Is it a good idea-verifing incoming info

[Jeff 'Japhy' Pinyan]

On Aug 17, awards said:

>I have many forms, and basically I just need to receive either a number
>or characters or both. this is how I check

To answer your subject line, YES, it is a good idea to verifying the data
a user sends you is what you expect.

>my ($value,%result,$name);

$value and $name should be declare inside the loop, since that's the
extent of their scope (as far as this code shows).

>foreach (param){
> $name = $_;
> $name =~ s/\s$//;##take the space at the end
> $name =~ s/[^a-zA-Z0-9]//g;##all none character is change into nothing

Why are you bothering to do anything to the NAME of the field? You
created the names of the form fields (right?), and besides, you don't end
up using $name.

> $value = param($_);
> $value =~ s/\s$//;## take the space at then end
> $value =~ s/[^a-zA-Z0-9]//g;##all none character is change into nothing

Why do you remove the space at the end if you're going to be removing all
non-letters-and-numbers anyway? A space would be deleted anyway.

> $result{$_}=$value;
>}

Finally, why are you using a hash? Why not just store the values back
into param()? If you're dealing with a form that has checkboxes, or
multiple fields with the same name, you'll lose some data your way.

for (param) {
my @values = param($_);
tr/a-zA-Z0-9//cd for @values; # a faster way
param($_, @values); # this SETS the values of the param to @values
}

--
Jeff "japhy" Pinyan [email]japhy@pobox.com[/email] [url]http://www.pobox.com/~japhy/[/url]
RPI Acacia brother #734 [url]http://www.perlmonks.org/[/url] [url]http://www.cpan.org/[/url]
<stu> what does y/// stand for? <tenderpuss> why, yansliterate of course.
[ I'm looking for programming work. If you like my work, let me know. ]

[Awards]

Hi,


thank you

We ll you ask

> Finally, why are you using a hash? Why not just store the values back
> into param()? If you're dealing with a form that has checkboxes, or
> multiple fields with the same name, you'll lose some data your way.

----I'm using a hash because the actual code is
%ACTION=parameters();

sub parameters{
###THE CODE TO VERIFY
return %result;
}
personnally I find it easier to type ACTION than param. I make less typo
typing ACTION than param because it is hard for me to get the 'm'

> Why do you remove the space at the end if you're going to be removing all
> non-letters-and-numbers anyway? A space would be deleted anyway.

----I didn't know that perl removed the end space Good news and I learn
something new :-).

these are my toughts:
You said:

> Why are you bothering to do anything to the NAME of the field? You
> created the names of the form fields (right?), and besides, you don't end
> up using $name.

Well you are right, I tought Before maybing someone will at code to the name
to hack into the script.
But think about it again, I'm always doing $ACTION{name} some if he/she puts
a code then it won't have any effect
at least I hope.


And Thank you about this
'tr/a-zA-Z0-9//cd for @values'
I whish I new it before.

thanx Again
Anthony

"Jeff 'Japhy' Pinyan" <japhy@perlmonk.org> wrote in message
news:Pine.LNX.4.44.0308170920180.9168-100000@perlmonk.org...

> On Aug 17, awards said:
>

> >I have many forms, and basically I just need to receive either a number
> >or characters or both. this is how I check

>
> To answer your subject line, YES, it is a good idea to verifying the data
> a user sends you is what you expect.
>

> >my ($value,%result,$name);

>
> $value and $name should be declare inside the loop, since that's the
> extent of their scope (as far as this code shows).
>

> >foreach (param){
> > $name = $_;
> > $name =~ s/\s$//;##take the space at the end
> > $name =~ s/[^a-zA-Z0-9]//g;##all none character is change into

nothing

>
> Why are you bothering to do anything to the NAME of the field? You
> created the names of the form fields (right?), and besides, you don't end
> up using $name.
>

> > $value = param($_);
> > $value =~ s/\s$//;## take the space at then end
> > $value =~ s/[^a-zA-Z0-9]//g;##all none character is change into

nothing

>
> Why do you remove the space at the end if you're going to be removing all
> non-letters-and-numbers anyway? A space would be deleted anyway.
>

> > $result{$_}=$value;
> >}

>
> Finally, why are you using a hash? Why not just store the values back
> into param()? If you're dealing with a form that has checkboxes, or
> multiple fields with the same name, you'll lose some data your way.
>
> for (param) {
> my @values = param($_);
> tr/a-zA-Z0-9//cd for @values; # a faster way
> param($_, @values); # this SETS the values of the param to @values
> }
>
> --
> Jeff "japhy" Pinyan [email]japhy@pobox.com[/email] [url]http://www.pobox.com/~japhy/[/url]
> RPI Acacia brother #734 [url]http://www.perlmonks.org/[/url] [url]http://www.cpan.org/[/url]
> <stu> what does y/// stand for? <tenderpuss> why, yansliterate of course.
> [ I'm looking for programming work. If you like my work, let me know. ]
>