Sanitize form input using CGI.pm
Snippet Menu
5
Mon. Oct. 9th, 2006 8:44 AM 
1 of 1
RobHarrigan
"form input" | "SQL Injection" | Clean | Prevent | XSS 
1 comments
Sanitize form input using CGI.pm to prevent XXS & SQL injections:
# Sanitize form input using CGI.pm
# To prevent XXS & SQL injections:
# New CGI object
my $query=new CGI;
# Get all param keys
my @params=$query->param;
# Traverse the keys
foreach my $p (@params){
# Remove HTML tags and all slashes before '
my $v=clean(detag($query->param($p)));
$query->param(-name=>$p, -value=>$v);
}
sub clean{
my $str=shift;
$str=~s|'|\'|g;
return $str;
}
sub detag{
my $str=shift;
$str=~s|<[^>]+>||g;
return $str;
}
rob Harrigan
Comments
Voting
Votes Up
Votes Down
# Traverse the keys
foreach my $p (@params){
# Get all values in list context
my @v=$query->param($p);
my @y;
# for each of these elements, clean and detag,
# Then push onto new value list
foreach my $v (@v){
$v=clean(detag($v));
push(@y, $v);
}
# Update query with reference to new value list
$query->param(-name=>$p, -value=>\@y);
}