develooper Front page | perl.beginners | Postings from February 2002

RE: Allow only letters and numbers?

Thread Previous | Thread Next
From:
Timothy Johnson
Date:
February 21, 2002 20:04
Subject:
RE: Allow only letters and numbers?
Message ID:
C0FD5BECE2F0C84EAA97D7300A500D5002580FB7@SMILEY

Okay, I get what you're saying about \z, sort of, assuming that the user
doesn't have to enter in the text at a prompt and you're not reading from a
file where lines are delimited by newlines, but I don't get where this ties
into security.  Could you explain?

-----Original Message-----
From: Randal L. Schwartz [mailto:merlyn@stonehenge.com]
Sent: Thursday, February 21, 2002 7:50 PM
To: beginners@perl.org; Timothy Johnson; Jeff 'japhy' Pinyan
Subject: Re: Allow only letters and numbers?


>>>>> "Timothy" == Timothy Johnson <tjohnson@sandisk.com> writes:

Timothy> If you don't mind having underscores in your text, you could also
do this:

Timothy> if($string !~ /^\w+$/){  #If the string does not have only letters,
digits,
Timothy> and underscores from start to finish (\w)

Nope, that also permits "fred\n".  Remember that $ is the same as /\n?\z/.
You want \z instead.

Very common mistake, and could have drastic effects on security.
Bad.

-- 
Randal L. Schwartz - Stonehenge Consulting Services, Inc. - +1 503 777 0095
<merlyn@stonehenge.com> <URL:http://www.stonehenge.com/merlyn/>
Perl/Unix/security consulting, Technical writing, Comedy, etc. etc.
See PerlTraining.Stonehenge.com for onsite and open-enrollment Perl
training!

-- 
To unsubscribe, e-mail: beginners-unsubscribe@perl.org
For additional commands, e-mail: beginners-help@perl.org


--------------------------------------------------------------------------------
This email may contain confidential and privileged 
material for the sole use of the intended recipient. 
If you are not the intended recipient, please contact 
the sender and delete all copies.

Thread Previous | Thread Next


nntp.perl.org: Perl Programming lists via nntp and http.
Comments to Ask Bjørn Hansen at ask@perl.org | Group listing | About