Beefy Boxes and Bandwidth Generously Provided by pair Networks
good chemistry is complicated,
and a little bit messy -LW
 
PerlMonks  

CGI and Database

by mccolgst (Initiate)
on Feb 09, 2009 at 03:14 UTC ( #742329=perlquestion: print w/ replies, xml ) Need Help??
mccolgst has asked for the wisdom of the Perl Monks concerning the following question:

I have a test website set up such that a user can enter data about a homework assignment, and then it gets added to my mySQL database.
From there, on a separate html page that calls a perl script, the assignments in the homework table are displayed in an (html) table to the user.
After each displayed record, I have it output a link called "Delete" from which I want to be able to delete that record from the database, my problem is, how do I specify to my script that I want to delete that specific record? I thought to send the parameters through the browser url, but I haven't had much luck finding resources on it.

a href="delete.pl?name=$name_id"> Delete

I was thinking of using something like this, but Im not really sure how to set it up, any ideas?

Comment on CGI and Database
Re: CGI and Database
by Anonymous Monk on Feb 09, 2009 at 03:30 UTC
Re: CGI and Database
by monarch (Priest) on Feb 09, 2009 at 04:19 UTC
    According to RFC 2616: "In particular, the convention has been established that the GET and HEAD methods SHOULD NOT have the significance of taking an action other than retrieval. These methods ought to be considered "safe". This allows user agents to represent other methods, such as POST, PUT and DELETE, in a special way, so that the user is made aware of the fact that a possibly unsafe action is being requested."

    It may not seem important to you now, but you should consider ways of making your delete operations POST operations instead of GET operations - because a delete operation affects the underlying state of the system.

    One way is to output HTML that starts a form:

    <form action="" method="post"> <p>Delete <!-- TMPL_VAR NAME=record_name --> <input type="checkbox" name="delete_record" value="<!-- TMPL_VAR NAME=record_name -->" /> </p> <p><input type="submit" name="submit" value="submit" /></p> </form>

    This example used HTML::Template as the templating technique (but there are many different ways to output the HTML).

    Update: changed reference paragraph from RFC 2616.

      It may not seem important to you now...

      ...but it will as soon as google (or whatever other bot) finds the site, spiders all the links, and deletes your entire database.

Re: CGI and Database
by CountZero (Bishop) on Feb 09, 2009 at 06:17 UTC
    Provided your script knows how to map the value of the name parameter to the key value of the record you want to delete, you are on the right track.

    It is of course a very unsecure way of allowing users to delete records from your database. Anyone can just type the URL into the address-bar and change the value in the name=.... parameter and thus delete someone else's records.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

      I did end up messing around with the code and got it to work, and now I understand how it is insecure. Thanks a lot for the help guys.
Re: CGI and Database
by bradcathey (Prior) on Feb 09, 2009 at 21:27 UTC

    What you are describing is what so much of Web programming is all about. There are several acronymns, but BREAD is one I'm used to: Browse, Read, Edit, Add, Delete.

    Most frameworks, like Catalyst, Jiffy, Ruby-on-Rails, are designed to support the whole BREAD model. I'd spend some time looking at these frameworks.

    Personally, I prefer CGI::Application. You can read my tutorial here, FWIW.

    —Brad
    "The important work of moving the world forward does not wait to be done by perfect men." George Eliot

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://742329]
Approved by graff
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others contemplating the Monastery: (17)
As of 2014-07-23 19:12 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    My favorite superfluous repetitious redundant duplicative phrase is:









    Results (151 votes), past polls