[sf-perl] input validation module sought
yary
not.com at gmail.com
Mon Sep 22 13:13:53 PDT 2008
On Mon, Sep 22, 2008 at 12:25 PM, ken uhl <kenuhl at berkeley.edu> wrote:
>
> Hi, I am looking for a module to do input validation to protect against
> SQL insertions
> HTML insertions
> javascript insertions
>
> Any suggestions>?
>From the question I'll guess you're writing a program that handles a
form submission, or other user input. The general idea is to not use
any values you get from the browser/command line/stdin directly inside
any SQL or HTML.
eg.
if %POST has your user's input, do not say
sql_do("insert into table (col1) values '$POST{MyCol}'"); #wrong
instead
sql_do("insert into table (col1) values ?",$POST{MyCol});
for HTML/JavaScript, the cgi module provides escapeHTML, which is of
some value...
need a more specific Q for more specific answers.
More information about the SanFrancisco-pm
mailing list