Solved

Special Characters

Posted on 1998-12-11
1
236 Views
Last Modified: 2010-03-05
I have a form created using CGI
http://www.regsoft.com/cgi-bin/cd_purchase.pl?6364=100

If any of the following special charactes ("|",";","*","`","<",">") are put into any of the fields and the submit button is hit - the script that gets executed pukes.

I put some code in to try to trap it :

###########################
# Check for special Chars #
###########################

@specialchars=("|",";","*","`","<",">");
foreach $char (@specialchars)
{
   if (($FORM{'companyname'} =~ \$char)) { &badchar('Company Name',"$char");last;}
   if (($FORM{'billingname'} =~ \$char)) { &badchar('Name',"$char") ;last;}
   if (($FORM{'billingaddress'} =~ \$char)) { &badchar('Address',"$char") ;last;}
   if (($FORM{'billingaddress2'} =~ \$char)) { &badchar('Address2',"$char") ;last;}
   if (($FORM{'billingcity'} =~ \$char)) { &badchar('City',"$char") ;last;}
   if (($FORM{'billingstate'} =~ \$char)) { &badchar('State',"$char") ;last;}
   if (($FORM{'billingcountry'} =~ \$char)) { &badchar('Country',"$char") ;last;}
   if (($FORM{'billingzip'} =~ \$char)) { &badchar('Zip/Postal Code',"$char") ;last;}
   if (($FORM{'billingphone'} =~ \$char)) { &badchar('Phone Number',"$char") ;last;}
   if (($FORM{'cardtype'} =~ \$char)) { &badchar('Credit Card',"$char") ;last;}
   if (($FORM{'cardnumber'} =~ \$char)) { &badchar('Card Number',"$char") ;last;}
   if (($FORM{'comments'} =~ \$char)) { &badchar('Comments',"$char") ;last;}

}

But it still pukes.  How can I avoid this from happening???



0
Comment
Question by:regsoft
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 5

Accepted Solution

by:
b2pi earned 100 total points
ID: 1206922
perldoc URI::Escape shows something like

use URI::Escape;
$safe = uri_escape($FORM{comments}, "^A-Za-z909"); # probably overkill, but safe
$unsafe = uri_unescape($safe);

Note that $unsafe is equal to $FORM{comments};
0

Featured Post

Enroll in June's Course of the Month

June's Course of the Month is now available! Every 10 seconds, a consumer gets hit with ransomware. Refresh your knowledge of ransomware best practices by enrolling in this month's complimentary course for Premium Members, Team Accounts, and Qualified Experts.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I have been pestered over the years to produce and distribute regular data extracts, and often the request have explicitly requested the data be emailed as an Excel attachement; specifically Excel, as it appears: CSV files confuse (no Red or Green h…
In the distant past (last year) I hacked together a little toy that would allow a couple of Manager types to query, preview, and extract data from a number of MongoDB instances, to their tool of choice: Excel (http://dilbert.com/strips/comic/2007-08…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
Six Sigma Control Plans

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question