$value = $record->ut_alpha('column');
$value = $record->ut_alphan('column');
$value = $record->ut_phonen('column');
- $value = $record->ut_anythingn('column');
+ $value = $record->ut_anything('column');
+ $value = $record->ut_name('column');
$dbdef = reload_dbdef;
$dbdef = reload_dbdef "/non/standard/filename";
$sth->execute( map $record->{$_},
grep defined( $record->{$_} ) && $record->{$_} ne '', @fields
- ) or croak $dbh->errstr;
+ ) or croak "Error executing \"$statement\": ". $dbh->errstr;
$dbh->commit or croak $dbh->errstr if $FS::UID::AutoCommit;
if ( eval 'scalar(@FS::'. $table. '::ISA);' ) {
my($field)=$AUTOLOAD;
$field =~ s/.*://;
if ( defined($value) ) {
+ confess "errant AUTOLOAD $field for $self (arg $value)"
+ unless $self->can('setfield');
$self->setfield($field,$value);
} else {
$self->getfield($field);
'';
}
+=item ut_name COLUMN
+
+Check/untaint proper names; allows alphanumerics, spaces and the following
+punctuation: , . - '
+
+May not be null.
+
+=cut
+
+sub ut_name {
+ my( $self, $field ) = @_;
+ $self->getfield($field) =~ /^([\w \,\.\-\']+)$/
+ or return "Illegal (name) $field: ". $self->getfield($field);
+ $self->setfield($field,$1);
+ '';
+}
+
+=item ut_zip COLUMN
+
+Check/untaint zip codes.
+
=cut
+sub ut_zip {
+ my( $self, $field ) = @_;
+ $self->getfield($field) =~ /^\s*(\w[\w\-\s]{2,8}\w)\s*$/
+ or return "Illegal (zip) $field: ". $self->getfield($field);
+ $self->setfield($field,$1);
+ '';
+}
+
=item ut_anything COLUMN
Untaints arbitrary data. Be careful.
sub ut_anything {
my($self,$field)=@_;
- $self->getfield($field) =~ /^(.*)$/
+ $self->getfield($field) =~ /^(.*)$/s
or return "Illegal $field: ". $self->getfield($field);
$self->setfield($field,$1);
'';
$table_obj->columns;
}
+=back
+
=head1 SUBROUTINES
=over 4
=head1 VERSION
-$Id: Record.pm,v 1.16 2001-05-07 15:42:02 ivan Exp $
+$Id: Record.pm,v 1.21 2001-08-11 05:50:52 ivan Exp $
=head1 BUGS
The Pg money kludge in the new method only strips `$'.
-The ut_phonen method assumes US-style phone numbers.
+The ut_phonen method only checks US-style phone numbers.
The _quote function should probably use ut_float instead of a regex.
or allow it to be set. Working around it is ugly any way around - DBI should
be fixed. (only affects RDBMS which return uppercase column names)
+ut_zip should take an optional country like ut_phone.
+
=head1 SEE ALSO
L<DBIx::DBSchema>, L<FS::UID>, L<DBI>