compilation error with 'strict' pragma on

itchybrownrobe has asked for the wisdom of the Perl Monks concerning the following question:

Perlmonks,
I have a question about strict vars and the code segment below. I get a compilation error that goes away when I turn off the strict pragma.
I am trying to parse html form data with a regex. I want to accept only what I consider appropriate data in each form field. Also, I want to eventually save this info to a database so, as I understand it I have to untaint it (another reason for the regex). I bring each field of the form into a variable prefaced with a D for dirty, untaint it then grab the regex backreference with the variable of the same name, minus the 'D'.

Below is the beginning of my script. I plan to use Time::Local but am not right now, so it is commented out and, I think, not a factor. What I have is a series of declarations followed by the regex stuff. Perhaps its not the most elegant way to do this, but I can not figure out why, since no loops, if-else clauses, or subroutines factor into this series of matches and assignments, the strict pragma does not like it. As I understand it, these variables are all file scope and should therefore be OK to 'strict'. If I turn strict on and then add 'no strict vars' the script will compile.
Thanks
itchybrownrobe

#use strict;
use warnings;

#use Time::Local;
use CGI qw(:standard);
use CGI::Carp qw(fatalsToBrowser);
my $sec = 0;
my $min;
my $hours;
my $D_title = param('title');
my $title;
.
.
.
#___________start_untainting_form_input_________
$temp = ($D_title =~ m/^(Dr.|Prof.|Mrs.|Ms.|Miss|Mr.)$/ );
$title = $1;
[download]

Comment on compilation error with 'strict' pragma on Download Code

Replies are listed 'Best First'.
Re: compilation error with 'strict' pragma on by Zaxo (Archbishop) on Jun 18, 2004 at 23:02 UTC
You missed declaring `my $temp`. As a side note, nothing to do with stricture, you don't know that you had a match. That means $title will be assigned whatever title resulted from the last successful match. You can fix that by saying, `($title) = $D_title =~ m/^(Dr.\|Prof.\|Mrs.\|Ms.\|Miss\|Mr.)$/;` (Untested) After Compline, Zaxo	[reply] [d/l] [select]
Re: compilation error with 'strict' pragma on by tachyon (Chancellor) on Jun 19, 2004 at 00:01 UTC
Further to Zaxo's suggestion Perl Idioms Explained - @ary = $str =~ m/(stuff)/g explains his suggestion if you are not familiar with the syntax. cheers tachyon	[reply]
Re: compilation error with 'strict' pragma on by nightwatch (Scribe) on Jun 19, 2004 at 07:10 UTC
Perl should have told you `Global symbol "$temp" requires explicit package name at xxxxxxxxx line xx.` Check your server's error log if CGI::Carp didn't catch the compilation error. You can also use hash keys instead of a regex to untaint that data if its legal values come from a strictly-defined set. (I'm assuming you meant `\.` instead of `.` in your regex.) This saves the overhead of a regex and lets you untaint the data in O(1) time. (In this case, the difference will be negligible, but if you had a large number of items in the set it could make a difference.) `use constant TITLES => { 'Dr.' => 1, 'Prof.' => 1, 'Mrs.' => 1, 'Ms.' => 1, 'Miss' => 1, 'Mr.' => 1 }; my ($title) = $D_title =~ /^(.)$/g if exists TITLES()->{$D_title};` [download] (There might be a cleaner way to do this, perhaps without the ugly `.`.) Also, FYI, in general you can use `$_` as a temporary variable and avoid a lot of `$tmp` and `$temp` floating around while making code that accesses that variable cleaner - but be sure to localize it first with `local $_ = ...`, or you may end up with scoping bugs that prove hard to track down. Hope this helps.	[reply] [d/l]