Solved

Special Characters

Posted on 1998-12-11
1
235 Views
Last Modified: 2010-03-05
I have a form created using CGI
http://www.regsoft.com/cgi-bin/cd_purchase.pl?6364=100

If any of the following special charactes ("|",";","*","`","<",">") are put into any of the fields and the submit button is hit - the script that gets executed pukes.

I put some code in to try to trap it :

###########################
# Check for special Chars #
###########################

@specialchars=("|",";","*","`","<",">");
foreach $char (@specialchars)
{
   if (($FORM{'companyname'} =~ \$char)) { &badchar('Company Name',"$char");last;}
   if (($FORM{'billingname'} =~ \$char)) { &badchar('Name',"$char") ;last;}
   if (($FORM{'billingaddress'} =~ \$char)) { &badchar('Address',"$char") ;last;}
   if (($FORM{'billingaddress2'} =~ \$char)) { &badchar('Address2',"$char") ;last;}
   if (($FORM{'billingcity'} =~ \$char)) { &badchar('City',"$char") ;last;}
   if (($FORM{'billingstate'} =~ \$char)) { &badchar('State',"$char") ;last;}
   if (($FORM{'billingcountry'} =~ \$char)) { &badchar('Country',"$char") ;last;}
   if (($FORM{'billingzip'} =~ \$char)) { &badchar('Zip/Postal Code',"$char") ;last;}
   if (($FORM{'billingphone'} =~ \$char)) { &badchar('Phone Number',"$char") ;last;}
   if (($FORM{'cardtype'} =~ \$char)) { &badchar('Credit Card',"$char") ;last;}
   if (($FORM{'cardnumber'} =~ \$char)) { &badchar('Card Number',"$char") ;last;}
   if (($FORM{'comments'} =~ \$char)) { &badchar('Comments',"$char") ;last;}

}

But it still pukes.  How can I avoid this from happening???



0
Comment
Question by:regsoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
b2pi earned 100 total points
ID: 1206922
perldoc URI::Escape shows something like

use URI::Escape;
$safe = uri_escape($FORM{comments}, "^A-Za-z909"); # probably overkill, but safe
$unsafe = uri_unescape($safe);

Note that $unsafe is equal to $FORM{comments};
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Perl strange behaviour 5 74
collecting information 2 204
Using Perl to parse rows 7 101
Extract data from span tag 1 96
A year or so back I was asked to have a play with MongoDB; within half an hour I had downloaded (http://www.mongodb.org/downloads),  installed and started the daemon, and had a console window open. After an hour or two of playing at the command …
Checking the Alert Log in AWS RDS Oracle can be a pain through their user interface.  I made a script to download the Alert Log, look for errors, and email me the trace files.  In this article I'll describe what I did and share my script.
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question