{
    "mode": "perldoc",
    "parameter": "CGI::Untaint",
    "section": "",
    "url": "https://www.chedong.com/phpMan.php/perldoc/CGI%3A%3AUntaint/json",
    "generated": "2026-06-12T15:27:06Z",
    "synopsis": "use CGI::Untaint;\nmy $q = new CGI;\nmy $handler = CGI::Untaint->new( $q->Vars );\nmy $handler2 = CGI::Untaint->new({\nINCLUDEPATH => 'My::Untaint',\n}, $apr->parms);\nmy $name     = $handler->extract(-asprintable => 'name');\nmy $homepage = $handler->extract(-asurl => 'homepage');\nmy $postcode = $handler->extract(-aspostcode => 'address6');\n# Create your own handler...\npackage MyRecipes::CGI::Untaint::legalage;\nuse base 'CGI::Untaint::integer';\nsub isvalid {\nshift->value > 21;\n}\npackage main;\nmy $age = $handler->extract(-aslegalage => 'age');",
    "sections": {
        "NAME": {
            "content": "CGI::Untaint - process CGI input parameters\n",
            "subsections": []
        },
        "SYNOPSIS": {
            "content": "use CGI::Untaint;\n\nmy $q = new CGI;\nmy $handler = CGI::Untaint->new( $q->Vars );\nmy $handler2 = CGI::Untaint->new({\nINCLUDEPATH => 'My::Untaint',\n}, $apr->parms);\n\nmy $name     = $handler->extract(-asprintable => 'name');\nmy $homepage = $handler->extract(-asurl => 'homepage');\n\nmy $postcode = $handler->extract(-aspostcode => 'address6');\n\n# Create your own handler...\n\npackage MyRecipes::CGI::Untaint::legalage;\nuse base 'CGI::Untaint::integer';\nsub isvalid {\nshift->value > 21;\n}\n\npackage main;\nmy $age = $handler->extract(-aslegalage => 'age');\n",
            "subsections": []
        },
        "DESCRIPTION": {
            "content": "Dealing with large web based applications with multiple forms is a minefield. It's often hard\nenough to ensure you validate all your input at all, without having to worry about doing it in a\nconsistent manner. If any of the validation rules change, you often have to alter them in many\ndifferent places. And, if you want to operate taint-safe, then you're just adding even more\nheadaches.\n\nThis module provides a simple, convenient, abstracted and extensible manner for validating and\nuntainting the input from web forms.\n\nYou simply create a handler with a hash of your parameters (usually $q->Vars), and then iterate\nover the fields you wish to extract, performing whatever validations you choose. The resulting\nvariable is guaranteed not only to be valid, but also untainted.\n",
            "subsections": []
        },
        "CONSTRUCTOR": {
            "content": "new\nmy $handler  = CGI::Untaint->new( $q->Vars );\nmy $handler2 = CGI::Untaint->new({\nINCLUDEPATH => 'My::Untaint',\n}, $apr->parms);\n\nThe simplest way to contruct an input handler is to pass a hash of parameters (usually $q->Vars)\nto new(). Each parameter will then be able to be extracted later by calling an extract() method\non it.\n\nHowever, you may also pass a leading reference to a hash of configuration variables.\n\nCurrently the only such variable supported is 'INCLUDEPATH', which allows you to specify a\nlocal path in which to find extraction handlers. See \"LOCAL EXTRACTION HANDLERS\".\n",
            "subsections": []
        },
        "METHODS": {
            "content": "extract\nmy $homepage = $handler->extract(-asurl => 'homepage');\nmy $state = $handler->extract(-asusstate => 'address4');\nmy $state = $handler->extract(-aslikeusstate => 'address4');\n\nOnce you have constructed your Input Handler, you call the 'extract' method on each piece of\ndata with which you are concerned.\n\nThe takes an -aswhatever flag to state what type of data you require. This will check that the\ninput value correctly matches the required specification, and return an untainted value. It will\nthen call the isvalid() method, where applicable, to ensure that this doesn't just look like\na valid value, but actually is one.\n\nIf you want to skip this stage, then you can call -aslikewhatever which will perform the\nuntainting but not the validation.\n\nerror\nmy $error = $handler->error;\n\nIf the validation failed, this will return the reason why.\n",
            "subsections": []
        },
        "LOCAL EXTRACTION HANDLERS": {
            "content": "As well as as the handlers supplied with this module for extracting data, you may also create\nyour own. In general these should inherit from 'CGI::Untaint::object', and must provide an\n'untaintre' method which returns a compiled regular expression, suitably bracketed such that\n$1 will return the untainted value required.\n\ne.g. if you often extract single digit variables, you could create\n\npackage My::Untaint::digit;\n\nuse base 'CGI::Untaint::object';\n\nsub untaintre { qr/^(\\d)$/ }\n\n1;\n\nYou should specify the path 'My::Untaint' in the INCLUDEPATH configuration option. (See new()\nabove.)\n\nWhen extract() is called CGI::Untaint will also check to see if you have an isvalid() method\nalso, and if so will run this against the value extracted from the regular expression (available\nas $self->value).\n\nIf this returns a true value, then the extracted value will be returned, otherwise we return\nundef.\n",
            "subsections": [
                {
                    "name": "is_valid",
                    "content": "e.g. in the above example, if you sometimes need to ensure that the digit extracted is prime,\nyou would supply:\n\nsub isvalid { (1 x shift->value) !~ /^1?$|^(11+?)\\1+$/ };\n\nNow, when users call extract(), it will also check that the value is valid(), i.e. prime:\n\nmy $number = $handler->extract(-asdigit => 'value');\n\nA user wishing to skip the validation, but still ensure untainting can call\n\nmy $number = $handler->extract(-aslikedigit => 'value');\n"
                },
                {
                    "name": "Test::CGI::Untaint",
                    "content": "If you create your own local handlers, then you may wish to explore Test::CGI::Untaint,\navailable from the CPAN. This makes it very easy to write tests for your handler. (Thanks to\nProfero Ltd.)\n"
                }
            ]
        },
        "AVAILABLE HANDLERS": {
            "content": "This package comes with the following simplistic handlers:\n\nprintable  - a printable string\ninteger    - an integer\nhex        - a hexadecimal number (as a string)\n\nTo really make this work for you you either need to write, or download from CPAN, other\nhandlers. Some of the handlers available on CPAN include:\n\nasin         - an Amazon ID\nboolean      - boolean value\ncountry      - a country code or name\ncreditcard   - a credit card number\ndate         - a date (into a Date::Simple)\ndatetime     - a date (into a DateTime)\nemail        - an email address\nhostname     - a DNS host name\nhtml         - sanitized HTML\nipaddress    - an IP address\nisbn         - an ISBN\nukpostcode  - a UK Postcode\nurl          - a URL\nzipcode      - a US zipcode\n",
            "subsections": []
        },
        "BUGS": {
            "content": "None known yet.\n",
            "subsections": []
        },
        "SEE ALSO": {
            "content": "CGI. perlsec. Test::CGI::Untaint.\n",
            "subsections": []
        },
        "AUTHOR": {
            "content": "Tony Bowden\n\nBUGS and QUERIES\nPlease direct all correspondence regarding this module to: bug-CGI-Untaint@rt.cpan.org\n\nCOPYRIGHT and LICENSE\nCopyright (C) 2001-2005 Tony Bowden. All rights reserved.\n\nThis module is free software; you can redistribute it and/or modify it under the same terms as\nPerl itself.\n",
            "subsections": []
        }
    },
    "summary": "CGI::Untaint - process CGI input parameters",
    "flags": [],
    "examples": [],
    "see_also": []
}