CGI/Perl Guide | Learning Center | Forums | Advertise | Login
Site Search: in

  Main Index MAIN
INDEX
Search Posts SEARCH
POSTS
Who's Online WHO'S
ONLINE
Log in LOG
IN

Home: Perl Programming Help: Advanced: Re: [jwalker] Insert into table when user clicks one of many submit buttons: Edit Log



budman
User

Feb 12, 2012, 1:41 PM


Views: 3365
Re: [jwalker] Insert into table when user clicks one of many submit buttons

You may want to familiarize yourself with some online shopping cart docs.
Especially how to sanitize the data between the web and your internal system.

I am assuming you have a form setup, with multiple checkboxes one for each track. The checkboxes should all use the same group name (ie. 'id'). When you click submit, store the param 'id' into an array.

(not tested)


Code
  
use HTML::Entities ();
use CGI qw/:standard/;

# get form data
# sanitize params to avoid arbitrary code

my $ok_chars = '0-9'; # limit param values to digits
my @items = $cgi_object->param('id');
foreach my $i ( 0 .. $#items ) {
my $id = HTML::Entities::decode( $items[$i] );
$id =~ s/[^$ok_chars]//go;
$items[$i] = $id;
}

# update database

my $dbh = DBI->connect($connectionInfo,$user,$passwd);
my $list = join("','", @items);
my $sql = "insert into cart (id,cat_num)
select id,catalog_num
from tracks where id in ('$list')";
my $sth=$dbh->prepare($sql);
$sth->execute();


http://advosys.ca/papers/web/61-web-security.html
http://www.cgi101.com/book/ch5/text.html


(This post was edited by budman on Feb 12, 2012, 3:10 PM)


Edit Log:
Post edited by budman (User) on Feb 12, 2012, 3:10 PM


Search for (options) Powered by Gossamer Forum v.1.2.0

Web Applications & Managed Hosting Powered by Gossamer Threads
Visit our Mailing List Archives