Re: Server-side Form Validation (Perl)
by David Mintz <mambomintz(at)yahoo.com>
|
Date: |
Fri, 14 Jul 2000 08:49:12 -0700 (PDT) |
To: |
hwg-languages(at)hwg.org |
|
todo: View
Thread,
Original
|
|
--- Quackamoe <quackamoe(at)yahoo.com> wrote:
> All the examples of form validation* I can find
> use JavaScript. I'd like to use Perl instead so
> I don't have to worry about somebody having JS
> turned off. (And because I know Perl a bit more
> than JS.) ;) Even Lincoln Stein's book uses
> JS for this.
Usually, most of the hardest work is validation, and
the rest is just fun (mailing form input, inserting a
row of data in a database or building a query or
whatever).
I agree that if you're serious about validation, you
obviously HAVE to do it server-side.
I've experimented with different techniques to make it
efficient, but don't claim to have it down. I've
stolen freely from more people than I can remember,
and hvae added a few twists of my own.
I recently wrote a Perl script that among other things
collected contact info from the user for insertion in
a database. I decided to create a multidimension
array, each of whose elements was a list consisting of
the form field's name/label, field length, max length,
and option default value. I called my required fields
"* Fieldname", and put the array elements in order of
appearance on the page. This way I could call a
function to print each row of my table/form like so:
for ( @contact_fields ) {
printrow(@{$_});
}
Here's how printrow looks:
sub printrow {
my ($field, $size, $max, $default) = @_;
my $label = $field;
$label =~ s/^\*/<font color="red">*<\/font>/;
print qq(<tr><td align="right">$label</td><$td>),
textfield(-size=>$size, -name=>$field, -value
=>param($field)? param($field) : $default,
-maxlength=>$max), "</td></tr>";
}
----------------------------------------------------
BTW you have to have loaded CGI.pm for the textfield()
function above
When it came time for validation, I did the following.
Note the use of the Email:Valid module for checking
for a well-formed email address.
----------------------------------------------------
my @required;
my @booboos; # or should I call it @crimes?
foreach my $field (@contact_fields) {
if ($field->[0] =~ /^\*/) {
push (@required, $field->[0]);
}
}
for (@required) {
if (!param($_)) {
s/^\* //;
push (@booboos, "Your $_ field is blank") ;
$err++;
}
} # easy, huh?
# requires the Email::Valid module
if ( param('* Email') and
!Email::Valid->address(param('* Email')) ) {
push (@booboos, param('* Email') . " does not look
like a valid email address");
$err++;
}
if ( my $url = param("Web site") ) {
if ( $url =~ /\S+\s+\S+|[@;]/ ) {
$err++;
push (@booboos, "$url does not look like a
valid URL");
}
}
## password check (they're supposed to create a
## password and confirm it)
if ( !param('passwd') && param('passwd2')) {
$err++;
push @booboos, "You did not enter a password";
}
if ( param('passwd') && param('passwd2')
&& param('passwd') ne param('passwd2') ) {
$err++;
push @booboos, "Your 'confirmation' password
does not match your password";
}
if ( param('passwd') && !param('passwd2') ) {
$err++;
push @booboos, "You did not re-enter your
password for confirmation"
}
if ( !param('passwd') && !param('passwd2') ) {
$err++;
push @booboos, "You did not enter a password
and reconfirm it."
}
if ($err) {
$errmsg = "I can't accept your form because: "
. ul( li (\@booboos) ) . "Please scroll
down and try again.<br><br>" ;
print_contact_form($errmsg);
exit;
} else {
# do your thing with the data they gave you
# and tell them to go have a nice day
}
David
David Mintz
Spanish Interpreter, US District Court
Southern District of New York
Web Design & Hosting http://www.dmintzweb.com
Personal http://www.panix.com/~dmintz
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
HWG: hwg-languages mailing list archives,
maintained by Webmasters @ IWA