bkiahg has asked for the wisdom of the Perl Monks concerning the following question:

Hello Wise Monks,

I need to strip out any characters that aren't "database safe". I always seem to get lost when trying to write my own regexs. Can't seem to wrap my mind around it. So my question is, 1. What characters should I strip out for database stability and the big one 2. How do I properly do it through a regex.

I've done some googleing on this and read some articles on regexs. I'm using the latest Activestate Perl, running it through a cgi web interface and the database is Postgres 8.1.3.

Any direction you can give me will be appreciated.

Thank you in advance.

Replies are listed 'Best First'.
Re: Regex Database Question
by davidrw (Prior) on May 31, 2006 at 16:46 UTC
    are you using placeholders with DBI ? That provides a great deal of additional security and proper casting of values (and more legible code usually). 
    $dbh->do("INSERT INTO foo (bar, stuff) VALUES (?,?)", $bar, $stuff);

    [download]
    As for regex, take a look at perlre and perlretut
[reply]
[d/l]
      Ah thank you for pointing out that error in my thought process. Much cleaner and more secure. Will do it this way.
[reply]
Re: Regex Database Question
by Joost (Canon) on May 31, 2006 at 16:53 UTC
[reply]
Re: Regex Database Question
by ww (Archbishop) on May 31, 2006 at 17:07 UTC
    Generally, it's a good rule to write your untaint routine based on what you're willing to pass rather than trying to guess all the chars that might be used against you...
[reply]

Back to Seekers of Perl Wisdom