On Mon, Aug 13, 2012 at 5:42 AM, Owen <[email protected]> wrote:
> I have a web form with a text area that I feed back through a cgi
> script and "filter" the text with;
>
> $q1_elaborate =~ s/[^[:alpha:]' .-]//g;
> quotemeta($q1_elaborate);
>
> However, it removes line feeds as well, so maybe that code is not all
> that good.
Well the idea is to remove anything that might be bad but whitespace
isn't bad so change that one blank in there for the \s metachar:
$q1_elaborate =~ s/[^[:alpha:]'\s.-]//g;
quotemeta($q1_elaborate);
The "trick" here is it's using a character class for the match and the
initial caret ("^") negates the class so it means "replace anything
that is non-alph, single quote, whitespace, literal period or a dash
with "nothing". However (perldoc -f quotemeta
quotemeta EXPR
quotemeta
Returns the value of EXPR with all non-"word" characters
backslashed. (That is, all
characters not matching "/[A-Za-z_0-9]/" will be preceded by a backslash in the
returned string, regardless of any locale settings.) This is the
internal function
implementing the "\Q" escape in double-quoted strings.
The key there being "returns - so I believe you'd want
$q1_elaborate = quotemeta($q1_elaborate);
Finally, while it probably doesn't matter here, IMNSHO, you should
check your matching and react accordingly. If $q1_elaborate has one of
the non-valid chars, do you care?
if ( $q1_elaborate =~ s/[^[:alpha:]'\s.-]//g ) {
# if appropriate
warn("Non-valid chars in q1_elaborate\n");
}
$q1_elaborate = quotemeta($q1_elaborate);
Again, not a big gain here, but as a rule of thumb - doing your
match/subst in an if or if/else will give you a more robust program.
--
a
Andy Bach,
[email protected]
608 658-1890 cell
608 261-5738 wk
--
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
http://learn.perl.org/
