[CDBI] Class::DBI::Untaint

Peter Speltz peterspeltz at gmail.com
Tue Nov 15 11:48:40 GMT 2005


On 11/15/05, Jay Hargreaves <jay at rigadon.com> wrote:
> Hi all!
>
> I have a web application that is using Class::DBI::Untaint to verify a
> URL is indeed a URL (CGI::Untaint::url).
>
> My problem is that the URL field is optional so sometimes the user will
> not enter any information at all in this field. When they do this they
> get the usual validate_column_values error!
>
> Is there some way to make the validation optional - ie - to check the
> URL for validity ONLY if the user has entered a value?
>

This is one of the "bugs" (or "features")   i was referring to of a
CGI::Untaint system.  You basically have 3 choices:
1) Override every untaint handler (CGI::Untaint::date/url/...) to
allow and empty value.
 2) Override Class::DBI::Untaint to use CGI::UntaintPatched which
works as you want for all Untaint types.
3)  Override CGI::Untaint to do what you want.

There is some archived discussion of this.




More information about the ClassDBI mailing list