Solved

Special Characters

Posted on 1998-12-11
1
238 Views
Last Modified: 2010-03-05
I have a form created using CGI
http://www.regsoft.com/cgi-bin/cd_purchase.pl?6364=100

If any of the following special charactes ("|",";","*","`","<",">") are put into any of the fields and the submit button is hit - the script that gets executed pukes.

I put some code in to try to trap it :

###########################
# Check for special Chars #
###########################

@specialchars=("|",";","*","`","<",">");
foreach $char (@specialchars)
{
   if (($FORM{'companyname'} =~ \$char)) { &badchar('Company Name',"$char");last;}
   if (($FORM{'billingname'} =~ \$char)) { &badchar('Name',"$char") ;last;}
   if (($FORM{'billingaddress'} =~ \$char)) { &badchar('Address',"$char") ;last;}
   if (($FORM{'billingaddress2'} =~ \$char)) { &badchar('Address2',"$char") ;last;}
   if (($FORM{'billingcity'} =~ \$char)) { &badchar('City',"$char") ;last;}
   if (($FORM{'billingstate'} =~ \$char)) { &badchar('State',"$char") ;last;}
   if (($FORM{'billingcountry'} =~ \$char)) { &badchar('Country',"$char") ;last;}
   if (($FORM{'billingzip'} =~ \$char)) { &badchar('Zip/Postal Code',"$char") ;last;}
   if (($FORM{'billingphone'} =~ \$char)) { &badchar('Phone Number',"$char") ;last;}
   if (($FORM{'cardtype'} =~ \$char)) { &badchar('Credit Card',"$char") ;last;}
   if (($FORM{'cardnumber'} =~ \$char)) { &badchar('Card Number',"$char") ;last;}
   if (($FORM{'comments'} =~ \$char)) { &badchar('Comments',"$char") ;last;}

}

But it still pukes.  How can I avoid this from happening???



0
Comment
Question by:regsoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
b2pi earned 100 total points
ID: 1206922
perldoc URI::Escape shows something like

use URI::Escape;
$safe = uri_escape($FORM{comments}, "^A-Za-z909"); # probably overkill, but safe
$unsafe = uri_unescape($safe);

Note that $unsafe is equal to $FORM{comments};
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email validation in proper way is  very important validation required in any web pages. This code is self explainable except that Regular Expression which I used for pattern matching. I originally published as a thread on my website : http://www…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

623 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question