Your date format is somewhat limiting. It requires that the date come in with one particular (Americanized) format. While you'll still need to properly check it for taintedness, it might be helpful for your HTML to also help the user to get it right by providing drop-downs for the date instead of freehand input. Date::Manip may help you to be able to accept a broader range of date formats.
Your phone validation is ok for the 50 states. It breaks down for international numbers, or local numbers for other countries.
Your email validation is errant. You can't validate an email address with a regexp. You can't even guarantee that it is syntactically sound, without inadvertantly rejecting some syntactically correct addresses. Sorry. Friedl has an example that does a pretty good job at the end of his book, Mastering Regular Expressions (the Owls book). But he even goes on to explain in that book that his example isn't 100% reliable. For email, I think one of the best approaches is to carefully keep that address away from the shell, and in a safe way, send a verification email to the address in question, requesting a reply with a particular hard-to-guess code in it.
PS: You're getting onto the right track. Do realize however that there is a difference between validating and untainting. If you can keep an email address away from the shell, and you can validate it through an actual email exchange with the user, you're most of the way there.
Dave
In reply to Re: Am I passing and testing user data correctly?
by davido
in thread Am I passing and testing user data correctly?
by bradcathey
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |