【发布时间】:2016-11-05 15:32:15
【问题描述】:
我正在创建一个 CGI perl 脚本,用户可以在其中输入名字、姓氏和电话号码。然后,我使用一些正则表达式检查他们输入的数据,以确保数据格式正确,例如:电话是数字而不是字母。
问题是当我从浏览器执行我的脚本时,我得到了表单,但是当我输入不正确的格式时,我没有得到错误。我已经尝试更改我的脚本,但我没有更正这个问题。 这是我的脚本:
#!/usr/bin/perl -w
use strict; #options
my %errors;
my %form;
my %fields = (
"lname" => "Last Name",
"phone" => "Phone Number",
"fname" => "First Name"
);
my %patterns = (
"fname" => '[A-Z][a-z]{2,50}',
"phone" => '[\d{3}-\d{3}-\d{4}',
"lname" => '[A-Z][A-Za-z]{2,60}'
);
#sequence that form fields are printed/processed
my @formSequence = ("fname", "lname", "phone");
print "Content-Type: text/html;charset=ISO-8859-1\n\n";
&startxhtml;
if ($ENV{REQUEST_METHOD} eq "GET") {
&printform;
exit;
}
else {
&readformdata;
if (&checkrequiredfields) {
print "Form Data validated successfully!";
exit;
}
else {
&checkrequiredfields;
&printform;
}
}
=for
if($ENV{REQUEST_METHOD} eq "POST")
{
&readformdata();
#&printformdata;
if(&checkrequiredfields)
{
print "Form data validated successfully";
}
else
{
&printform();
}
}
=cut
print qq~</body></html>\n~;
sub checkrequiredfields
{
my $success = 1;
foreach(keys (%fields))
{
if($form{$_} !~ $patterns{$_})
{
$errors{$_} = "Error: $fields{$_} is missing or incorrect format\n";
$success = 0;
}
}
return $success;
}
sub printform
{
print qq~<html>
<head>
<title>Taint Checking</title>
</head>
<body>
<form action="/new-cgi/file5.cgi" method="POST">
<center>
<h2>Student Survery</h2>
Last Name:<input type=text name=lname value=$form{lname}>
<br>
$errors{lname}
First Name:<input type=text name=fname value=$form{fname}>
<br>
$errors{fname}
Phone Number:<input type=text name=phone value=$form{phone}>
<br>
$errors{phone}
<input type=submit value="Insert" name=Insert>
</form>
</center>
</body>
</html>
~;
}
sub startxhtml
{
print qq~
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><title>Taint checking</title>
<body>
~;
}
sub readformdata
{
#Read and decode form data
my $input = <>;
my @pairs = split(/&/, $input);
my ($name, $value);
foreach(@pairs)
{
($name, $value) = split(/=/, $_);
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$form{$name} = $value;
}
}
当我从浏览器访问此脚本时,我会收到表单,但如果我输入错误的格式,我不会收到警告。
有人可以建议我做错了什么。谢谢
【问题讨论】:
-
您是否尝试在您的
%pattens声明中使用qr/.../包装您的正则表达式字符串? -
此外,不再需要在子例程调用前加上
&,即您可以只使用checkrequiredfields;而不是&checkrequiredfields; -
此代码looks rather familiar。在深入了解它之前,您可以查看some of the issues I pointed out with it yesterday。
-
至少,至少,
use CGI。不要手动操作。