In message <40504.1382576200@server1.tristatelogic.com>, I wrote:

Well, I added to the script some rudimentary filtering/validation of
the input strings in question also.
you need more than rudimentary filtering. make sure the from field is
one string, no newlines or anything but printable text.
Um, yes, sorry. I failed to make my meaning plain.

When I said "rudimentary filtering" of the input strings, what I really
had intended to say was that I implemented "quick and dirty" filtering of
the strings in question that is grotesquely *over*-restrictive in each
case. (The input validation steps for both name and e-mail address
*should*, ideally, be much looser than what I have now, but I am too
busy just now to deal with it.)

For example, if you try *now* to use my contact form and if you try to
use any ``funny'' characters at all in either your name or your e-mail
address, the current data collection script will basically refuse that
data and then tell you to try again.

(I hope that nobody from Europe who has umlauts or grave accents in the
correct spellings of their names needs to use that form to contact me
anytime soon. :-)

As a hypothetical, assume for the moment that one day I will have time
to implement the validation of the input strings ``properly''. Does
anyone wnat to pass me a free clue or two as to how I might do this?

The contact form is *really* simple:


I know that parsing e-mail address _properly_, i.e. according to all
current RFC rules can be really rather complex, so I'll start by
looking around to see if there is some existing off-the-shelf Perl
package that will do this for me. (Anybody know which one I should
be looking at on CPAN?) And I also know that if I want to be really
persnickety, I'll even check the domain name part to make sure it
has either an associated MX or A record in DNS. I may do that too,
but I don't need any help for that, because I already know my way
around the DNS:: stuff.

As regards to the (person's) name data, can anybody suggest a good and
proper filter for that? I'd like it to reject any string that contains
*any* characters that simply do not ever belong in a person's name...
not just newlines and such. For example, I don't know anybody who writes
their name with a (US) dollar sign or exclamation point or a asterisk,
or most other special characters. But I don't really know poo about
international character sets or how to handle them properly, so I really
have no idea how to even start working on a ``proper'' filter for the
name string.

Any helpful tips would be appreciated.


Search Discussions

Discussion Posts


Follow ups

Related Discussions

Discussion Navigation
viewthread | post
posts ‹ prev | 10 of 23 | next ›
Discussion Overview
groupbeginners @
postedOct 23, '13 at 10:18p
activeOct 25, '13 at 5:30a



site design / logo © 2021 Grokbase