Not really a comment on your tainting, but more on your design. What you really want to do here is call the sub associated with each param, right? Well, we can make this easier with a dispatch table! Change the top of Validate.pm to:
package Validate; use Exporter::Dispatch;
Now, in your main code, you can change your validation code to:
my $validate = create_dptable Validate; my %params; # store params in a hash. Use symrefs to obtain original +behaivor. # (i.e. $$_ = ...) foreach (params()) { $params{$_} = exists $validate->{"val_$_") ? $validate->{"val_$_"}->(param($_)) : $validate->{'error_page'}->($_) }
Simple, elegant, and will scale if you ever add more parameters. All you will have to do is add the validation routine, and it will get called automatically, without any change needed in the original code. Better yet, if any bogus parameters sneak in, your error routine will get called.
Update: Oh, I didn't notice at first; val_alpha's name would need to be changed to val_name to be called correctly.
In reply to Re: Do I have to untaint all user input in a form?
by jryan
in thread Do I have to untaint all user input in a form?
by bradcathey
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |