_group => \&validate_word,
            color      => \&validate_word,
        },
        # Untaint a field if and only if it passes a constraint
        untaint_all_constraints => 1,
    }; 

    # You can simply pass in your CGI object along with your fields pr
+ofile
    my $results = Data::FormValidator->check($q, $fields_profile);

    # If data is missing or invalid, just print it out
    if ($results->has_missing or $results->has_invalid) {
        print "Missing: ", join ", ", $results->missing;
        print "Invalid: ", join ", ", $results->invalid;
    }
    else {
        print "Excellent food submission!";
    }

    # Called by Data::FormValidator when it needs to validate our para
+meters
    sub validate_word {
        my $val = shift;
        return $val =~ /^[\w ]+$/
    }

[download]
Hopefully, that gives you a decent example of how it might work. Be sure to read the docs, they give lots of examples. Good luck!
-Eric

--
Lucy: "What happens if you practice the piano for 20 years and then end up not being rich and famous?"
Schroeder: "The joy is in the playing."

In reply to Re: cgi security regex in subroutine by andreychek
in thread cgi security regex in subroutine by jonnyfolk

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.