Beefy Boxes and Bandwidth Generously Provided by pair Networks
"be consistent"

Re: Re: Re: Somethings not rightwith my MySQL do()

by Fastolfe (Vicar)
on Jul 20, 2002 at 01:36 UTC ( #183524=note: print w/replies, xml ) Need Help??

in reply to Re: Re: Somethings not rightwith my MySQL do()
in thread Somethings not rightwith my MySQL do()

Add some basic debugging code to your script that prints out the value of $cat (and any other variable) before using it. I would suspect that this variable is not being properly set prior to being used in this query.

And note that the placeholder suggestion is also one of safety: if you are using variables that are provided by the user directly in your SQL, keep in mind that users can put single-quotes and SQL code in this variable and execute arbitrary queries against your database through insecure code like this.

use strict and taint-checking (perl -wT) when dealing with potentially unsafe data and Perl will (usually) get your attention when you try and do something that someone else could exploit.

Replies are listed 'Best First'.
Re: Re: Re: Re: Somethings not rightwith my MySQL do()
by andrew (Acolyte) on Jul 20, 2002 at 01:45 UTC
    nothings working im going to go crazy god.
    sub cart_settings { $id = param('id'); $sth = $dbh->prepare("SELECT id,name,parent,description,view_cats_pro +d FROM category WHERE id = '$id'"); $sth->execute or die $dbh->errstr; ($ided,$name,$parent,$des,$view) = $sth->fetchrow_array; print qq~ <input type="hidden" name="id" value="$id"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="110" bgcolor="#CCCCCC" align="center" class="da +rktext"> Category</td> <td bgcolor="#CCCCCC" class="text"> <input type="text" name="cat" value="$name" maxlength="255"> </td> </tr> <tr> <td width="110" bgcolor="#CCCCCC" class="darktext" align=" +center"> Short Description</td> <td bgcolor="#CCCCCC" class="darktext"> <input type="text" name="des" value="$des" maxlength="25 +5"> </td> </tr> <tr> <td width="110" bgcolor="#CCCCCC" class="darktext" align=" +right"> ~; if($view eq "yes") { print qq~ <input type="checkbox" name="page" value="yes" CHECKED> ~; } else { print qq~ <input type="checkbox" name="page" value="yes"> ~; } print qq~ </td> <td bgcolor="#CCCCCC" class="darktext"> Have all of the categories products on this page </td> </tr> <tr> <td bgcolor="#CCCCCC"></td> <td bgcolor="#CCCCCC" class="darktext" align="center"><inp +ut type="submit" name="cart" value="Update Settings"></td> </tr> </table> ~; } sub cart_upsettings { $id = param('id'); if(! param('cat') || ! param('des')) { inerror("You didn't enter a category or description"); } $cat = param('cat'); $des = param('des'); if(param('page') eq "yes") { $dbh->do("UPDATE category SET name='$cat' AND view_cats_prod='yes +' AND description='$des' WHERE id='$id'") or die $dbh->errstr; } else { $dbh->do("UPDATE category SET name='$cat' AND view_cats_prod='no' + AND description='$des' WHERE id='$id'") or die $dbh->errstr; } print qq~ <p>$cat, settings has been updated</p> ~; if($id) { print "<a href=\"admin.cgi?cart=cat&id=$id\">Return to Manage Categ +ories</a>"; } else { print "<a href=\"admin.cgi?cart=cat\">Return to Manage Categories</ +a>"; } }
    Theres some more info if you need it
      It would help more if you told me what you were seeing. I mentioned that you should add some debugging code to print out the value of $cat prior to your database update. I do see that you have a print occurring after the database update. Does this get printed by your script? Does it have the correct value for $cat here even though your database is placing a "0" into this record? Are you sure an update is actually occurring in the database? (I.e. is your code reaching this point in its execution?)

      I also notice that you may have ignored the advice regarding the use of placeholders and bind variables. You're using user-provided input here directly in your SQL query, which is a horribly bad thing to do. Hopefully you've taken this into consideration and will fix this after you've identified your more immediate problems.

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://183524]
[LanX]: 🚢

How do I use this? | Other CB clients
Other Users?
Others musing on the Monastery: (7)
As of 2017-03-23 16:27 GMT
Find Nodes?
    Voting Booth?
    Should Pluto Get Its Planethood Back?

    Results (289 votes). Check out past polls.