pabaris1 has asked for the wisdom of the Perl Monks concerning the following question:

Can anyone tell me how to make sure that an integer is submitted in an HTML text box i.e. catch any submitted data which is not an integer.

Replies are listed 'Best First'.
(Ovid - validate numbers) Re: integer validation
by Ovid (Cardinal) on Apr 28, 2001 at 01:21 UTC
    Assuming the text box is named "bob", you could use something like the following (untested): 
    #!/usr/bin/perl -wT
use strict;
use CGI;
use HTML::Entities;

my $query = CGI->new;
my $tainted_number = $query->param( "bob" );
my ( $clean_number ) = ( $tainted_number =~ /^\s*(\d+)\s*$/ );

print $query->header,
      $query->start_html( -title => "Input test" );

if ( defined $clean_number ) {
    print $query->p( "You entered '$clean_number'." );
} else {
    print $query->p( "You're only supposed to enter numbers, dummy." )
+,
          $query->p( "You entered '" . encode_entities( $tainted_numbe
+r ) . "'" );
}

print $query->end_html;

    [download]
    At this point, $clean_number will either contain a string composed only of digits, or will be undef if the data entered in "bob" does not pass validation.

    HTML::Entities is used to ensure that the user-supplied data does not interpret as HTML (for example, it converts <> to &lt;&gt;).

    See perlsec if you're unsure about why I used the -T switch.

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just click on the the link and check out our stats.

[reply]
[d/l]
Re: integer validation
by arturo (Vicar) on Apr 28, 2001 at 01:20 UTC

    Think "What's a representation of an integer?" One answer is "a string of only digits", but that won't catch the negative integers. There *might* be a "-" at the front of such a string. So you want to see that the string matches that pattern. For pattern matches, use a regular expression.

    Here's some info that ought to help you figure it out for yourself:
    ^ says "match at the beginning of the string"
    ? says "match 0 or 1 of the previous pattern"
    \d says "match digits"
    $ says "match at the end of the string

    So, your pattern will start with ^ and end with $.

    That should be enough to get you started.

    HTH.

[reply]
[d/l]
[select]
Re: integer validation
by princepawn (Parson) on Apr 28, 2001 at 01:25 UTC
[reply]
Re: integer validation
by Trinary (Pilgrim) on Apr 28, 2001 at 01:17 UTC 
    $foo = $query->param('should_be_int');
warn "Not an integer!" if ($foo =~ /[^0-9\-]/)

    [download]
    Replace the warn with whatever error handling suits your taste.
    EDIT:Sigh. Totally forgot negative integers. =( Fixed.

    Trinary

[reply]
[d/l]
[reply]
[d/l]
[select]
        I try to specify exactly what is valid:

        Then wouldn't you want /\A-?\d+\z/?

        If it's there, $ will match a single newline at the end of your string, and you'd end up matching something bogus like "7\n".

            --k.


[reply]
        Jeez. Of course you're right.

        Something about quarter past 4 on a warm friday afternoon seems to have made thinking difficult.

        Trinary

[reply]
Re: integer validation w/HTML::FormValidator
by markjugg (Curate) on Apr 29, 2001 at 21:39 UTC
    The HTML::FormValidator module handles this, and a lot of other parts of CGI form validation as well. I have a tutorial with examples on how to use it here

    -mark

[reply]

Back to Seekers of Perl Wisdom