vi / perl question

[Victor Odhner]

Hi, Carl.

Use the 'tr' command to filter all your data, and
don't just look for CRs and LFs but all sorts of
bad stuff.

I don't know what an "Enter" is, in this context.
Are you running on Windows?  In an X window, you might
have key mapping issues.  Or is the information being
entered on a CGI form?

If the user has typed in something that was accepted as
a "line", I presume you are doing general filtering
anyway to prevent the user from entering dangerous garbage.
If you are accepting data in a CGI variable, from a form,
then it's mandatory to do that or the CGI will be unsafe.
Any CGI field you're going to re-display on the form
must also be filtered to remove < > so that the re-displayed
page can't cause bad things to happen in the user's browser.
(There are good articles out there about CGI exploits
and security -- look up those keywords.)

So:  for every form field, or every line you accept from
anywhere, I suggest using 'tr' to replace all bad characters
with nothing, i.e., delete them, and then append a fresh
newline when writing the line out to the DB file.

Vic

http://members.home.com/vodhner/resume.html
 -- or --
http://www.newearth.org/~victor/resume.html

Carl Parrish wrote:
> 
> Hey everyone,
> I'm working with a CGI application. Its writting to a flat file db. The
> flat file reades each line as a new record. Well in one of the fields
> the user can type in a enter. Which of course screws with reading the
> flat file. So I thought I'd just substutie the enters with another
> delimiter. Piece of cake. Only I don't seem to be able to find the
> enters. I thought doing a search for either "\n" or "\r" would do it but
> so far no luck. (In vi here is the command :%s/\n/:::/g ). Is there
> another escape char I should be looking for? Or should I try the hex code?
> 
> Thanks,
> Carl