[cgiapp] [Fwd: Re: ValidateRM not PP]
punkish at eidesis.org
Sun Jan 25 17:33:52 EST 2009
On 1/25/09, Ron Savage <ron at savage.net.au> wrote:
> Hi Lyle
> > I see. But there isn't a Pure Perl parser available, and for those that
> > really can't get HTML::Parser on their cheap shared hosting, isn't a
> > regexp that works most/some of the time better than nothing?
> No, it's not 'better than nothing'. Ever.
> All you're doing is lighting the fuse on a time-bomb.
Fortunately I am neither advocating nor desiring a pure-Perl form
validation module, but I don't understand the resistance to this. The
poor bloke is saying -- "look, I have folks who want to utilize my
scripts in situations where they cannot compile modules... what do I
do? Give them something or give them nothing?" I am surprised that
there is so much vehemence against this. I don't believe Lyle is
saying that a pure-Perl alternative is better or even as good as the
compiled modules... all he wants is an alternative, which, while most
likely unsuitable for more than the simple cases, is likely a pretty
good fit for those simple cases.
In fact, my suggestion would be to not do any form validation with
Perl as much as possible... form validation should be done in the
data reaches the server in the first place. Then, on the server, check
for sanity and security.
In any case, I respectfully disagree with the "Ever" qualification to
"No, it's not 'better than nothing.'" There just might be situations
in which it maybe better than nothing.
More information about the cgiapp