HTML::CheckArgs - Validate data passed to web applications
use HTML::CheckArgs; my @banned_domains = ( 'whitehouse.gov', 'gop.com' ); my $config = { email_address => { as => 'email', required => 1, label => 'Email Address', order => 1, params => { banned_domains => \@banned_domains }, }, num_tickets => { as => 'integer', required => 1, label => 'Number of Tickets', order => 2, params => { min => 0, max => 10 }, }, }; my $handler = HTML::CheckArgs->new( $config ); my ( $error_message, $error_code ); foreach my $field ( sort { $config->{$a}{order} <=> $config->{$b}{order} } keys %$config ) { if ( $handler->validate( $field, $ARGS{$field} ) ) { $ARGS{$field} = $handler->value; } else { push( @$error_message, $handler->error_message ); push( @$error_code, $handler->error_code ); } }
HTML::CheckArgs validates data passed to web applications. Architecturally, it is based on CGI::Untaint, and we follow that model of extensibility as well.
Most of the work is done in the $config hashref. $config's keys are the fieldnames to be validated. The following parameters can be passed in:
Name of the module that should be used to validate the data. The following modules are available:
Passed a date string in the format YYYYMM, will determine if the string is valid, and if the date is in the future.
Validates credit card numbers based on Luhn checksum.
Validates 2-character country code or full country name per Georgraphy::Countries.
Passed a date string, a format, and a regex of the format, will determine if the string represents a valid date.
Validates a dollar figure. Can optionally specify minimum and maximum vaues to check against.
Uses Email::Valid to check email addresses. Can optionally specify no administrative addresses (e.g. root@domain.com), no government addresses (me@dot.gov), or no addresses from a list of domains passed to the module.
Determines if number is a valid interger. Can optionally specify minimum and maximum values to check against.
Determines if a value is a member of a list passed to the module. Useful when the form input is a select or a radio button.
Determines if a string is valid phone number. Only does strict validation on US phone numbers, but other formats could be included.
Validates a postal or ZIP code. Only does strict validation on US ZIP codes.
Validates a two-character state abbrieviation or full name. Only does strict validation on US values.
A catch-all class. Can format the string per the routines in HTML::FormatData, and can also do regex checks, checks on the number of character, number of words, etc.
Uses URL::Find to validate the URL. Can optionally check the URL via LWP::UserAgent.
Set to 1 if the field is required. Default is 0 (not required).
The order the fields should be evaluated in.
Field name label to be used for user error messages.
A flag that can be passed to your error reporting instrument as an indicator of whether the error should be displayed to the user. Default is 0.
Extra parameters that should be passed to the specific module validating the data. Passing parameters to a module that does not support use this feature will cause it to 'die'. Passing unknown parameters will also cause it to 'die'.
Determines if the value returned should be cleaned up if the value is validated. Set to 1 to preserve the original value. Default is 0 (value will be cleaned). Some modules do not support cleaning the input. If you pass 'noclean' to one of these modules, it will 'die'.
Set to 1 if you want the value to be untainted. Default is 0 (don't untaint).
Please note that all untainting is done after a successful is_valid call to the specific validation module. If a value is_valid, we assume it is safe to untaint it without further checks, so the regex pattern /(.*)/s is used. If you want more rigorous checking, it is advisable that you improve the is_valid code or do alternate checks before untainting the value.
This method creates a new HTML::CheckArgs object, using the $config hashref. Returns the blessed object.
An optional $alt_messages parameter -- a hashref of alternate error messages keyed error codes -- can be used to override the default error messages passed back from the modules that perform the actual verification.
The following data can be get/set:
Each error registered has a unique code attached to it, in the format name_of_module_xx, where xx is a numerical code.
Each error also has a text message suitable for presentation to the user. Creating a custom lookup list based on error codes is certainly possible if you wish to override the default values.
If there is an error, 'value' retains the value originally passed in. Otherwise, value has the original value or a cleaned-up version depending on the $config hashref settings.
This gets the $config hashref value for a particular key. This is then passed to the specific module called to validate a specific value.
This gets the $alt_messages hashref value for a particular key. This is then used to override the default error message associated with a particular code.
Passes $field, $value and field-specific $config info to the proper module for validation.
Returns true if validation was successful, otherwise false.
Eric Folley, <eric@folley.net>
Copyright 2004-2005 by Eric Folley
This library is free software; you can redistribute it and/or modify it under the same terms as Perl itself.
To install HTML::CheckArgs, copy and paste the appropriate command in to your terminal.
cpanm
cpanm HTML::CheckArgs
CPAN shell
perl -MCPAN -e shell install HTML::CheckArgs
For more information on module installation, please visit the detailed CPAN module installation guide.