Perl Form Validation using CGI scripting

Question

I'm trying to achieve one last task for my assignment is to validate the form before submit it to the another CGI program.

What happen is that I have a simple CGI program that will ask user to input the data

#!/usr/bin/perl -w

use CGI qw/:standard/;

# Standard HTTP header
print header();

# Write information to data file and produce a form
&printForm();

# Finish HTML page
print end_html();

# This sub will create a form to access the print_fortune.cgi script
sub printForm
{
        print qq~

<html>
<head><title>My Search Engine</title>
</head>

<body>
  <form action="b1.cgi" method="GET">
        What is your e-msil address? <input type="text" name="passing" size=40>
        <input type="submit" value="send address">
        <input type="hidden" name="form" value="insert" />
        </form>

<form method="get" action="b1.cgi" enctype="application/x-www-form-urlencoded">

<input type="text" name="search" value="" size="30" /><br />

<label><input type="radio" name="option" value="name" checked="checked" />name</label>

<label><input type="radio" name="option" value="author" />author</label><label>

<input type="radio" name="option" value="url" />url</label>

<label><input type="radio" name="option" value="keyword" />keyword</label>

<input type="submit" name=".submit" value="Search" />
<input type="hidden" name="passing" value="http://default.com" />

<div><input type="hidden" name="form" value="search"  /></div></form>


</body>

So the above program contains two forms. One is to add new data to the database and the other one is to search from the database.

#!/usr/bin/perl

print "Content-type: text/html\n\n";

use LWP::Simple;
use CGI;
use HTML::HeadParser;
use DBI;

my $serverName = "";
my $serverPort = "";

my $serverUser = "";
my $serverPass = "";
my $serverDb   = "";

my $serverTabl = "";

$cgi = CGI->new;

my $pass = $cgi->param('passing');

$URL = get ("$pass");

$head = HTML::HeadParser->new;

$head->parse("$URL");

my $methods = $cgi->param('form');


if ($methods eq "insert"){

insert_entry();

}

show_entries();

sub insert_entry {
    my ($dbh, $success, $name, $author, $url,$temp);

    $dbh = DBI->connect("DBI:mysql:database=$serverDb;host=$serverName;port=$serverPort",$serverUser,$serverPass);
    $name = $head->header('X-Meta-Name');
    $author = $head->header('X-Meta-Author');
    $url = $cgi->param('passing');
    $temp = $head->header('X-Meta-Keywords');
    @keyword = split(/,/,$temp);


    $success = $dbh->do("INSERT INTO $serverTabl(name,author,url,keyword1,keyword2,keyword3,keyword4,keyword5) VALUES(?,?,?,?,?,?,?,?)", undef,$name,$
author,$url,$keyword[0],$keyword[1],$keyword[2],$keyword[3],$keyword[4]);
    $dbh->disconnect;
    if($success != 1) {
       return "Sorry, the database was unable to add your entry.
                                Please try again later.";
    } else {
        return;
      }
}

sub show_entries {
    my ($dbh, $sth, @row);
    my $search = $cgi->param('search');
    my $option = $cgi->param('option');

    $dbh = DBI->connect("DBI:mysql:database=$serverDb;host=$serverName;port=$serverPort",$serverUser,$serverPass);

    $sth = $dbh->prepare("SELECT *
                          FROM $serverTabl
                          WHERE $option LIKE '%$search%'");
    $sth->execute;
    print "Existing Entries",HR;
    while(@row = $sth->fetchrow_array) {
          $row[5] = scalar(localtime($row[5]));
          print "<table border='2'><tr>";
          print "<td>" .  $row[0] . "</td>";
          print "<td>Name" . $row[1] . "</td>";
          print "<td>Author" . $row[2] . "</td>";
          print "<td>URL" . $row[3] . "</td>";
          print "<td>Keyword1" . $row[4] . "</td>";
          print "<td>Keyword2" . $row[5] . "</td>";
          print "<td>Keyword3" . $row[6] . "</td>";
          print "<td>Keyword4" . $row[7] . "</td>";
          print "<td>Keyword5" . $row[8] . "</td>";
          print "</tr></table>";
     }
     $sth->finish;
     $dbh->disconnect;
}

So now the question is how can I do a regular expression for the form submission before it goes to the second program?

I want to do validation for

• name allows spaces but only alphabetical characters
• author allows spaces but only alphabetical characters
• keywords allows no spaces and only alphabetical characters
• url only allows alphanumerical characters and the following :/.~?=+& No two periods can exist consecutively.

Answer 1

The perluniprops Perl document lists all the \p regular expression properties.

For a string that contains only letters, you want

/^[\p{Alpha}]+$/

For a string that contains only letters and spaces you want

/^[\p{Alpha}\x20]+$/

To match a URL the documentation of the URI module gives this as an official pattern to match a URL

m|^(?:([^:/?#]+):)?(?://([^/?#]*))?([^?#]*)(?:\?([^#]*))?(?:#(.*))?$|

Be sure to cite the references in your work to get extra marks!