in reply to Simple regex to remove all but a list of words

The right way to prevent SQL injection is to use DBI with placeholders instead of interpolating values into SQL.

If you still want to use a regex, it might work like this: 

# with regex:
my $regex = join '|', @good_words;
if (param('evil') =~ m/\A(?:$re)\z/){
   print "good param\n";
}

# with a hash:
my %whitelist;
@whitelist{@good_words} = (1) x @good_words;
if ($whitelist{param('evil')}){
  print "good param\n";
}

[download]

Replies are listed 'Best First'.
Re^2: Simple regex to remove all but a list of words
by FunkyMonk (Bishop) on Jun 04, 2008 at 21:53 UTC 
    my %whitelist;
@whitelist{@good_words} = (1) x @good_words;

    [download]
    my %whitelist = map { $_ => 1 } @good_words;

    [download]

    Is a better idiom (IMO, of course), because I hate having to use a declaration followed by an initialisation.

    Unless I state otherwise, all my code runs with strict and warnings
[reply]
[d/l]
[select]
      So we can start the battle of style: would you rather have a clumsy, useless loop (or map), or rather two clumsy, lines, one with declaration, one with initialization?

      Perl 6 to the help, if you don't mind wrapping your head around function style a bit, you can use the zip operator Z: 

      pugs> my @good = <a b c>
("a", "b", "c")
pugs> @good Z 1 xx @good
(("a", 1), ("b", 1), ("c", 1))

      [download]

      Pugs doesn't flatten the list correctly, so you can't assign it to a hash in pugs, but a correct implementation will allow that. (Notice also the beauty of not needing any grouping parenthesis, because the precedence levels are just right(tm)). 

      # Perl 6:
my %hash = @good Z 1 xx @good

      [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom