in reply to Form Security

Calling $q->param will give you a list of all field names from the cgi object. Something like the following untested code should apply your regexes to each field value. 

my @fields = $q->param;
for my $name ( @fields ){
    my @vals = $q->param($name);
    for my $value( @vals ){
        # apply regexes here
        $value =~ s/...
        $value =~ s/...
        $value =~ s/...
    }
    if (@vals > 1){
        $q->param(name => $name, values => [ @vals ]);
    }else{
        $q->param(name => $name, value => $vals[0] );
    }
}

[download]

Update: Applied correction and clarification per post below. Thanks Mom, I'll try not to be in such a hurry next time. ;-}

Replies are listed 'Best First'.
Re^2: Form Security
by Your Mother (Archbishop) on Jun 10, 2009 at 03:03 UTC

    Quick clarification: there is no param object. It's just a method (or a function depending on how it's called). And if you're skipping the lexical variable in the loop already- 

       $_ =~ s/...
   # is equivalent to
   s/...

    [download]
[reply]
[d/l]
[select]

In Section Seekers of Perl Wisdom