comment on

No. Performing arbitrary transformations on your input serves no purpose but to mangle the data.

If you think the input was wrong (unintentionally) but salvageable, parse it and reconstruct a clean version. If the input is completely invalid, reject it with an error message. If your script can't be expected to fully validate the input, reject obvious errors and accept the rest unmodified. Don't worry about metacharacters unless you're sure they can't occur in a valid input.

Regardless of what you do on input, always always ALWAYS encode your output so that whatever you're passing it to will receive it perfectly intact. Whenever possible, use interfaces that don't require encoding (e.g. the multi-argument forms of system and exec, the four-argument form of piped open, and replaced values in DBI). The only unsafe data is data that is improperly handled.

In reply to Re: line ends,, backticks and perl security by Bob9000
in thread line ends,, backticks and perl security by Anonymous Monk

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.