CGI::FormMagick::Validator - validate data from FormMagick forms

SYNOPSIS

use CGI::FormMagick::Validator;

DESCRIPTION

This module provides some common validation routines. Validation routines return the string "OK" if they succeed, or a descriptive message if they fail.

Validation routines provided:

nonblank

The data is not an empty string : $data ne ""

number

The data is a number (strictly speaking, data is a positive number): $data =~ /^[0-9.]+$/

word

The data looks like a single word: $data !~ /\W/

minlength(n)

The data is at least n characters long: length($data) >= $n

maxlength(n)

The data is no more than n characters long: length($data) <= $n

exactlength(n)

The data is exactly n characters long: length($data) E== $n

lengthrange(n,m)

The data is between n and c<m> characters long: length($data) >= $n and length($data) <= $m.

url

The data looks like a (normalish) URL: $data =~ m!(http|ftp)://[\w/.-/)!

email

The data looks more or less like an internet email address: $data =~ /\@/

Note: not fully compliant with the entire gamut of RFC 822 addressing ;)

domain_name

The data looks like an internet domain name or hostname.

ip_number

The data looks like a valid IP number.

username

The data looks like a good, valid username

password

The data looks like a good password

date

The data looks like a date. Requires the Time::ParseDate module to be installed.

iso_country_code

The data is a standard 2-letter ISO country code. Requires the Locale::Country module to be installed.

US_state

The data is a standard 2-letter US state abbreviation. Uses Geography::State in non-strict mode, so this module must be installed for it to work.

US_zipcode

The data looks like a valid US zipcode

credit_card_number

The data looks like a valid credit card number. Checks the input for numeric characters only, length, and runs it through the checksumming algorithm used by most (all?) credit cards.

credit_card_expiry

The data looks like a valid credit card expiry date. Checks MM/YY and MM/YYYY format dates and fails if the date is in the past or is more than ten years in the future.

Using more than one validation routine per field

You can use multiple validation routines like this:

VALUE="foo" VALIDATION="my_routine, my_other_routine"

However, there are some requirements on formatting to make sure that FormMagick can parse what you've given it.

• Parens are optional on subroutines with no args. my_routine is equivalent to my_routine().

• You MUST put a comma then a space between routine names, eg my_routine, my_other_routine NOT my_routine,my_other_routine.

• You MUST NOT put a comma between args to a routine, eg my_routine(1,2,3) NOT my_routine(1, 2, 3).

This will be fixed to be more flexible in a later release.

Making your own routines

FormMagick's validation routines may be overridden and others may be added on a per-application basis. To do this, simply define a subroutine in your CGI script that works in a similar way to the routines provided by CGI::FormMagick::Validator and use its name in the VALIDATION attribute in your XML.

The arguments passed to the validation routine are the value of the field (to be validated) and any subsequent arguments given in the VALIDATION attribute. For example:

VALUE="foo" VALIDATION="my_routine"
===> my_routine(foo)

VALUE="foo" VALIDATION="my_routine(42)"
===> my_routine(foo, 42)

The latter type of validation routine is useful for routines like minlength() and lengthrange() which come with CGI::FormMagick::Validator.

Here's an example routine that you might write:

sub my_grep {
    my $data = shift;
    my @list = @_;
    if (grep /$data/, @list) {
        return "OK" 
    } else {
        return "That's not one of: @list"
    }
}

SEE ALSO

Be sure to read the SECURITY CONSIDERATIONS section in the main CGI::FormMagick documentation for information on performing extra validation under certain circumstances.

AUTHOR

Kirrily "Skud" Robert <skud@infotrope.net>

More information about FormMagick may be found at http://sourceforge.net/projects/formmagick/