a regex

toniax has asked for the wisdom of the Perl Monks concerning the following question:

Hello,
I created this regex just to keep people from adding
harmful characters when a form in my script is submited.
I am not sure if suffice.
My main concern is some one hacking my form
I tested it but not sure if I covered everything?
Does anyone have any suggestions ?

$test =~ s/[^a-zA-Z0-9\.\-\_\@]//g;
$test =~ s/\.\.//g;
[download]

-X-

Comment on a regex Download Code

Replies are listed 'Best First'.
Re: a regex by BrowserUk (Patriarch) on Dec 12, 2010 at 23:06 UTC
I tested it but not sure if I covered everything? That depends entirely upon what you subsequently do with the test. Unless you tell us, or better, show us, exactly what you use the input text for, there is no way we can advise you whether you have done enough to sanitise the input. Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice.	[reply]
Re^2: a regex by toniax (Scribe) on Dec 13, 2010 at 03:57 UTC
The program I am working on, is a sort of like a message board I use the email address to send a confirmation via sendmail. The input text is processed as follows email address title message -X-	[reply]
Re: a regex by Anonymous Monk on Dec 13, 2010 at 06:41 UTC
What input data are you validating here? That regex might be adequate for a user name field, though it's a bit restricting. It's useless for a message field. If you're worried about text messages, you should be encoding to HTML entities any strange characters, in the first place. E.g., save the message to the database (unless it's judged to be too long or there's some other reasonable objection to prevent form submission), and when you go to display it, make use of HTML::Entities. (This ignored any long-line issues, which you can solve by inserting spaces or soft hypens).	[reply]
Re^2: a regex by toniax (Scribe) on Dec 13, 2010 at 19:43 UTC
good Idea I already had plans to add the database to the second version of my program. A database is not an option on my first version. Thanks for the link -X-	[reply]