On Jul 17, Kent, Mr. John (Contractor) said:
>>As for your code:
>>
>>> my($MOSAIC_SCALE) = $query->param('MOSAIC_SCALE') || "20";
>>> {$MOSAIC_SCALE =~ /(\d+)/;
>>> $MOSAIC_SCALE = $1;
>>
>>You should *never* use $DIGIT variables after a regex unless you're sure
>>the regex *matched*.
>
>(In some cases I know the values will be digits).
I disagree. You can never be sure what *user* input to your application
will be. Maybe it *should* be digits, but I can get around whatever
JavaScript or other client-side form-field validation you supply.
But it's not a taint-specific issue. *NEVER* use the $1, $2, etc.
variables unless you are *SURE* the regex matches. How can you be sure?
Use an if statement:
if ($str =~ /regex/) {
# use $1, $2, etc.
}
--
Jeff "japhy" Pinyan % How can we ever be the sold short or
RPI Acacia Brother #734 % the cheated, we who for every service
http://japhy.perlmonk.org/ % have long ago been overpaid?
http://www.perlmonks.org/ % -- Meister Eckhart
--
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
<http://learn.perl.org/> <http://learn.perl.org/first-response>
