[cgiapp] [Fwd: Re: ValidateRM not PP]

Lyle webmaster at cosmicperl.com
Sun Jan 25 18:46:14 EST 2009

P Kishor wrote:
> On 1/25/09, Ron Savage <ron at savage.net.au> wrote:
>> Hi Lyle
>>  > I see. But there isn't a Pure Perl parser available, and for those that
>>  > really can't get HTML::Parser on their cheap shared hosting, isn't a
>>  > regexp that works most/some of the time better than nothing?
>> No, it's not 'better than nothing'. Ever.
>>  All you're doing is lighting the fuse on a time-bomb.
> Fortunately I am neither advocating nor desiring a pure-Perl form
> validation module, but I don't understand the resistance to this. The
> poor bloke is saying -- "look, I have folks who want to utilize my
> scripts in situations where they cannot compile modules... what do I
> do? Give them something or give them nothing?" I am surprised that
> there is so much vehemence against this. I don't believe Lyle is
> saying that a pure-Perl alternative is better or even as good as the
> compiled modules... all he wants is an alternative, which, while most
> likely unsuitable for more than the simple cases, is likely a pretty
> good fit for those simple cases.

I heartily agree :)

> In fact, my suggestion would be to not do any form validation with
> Perl as much as possible... form validation should be done in the
> browser, and it just might be best to do it with JavaScript so good
> data reaches the server in the first place. Then, on the server, check
> for sanity and security.

I had given up on the idea of using Data::FormValidator until I read 
someone post a link to
With a JS drop in for Data::FormValidator. It made sense to use these 
rather than create my own validation in JS and Perl.

I've now finished and tested the Pure Perl alternative functions in 
Data::FormValidator and they pass all the Build tests.
Note: These aren't a replacement to the XS modules, they are an 
alternative used only is the XS modules aren't available.

> In any case, I respectfully disagree with the "Ever" qualification to
> "No, it's not 'better than nothing.'" There just might be situations
> in which it maybe better than nothing.

I agree. I'm not saying that a regexp solution will ever compare 
HTML::Parser. Just that those who really don't have a choice, a 
developed and tested collection of regexps will likely be better than 
them having noting or writing their own.


More information about the cgiapp mailing list