
budman
User
Feb 12, 2012, 1:41 PM
Post #2 of 2
(4973 views)
|
Re: [jwalker] Insert into table when user clicks one of many submit buttons
[In reply to]
|
Can't Post
|
|
You may want to familiarize yourself with some online shopping cart docs. Especially how to sanitize the data between the web and your internal system. I am assuming you have a form setup, with multiple checkboxes one for each track. The checkboxes should all use the same group name (ie. 'id'). When you click submit, store the param 'id' into an array. (not tested)
use HTML::Entities (); use CGI qw/:standard/; # get form data # sanitize params to avoid arbitrary code my $ok_chars = '0-9'; # limit param values to digits my @items = $cgi_object->param('id'); foreach my $i ( 0 .. $#items ) { my $id = HTML::Entities::decode( $items[$i] ); $id =~ s/[^$ok_chars]//go; $items[$i] = $id; } # update database my $dbh = DBI->connect($connectionInfo,$user,$passwd); my $list = join("','", @items); my $sql = "insert into cart (id,cat_num) select id,catalog_num from tracks where id in ('$list')"; my $sth=$dbh->prepare($sql); $sth->execute(); http://advosys.ca/papers/web/61-web-security.html http://www.cgi101.com/book/ch5/text.html
(This post was edited by budman on Feb 12, 2012, 3:10 PM)
|