Thank you Jeff, Very nice.
I will give it a try. (In some cases I know the values will be digits). John Kent -----Original Message----- From: Jeff 'japhy' Pinyan [mailto:[EMAIL PROTECTED] Sent: Saturday, July 17, 2004 10:34 AM To: Kent, Mr. John (Contractor) Cc: [EMAIL PROTECTED] Subject: Re: Efficient Untaint? On Jul 17, Kent, Mr. John (Contractor) said: >Is there a more efficient/better way to untaint variables >pulled from a cgi query object? I'd make an untaint function that took the param() name, a regex to use, and a default value to use. sub untaint { my ($name, $rx, $default) = @_; my $ok = $query->param($name) =~ $rx ? $1 : $default; $query->param($name, $ok); } You use it like so: my $MOSIAC_SCALE = untaint('MOSIAC_SCALE', qr/(\d+)/, 20); # etc. As for your code: > my($MOSAIC_SCALE) = $query->param('MOSAIC_SCALE') || "20"; > {$MOSAIC_SCALE =~ /(\d+)/; > $MOSAIC_SCALE = $1; You should *never* use $DIGIT variables after a regex unless you're sure the regex *matched*. -- Jeff "japhy" Pinyan % How can we ever be the sold short or RPI Acacia Brother #734 % the cheated, we who for every service http://japhy.perlmonk.org/ % have long ago been overpaid? http://www.perlmonks.org/ % -- Meister Eckhart -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
