tags:

views:

72

answers:

2
Q: 

validating radiogroup with perl/cgi

Is it possible to validate a radio group (so something is checked off, or chosen) using server-side validation with Perl? If so, how?

I already have it for JavaScript, but I want this form to be able to be submitted even without JavaScript enabled. Thus I will need the validation on the server-side.

There is no fixed name for the radio group, it can change, however there must be a name, so that @names = $cgi->param() will give all the names.

I'm thinking along something that will give me the type, like the type in JavaScript, to determine if it's a radio button in a group.

+4  A: 
Sinan Ünür  2010-03-09 16:47:20
Okay thank you! So it is not possible to see types.Would an alternative be to have a default radio with the same name to something that would trigger a failure, when I use the config file as a basis and make it default to a generic? Or do the hidden field way?
Tyug  2010-03-09 19:51:39
@Tyug: First, there are no types. You are confusing a user interface element with a type. Second, I have no idea what you mean with the sentence *Would an alternative be to have a default radio with the same name to something that would trigger a failure, when I use the config file as a basis and make it default to a generic?* Finally, don't trust information submitted to your CGI script to determine how the CGI script should validate inputs. **Maybe you should explain why you cannot use a known name for the radio group.**
Sinan Ünür  2010-03-09 20:08:03
Oh.. my bad for not being clear. I understand that there are no types.<br/>The second part is my thought of an alternative, which is to append another radio if there are none that is defaulted to. Thus guaranteeing that there will be a value in the radio group. The reason why I cannot know the name of the radio group is because they change depending on the config file chosen. Sometimes they might not even be there, and sometimes there may be more because due to the dynamic form. I also do not know which config they will use.
Tyug  2010-03-09 22:58:57
@Tyug I think it is time for you to formulate a coherent question collecting all these tidbits into something that fits together. What config file? Who are **they**? Think about these and write up a new question. You seem to have an X-Y problem: http://catb.org/~esr/faqs/smart-questions.html#explicit
Sinan Ünür  2010-03-09 23:25:06
Nope, I understood where I went wrong, and a better, more safe, way of avoiding the problem. Thanks to your security link. It was a helpful read.
Tyug  2010-03-10 14:09:39
Thank you very much for all your input!
Tyug  2010-03-10 14:10:08
Yep, my new design is much better and safer! Thanks a lot, seriously. I remembered why I had the config files, and it was for validation reasons and not just to render the form. Saved me a lot of pain from potential attacks. I'm glad this is my first CGI form.
Tyug  2010-03-12 16:14:44
@Tyug Your problem setup and solution makes a lot of sense now. Good luck.
Sinan Ünür  2010-03-12 17:15:16
+1  A: 

Pass another hidden input field containing the name of the radiogroup, then just read 

@values = $cgi->param($cgi->param("radiogroup_name")); // IIRC
dbemerlin  2010-03-09 16:52:54
And if the client suppresses this input field when posting to the server?
Oesor  2010-03-09 18:18:43
Oesor, how would the client suppress a hidden field?
Tyug  2010-03-09 19:45:33
@Tyug Whether a field is hidden is a user interface choice. I am afraid you do not know enough to know what you don't know when it comes to CGI programming. What happens in your script when someone types `http://example.com/shoot-myself-in-the-foot.pl?radiovar=yabadabadooo`?
Sinan Ünür  2010-03-09 20:09:51
nothing because i'm using post and not get.
Tyug  2010-03-09 22:41:01
Furthermore, I have protection against double submissions.
Tyug  2010-03-09 22:47:46
@Tyug I guess you have not heard of `wget` or `curl` or even Web Developer plugin for Firefox? You know what: Feel free to do whatever you want. But I have to point out that there is no good reason the server side script should not know the names of the inputs.
Sinan Ünür  2010-03-09 22:48:50
@Tyug => POST doesn't protect you, its just marginally harder to spoof
Eric Strom  2010-03-09 22:48:54
I have realized that... My mistake for going after what I thought would be a "simple" solution. After having a very problematic day yesterday. I guess this is what happens when someone gives me a project without real specifications.
Tyug  2010-03-10 14:05:00

related questions

Regex to replace Boolean with bool
How do I lock a file in Perl?
How do you use XML::Parser with Style => 'Objects'
Parsing XML Elements & Attributes with Perl
Regex to match all HTML tags except <p> and </p>
Best way to extract data from a FileMaker Pro database in a script?
What's the fastest way to determine a full URL from a relative URL (given a base URL).
Why can't I connect to my CAS server with Perl's AuthCAS?
Why can't I fetch wikipedia pages with LWP::Simple?
How do I perform a Perl substitution on a string while keeping the original?
How do I read in the contents of a directory in Perl?
How can Perl's system() print the command that it's running?
How can I test STDIN without blocking in Perl?
How do I tell if a variable has a numeric value in Perl?
Why doesn't my Perl map return anything?
How can I determine the type of a blessed reference in Perl?
Parsing attributes with regex in Perl
How do you retrieve selected text using Regex in C#?
Why does the Perl conditional operator not do what I expect?
Class::DBI-like library for php?
How do you create objects in Perl?
How do I remove duplicate items from an array in Perl?
Is The Perl Journal available online?
Can you force either a scalar or array ref to be an array in Perl?
What's the safest way to iterate through the keys of a Perl hash?