CGI is the way to go. It's the only way to go. There are some smaller versions that do much of what CGI.pm does, but CGI is just fine in it's full form.

There's a lot to the discussion, but in a nutshell tainting is not really necessary if you are just collecting input and writing it to a database. One assumes that your normal validation of the input, e.g., did they enter a number when they should have entered letter, will protect what goes into the database. In fact, setting the -T switch will have no effect on this kind of input that stays 'inside the system.'

However, it's a must if you are using it to do something that involves file or directory manipulation, shells and the like. That is the only time I have found that the -T switch will scream if you neglect to untaint. Here's a sample untaint:

my $url=~ /(http://www.[\w-.]+)/;
my $untainted_url = $1;

[download]

Make sure that you really do test the value for what it should be and don't cheat with something ineffectual like:

my $url=~ /([\w-.]+)/;
my $untainted_url = $1;

[download]

Update: Forgot about Ovid's great little node "Use CGI or die;" comparing CGI to other methods.


—Brad
"The important work of moving the world forward does not wait to be done by perfect men." George Eliot

In reply to Re: Form, Input, Taint related by bradcathey
in thread Form, Input, Taint related by Ny_Worker

Title:
Use:  <p> text here (a paragraph) </p>
and:  <code> code here </code>
to format your post, it's "PerlMonks-approved HTML":


  • Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!
  • Titles consisting of a single word are discouraged, and in most cases are disallowed outright.
  • Read Where should I post X? if you're not absolutely sure you're posting in the right place.
  • Please read these before you post! —
  • Posts may use any of the Perl Monks Approved HTML tags:
    a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr
  • You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)
            For:     Use:
    & &amp;
    < &lt;
    > &gt;
    [ &#91;
    ] &#93;
  • Link using PerlMonks shortcuts! What shortcuts can I use for linking?
  • See Writeup Formatting Tips and other pages linked from there for more info.