Hi Folks > > Fortunately I am neither advocating nor desiring a pure-Perl form > > validation module, but I don't understand the resistance to this. The > > poor bloke is saying -- "look, I have folks who want to utilize my > > scripts in situations where they cannot compile modules... what do I > > do? Give them something or give them nothing?" I am surprised that > > there is so much vehemence against this. I don't believe Lyle is > > saying that a pure-Perl alternative is better or even as good as the > > compiled modules... all he wants is an alternative, which, while most > > likely unsuitable for more than the simple cases, is likely a pretty > > good fit for those simple cases. > > > > I heartily agree :)
So do I... I'm delighted this thread has gotten various ideas spelled out. To be more specific, I'm not against things when: o The advantages are clear o The disadvantages are understood Many things in like, and in programming, are compromises. What worried me about the regexp approach is that the disadvantages may have been under-estimated. Without even thinking about it, I'm instantly convinced too many special cases would arise to mitigate (lessen, enfeeble) the effectiveness of such an approach /where any reasonable alternative was available/. The problem is not a 'pure Perl' version 'v' an XS version. That's an installation issue, not a quality or design issue. In other words, lack of a compiler is a constraint to be worked abround. The problems are: o A web page can be saved, edited to delete the JS validation, and submitted with malicious data (i.e. corrupt intent), which means server-side is the only place security/data protection issues can be implemented. The client side work, as explained, is for user-convenience, i.e. nice-to-have. o Partial error checking (e.g using a regexp) means end-user pain when things go wrong, as they inevitablly will, and support-staff hassles, including trying the educate the end-user, amongst other things. o Since server-side validation must be done anyway, for any self-respecting claim to a quality package, don't spend time on a partial, client-side, solution. So, weigh up the constaints, programmer time available, priorities, etc, and go for it! -- Ron Savage r...@savage.net.au http://savage.net.au/index.html ##### CGI::Application community mailing list ################ ## ## ## To unsubscribe, or change your message delivery options, ## ## visit: http://www.erlbaum.net/mailman/listinfo/cgiapp ## ## ## ## Web archive: http://www.erlbaum.net/pipermail/cgiapp/ ## ## Wiki: http://cgiapp.erlbaum.net/ ## ## ## ################################################################