Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks!
I have a question regarding two forms that I have, after the user fills in the 75 input fields (each form has 75 input fields) on the form(s) I have to send everything into a data base. I am using this code to get the values from the form into my Perl code:

my $username=&filter(param("username"));

[download]


I have a &filter sub to get rid of the stuff I don't' want to see in my DB.
My question is that for every single field in my forms a have to write a line of code like the one above. And it's going to be 150 of them for each form name field, is there a way to make this process more dynamic?

Replies are listed 'Best First'.
Re: Form Parameters
by Asim (Hermit) on Aug 04, 2006 at 14:12 UTC

    There are literally dozens of modules for such things. For basic validation, Data::FormValidator seems to be the canonical choice. It takes in a hash of values from the CGI app, and compares it to a pre-written data structure that represents your filters, etc. Set up the array with all the parameter names once in your code, and then you can represent them in the filtering data structure. Using CGI, you could even write a snippit to put all the incoming parameter name into an array with my @param_names = $query->param, and feed that to the filter validator.

    WARNING: Grabbing params without checking to see if they are valid for your use could be a security risk, even with filtering the values. You're better off hard-coding them in PROD systems, esp. Internet-facing ones.

    ----Asim, known to some as Woodrow.

[reply]
[d/l]
      Thanks for the ideas!
[reply]
Re: Form Parameters
by Tanktalus (Canon) on Aug 04, 2006 at 14:04 UTC

    Use hashes/lists? 

    my @formnames = qw(username ...);
my %data = map {
  $_ => filter(param($_))
} @formnames;

    [download]
    And now, instead of $username, you use $data{username}.

    Update - missing the key.

[reply]
[d/l]
      hi Tanktalus,

      Rather than provide a list of parameter names, could something like this be done? 
      my @formnames = $query->param;
my %data = map {
  $_ => filter(param($_))
} @formnames;

      [download]
      Update: Code untested.

      Martin
[reply]
[d/l]

        This has the risk that the user could construct an HTTP request that included data for fields not in the form sent by the server. Depending on what is done with the data this could, for example, allow someone to edit a field that users aren't supposed to be able to edit.

        So if this technique is used, it is important to be aware of potential security issues and include protection against them.

[reply]

        Definitely. Note, however, that this has slightly different semantics. Not worse, just different. The original example would try to set all desired values, whether they were in the form or not. Further, it would do it in a tightly-controlled manner.

        Your example will skip values that aren't in the form (probably desirable), and do it in the order that they're passed in from the web client (probably immaterial - but sometimes you care about the order). Further, it will catch parameters that the OP may not care about (again, probably immaterial - if they get filtered out later). For example, the submit button will show up, I think.

[reply]
Re: Form Parameters
by Hofmator (Curate) on Aug 04, 2006 at 14:08 UTC
    How about using a hash, something like this 
    my @fields = qw/username age sex/; # ...

my %data;

for (@fields) {
  $data{$_} = filter(param($_));
}

    [download]

    -- Hofmator

[reply]
[d/l]
Re: Form Parameters
by Polonius (Friar) on Aug 04, 2006 at 17:27 UTC

    Others have already answered your question - and it looks like good advice - but I couldn't help thinking 75 fields is an awful lot to have on one form. Couldn't you split each form into 5 or 6, saving the inputs as you go. If the user gets bored part-way through, they could come back later and pick up where they left off. I'm kinda thinking CGI forms here, which may be completely irrelevant to your application, so feel free to ignore my rambling.

    Polonius
[reply]

Back to Seekers of Perl Wisdom