Solved

Special Characters

Posted on 1998-12-11
1
233 Views
Last Modified: 2010-03-05
I have a form created using CGI
http://www.regsoft.com/cgi-bin/cd_purchase.pl?6364=100

If any of the following special charactes ("|",";","*","`","<",">") are put into any of the fields and the submit button is hit - the script that gets executed pukes.

I put some code in to try to trap it :

###########################
# Check for special Chars #
###########################

@specialchars=("|",";","*","`","<",">");
foreach $char (@specialchars)
{
   if (($FORM{'companyname'} =~ \$char)) { &badchar('Company Name',"$char");last;}
   if (($FORM{'billingname'} =~ \$char)) { &badchar('Name',"$char") ;last;}
   if (($FORM{'billingaddress'} =~ \$char)) { &badchar('Address',"$char") ;last;}
   if (($FORM{'billingaddress2'} =~ \$char)) { &badchar('Address2',"$char") ;last;}
   if (($FORM{'billingcity'} =~ \$char)) { &badchar('City',"$char") ;last;}
   if (($FORM{'billingstate'} =~ \$char)) { &badchar('State',"$char") ;last;}
   if (($FORM{'billingcountry'} =~ \$char)) { &badchar('Country',"$char") ;last;}
   if (($FORM{'billingzip'} =~ \$char)) { &badchar('Zip/Postal Code',"$char") ;last;}
   if (($FORM{'billingphone'} =~ \$char)) { &badchar('Phone Number',"$char") ;last;}
   if (($FORM{'cardtype'} =~ \$char)) { &badchar('Credit Card',"$char") ;last;}
   if (($FORM{'cardnumber'} =~ \$char)) { &badchar('Card Number',"$char") ;last;}
   if (($FORM{'comments'} =~ \$char)) { &badchar('Comments',"$char") ;last;}

}

But it still pukes.  How can I avoid this from happening???



0
Comment
Question by:regsoft
1 Comment
 
LVL 5

Accepted Solution

by:
b2pi earned 100 total points
ID: 1206922
perldoc URI::Escape shows something like

use URI::Escape;
$safe = uri_escape($FORM{comments}, "^A-Za-z909"); # probably overkill, but safe
$unsafe = uri_unescape($safe);

Note that $unsafe is equal to $FORM{comments};
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I've just discovered very important differences between Windows an Unix formats in Perl,at least 5.xx.. MOST IMPORTANT: Use Unix file format while saving Your script. otherwise it will have ^M s or smth likely weird in the EOL, Then DO NOT use m…
I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

832 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question