[sf-perl] input validation module sought

yary not.com at gmail.com
Mon Sep 22 13:13:53 PDT 2008

On Mon, Sep 22, 2008 at 12:25 PM, ken uhl <kenuhl at berkeley.edu> wrote:
> Hi, I am looking for a module to do input validation to protect against
> SQL insertions
> HTML insertions
> javascript insertions
> Any suggestions>?

>From the question I'll guess you're writing a program that handles a
form submission, or other user input. The general idea is to not use
any values you get from the browser/command line/stdin directly inside
any SQL or HTML.
if %POST has your user's input, do not say
sql_do("insert into table (col1) values '$POST{MyCol}'"); #wrong
sql_do("insert into table (col1) values ?",$POST{MyCol});

for HTML/JavaScript, the cgi module provides escapeHTML, which is of
some value...

need a more specific Q for more specific answers.

More information about the SanFrancisco-pm mailing list