Special Characters

I have a form created using CGI
http://www.regsoft.com/cgi-bin/cd_purchase.pl?6364=100

If any of the following special charactes ("|",";","*","`","<",">") are put into any of the fields and the submit button is hit - the script that gets executed pukes.

I put some code in to try to trap it :

###########################
# Check for special Chars #
###########################

@specialchars=("|",";","*","`","<",">");
foreach $char (@specialchars)
{
   if (($FORM{'companyname'} =~ \$char)) { &badchar('Company Name',"$char");last;}
   if (($FORM{'billingname'} =~ \$char)) { &badchar('Name',"$char") ;last;}
   if (($FORM{'billingaddress'} =~ \$char)) { &badchar('Address',"$char") ;last;}
   if (($FORM{'billingaddress2'} =~ \$char)) { &badchar('Address2',"$char") ;last;}
   if (($FORM{'billingcity'} =~ \$char)) { &badchar('City',"$char") ;last;}
   if (($FORM{'billingstate'} =~ \$char)) { &badchar('State',"$char") ;last;}
   if (($FORM{'billingcountry'} =~ \$char)) { &badchar('Country',"$char") ;last;}
   if (($FORM{'billingzip'} =~ \$char)) { &badchar('Zip/Postal Code',"$char") ;last;}
   if (($FORM{'billingphone'} =~ \$char)) { &badchar('Phone Number',"$char") ;last;}
   if (($FORM{'cardtype'} =~ \$char)) { &badchar('Credit Card',"$char") ;last;}
   if (($FORM{'cardnumber'} =~ \$char)) { &badchar('Card Number',"$char") ;last;}
   if (($FORM{'comments'} =~ \$char)) { &badchar('Comments',"$char") ;last;}

}

But it still pukes.  How can I avoid this from happening???



regsoftAsked:
Who is Participating?
 
b2piCommented:
perldoc URI::Escape shows something like

use URI::Escape;
$safe = uri_escape($FORM{comments}, "^A-Za-z909"); # probably overkill, but safe
$unsafe = uri_unescape($safe);

Note that $unsafe is equal to $FORM{comments};
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.