perl - Remove unsafe HTTP characters from a string -


i have send bunch of string variables payloads in http post message using perl.

i want remove "unsafe" characters, such < > “ ‘ % ; ) ( & + string variable.

i know can use regex pattern find , replace each of these characters, wondering if there's existing perl library that.

for example, found apache::util

my $esc = apache::util::escape_uri($uri);

can use apache::util::escape this? or there better way?

edit 1: have mentioned unsafe, mean characters < > “ ‘ % ; ) ( & + can used in sql-injection. don't know how describe problem better.

edit 2: here's code working on -it's embedded perl code:

$cgi = cgi->new(); $param1 = $cgi->param('param1'); $param2 = $cgi->param('param2'); $param3 = $cgi->param('param3');  # want remove unsafe characters (< > “ ‘ % ; ) ( & +) $param1, $param2 , $param3 # q is, use apache::util::escape_uri; if that's removing unsafe chars uri? # or use uri::escape 'uri_escape';?  $script = <<__html__;     <script>        api.call ({             'parama': '$param1',             'paramb': '$param2',             'paramc': '$param3'         });     </script> __html__

edit 3: if else has same question, ended writing perl function looks characters such "(", "{", "$", ";", etc , removes them provided string parameter.

list of characters escaping are: ";", "(", ")", "[", "]", "{", "}", "~", "`", "/", "<", ">", "&", "|", "'", "\"", "\\"

obviously, there's room exclusions well.

there no general definition of unsafe characters, falls determine whether of answers fulfill requirement

looking @ the source of apache::util unpleasant things own name space, , wouldn't trust it. intended used component of mod_perl, , shouldn't accessed in isolation

i think canonical way of escaping http uris use uri::escape module

use uri::escape 'uri_escape';

you must provide data , code more this


Comments

Post a Comment

Popular posts from this blog

sql server - Cannot query correctly (MSSQL - PHP - JSON) -

i have little problem on project. , turns out query result returns nothing when value of first name or last name has 'ñ' in it. here's code config.php: <?php ini_set('mssql.charset', 'utf-8'); header('content-type: text/html; charset=utf-8'); $servername = "192.168.1.21"; /* ip add of db server */ $connection = array("database" => "db", "uid" => "?", "pwd" => "***"); $conn = sqlsrv_connect($servername, $connection); if(!$conn){ echo "connection not established."; die(print_r(sqlsrv_errors(), true)); } ?> myquery: $idnumber = $_post["idnum"]; $response = array(); $query2 = "select clname, cfname, cmname, cqualifier student cidno = '$idnumber'"; try{ $stmt2 = sqlsrv_query($conn, $query2); } catch(pdoexeption $ex){ $response["success"] = 0; $response["message"] = "d...
Read more

php - trouble displaying mysqli database results in correct order -

i have table in database stores events , date expire. want display events on website display current events first expired events after? i have tried following sql $sql = "select noticeid, notice, noticedesc, noticeimg, noticedate, expirydate tbl_notices group noticeid ,expired order expirydate asc"; but returns expired results first due expirydate being ordered asc in query. my tbl_notice structure looks this noticeid => int(4) notice => varchar(100) noticedesc => text noticedate => timestamp noticeimg => varchar(40) expirydate => datetime expired => int(1) 0 current or 1 expired my php code is $sql = "select noticeid, notice, noticedesc, noticeimg, noticedate, expirydate tbl_notices group noticeid ,expired order expirydate asc"; $result = mysqli_query($conn,$sql); if ($result->num_rows > 0) { // output data of each row while($row = $result->fetch_assoc()) { ...
Read more

C++ Linked List -

i trying create linked list download txt file , use linked list handle file line line. when handling downloaded linked list operations performed on such text editor would. encountering problems however. seems "node(string value)" section of code has wrong though original node() declaration no arguments passes. unable figure out quite is. node.h class node { public: node(); node(string value); void setnext(node *nextnode); // allows user set "next" pointer of node points friend class linkedlist; private: string data; // data box node* next; // pointer box }; node.cpp # include <string> # include "node.h" using namespace std; node::node() { data = ""; next = null; } node::node(string value) { data = value; next = null; } void node::setnext(node *nextnode) // allows user set "next" pointer of node points { this->next = nextnode; } your #include <string> ...
Read more