[cgiapp] [Fwd: Re: ValidateRM not PP]
webmaster at cosmicperl.com
Sun Jan 25 18:46:14 EST 2009
P Kishor wrote:
> On 1/25/09, Ron Savage <ron at savage.net.au> wrote:
>> Hi Lyle
>> > I see. But there isn't a Pure Perl parser available, and for those that
>> > really can't get HTML::Parser on their cheap shared hosting, isn't a
>> > regexp that works most/some of the time better than nothing?
>> No, it's not 'better than nothing'. Ever.
>> All you're doing is lighting the fuse on a time-bomb.
> Fortunately I am neither advocating nor desiring a pure-Perl form
> validation module, but I don't understand the resistance to this. The
> poor bloke is saying -- "look, I have folks who want to utilize my
> scripts in situations where they cannot compile modules... what do I
> do? Give them something or give them nothing?" I am surprised that
> there is so much vehemence against this. I don't believe Lyle is
> saying that a pure-Perl alternative is better or even as good as the
> compiled modules... all he wants is an alternative, which, while most
> likely unsuitable for more than the simple cases, is likely a pretty
> good fit for those simple cases.
I heartily agree :)
> In fact, my suggestion would be to not do any form validation with
> Perl as much as possible... form validation should be done in the
> data reaches the server in the first place. Then, on the server, check
> for sanity and security.
I had given up on the idea of using Data::FormValidator until I read
someone post a link to
With a JS drop in for Data::FormValidator. It made sense to use these
rather than create my own validation in JS and Perl.
I've now finished and tested the Pure Perl alternative functions in
Data::FormValidator and they pass all the Build tests.
Note: These aren't a replacement to the XS modules, they are an
alternative used only is the XS modules aren't available.
> In any case, I respectfully disagree with the "Ever" qualification to
> "No, it's not 'better than nothing.'" There just might be situations
> in which it maybe better than nothing.
I agree. I'm not saying that a regexp solution will ever compare
HTML::Parser. Just that those who really don't have a choice, a
developed and tested collection of regexps will likely be better than
them having noting or writing their own.
More information about the cgiapp