Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re: Re: Re: Somethings not rightwith my MySQL do()

by Fastolfe (Vicar)
on Jul 20, 2002 at 01:36 UTC ( #183524=note: print w/ replies, xml ) Need Help??


in reply to Re: Re: Somethings not rightwith my MySQL do()
in thread Somethings not rightwith my MySQL do()

Add some basic debugging code to your script that prints out the value of $cat (and any other variable) before using it. I would suspect that this variable is not being properly set prior to being used in this query.

And note that the placeholder suggestion is also one of safety: if you are using variables that are provided by the user directly in your SQL, keep in mind that users can put single-quotes and SQL code in this variable and execute arbitrary queries against your database through insecure code like this.

use strict and taint-checking (perl -wT) when dealing with potentially unsafe data and Perl will (usually) get your attention when you try and do something that someone else could exploit.


Comment on Re: Re: Re: Somethings not rightwith my MySQL do()
Select or Download Code
Replies are listed 'Best First'.
Re: Re: Re: Re: Somethings not rightwith my MySQL do()
by andrew (Acolyte) on Jul 20, 2002 at 01:45 UTC
    nothings working im going to go crazy god.
    sub cart_settings { $id = param('id'); $sth = $dbh->prepare("SELECT id,name,parent,description,view_cats_pro +d FROM category WHERE id = '$id'"); $sth->execute or die $dbh->errstr; ($ided,$name,$parent,$des,$view) = $sth->fetchrow_array; print qq~ <input type="hidden" name="id" value="$id"> <table width="100%" border="0" cellspacing="0" cellpadding="0"> <tr> <td width="110" bgcolor="#CCCCCC" align="center" class="da +rktext"> Category</td> <td bgcolor="#CCCCCC" class="text"> <input type="text" name="cat" value="$name" maxlength="255"> </td> </tr> <tr> <td width="110" bgcolor="#CCCCCC" class="darktext" align=" +center"> Short Description</td> <td bgcolor="#CCCCCC" class="darktext"> <input type="text" name="des" value="$des" maxlength="25 +5"> </td> </tr> <tr> <td width="110" bgcolor="#CCCCCC" class="darktext" align=" +right"> ~; if($view eq "yes") { print qq~ <input type="checkbox" name="page" value="yes" CHECKED> ~; } else { print qq~ <input type="checkbox" name="page" value="yes"> ~; } print qq~ </td> <td bgcolor="#CCCCCC" class="darktext"> Have all of the categories products on this page </td> </tr> <tr> <td bgcolor="#CCCCCC"></td> <td bgcolor="#CCCCCC" class="darktext" align="center"><inp +ut type="submit" name="cart" value="Update Settings"></td> </tr> </table> ~; } sub cart_upsettings { $id = param('id'); if(! param('cat') || ! param('des')) { inerror("You didn't enter a category or description"); } $cat = param('cat'); $des = param('des'); if(param('page') eq "yes") { $dbh->do("UPDATE category SET name='$cat' AND view_cats_prod='yes +' AND description='$des' WHERE id='$id'") or die $dbh->errstr; } else { $dbh->do("UPDATE category SET name='$cat' AND view_cats_prod='no' + AND description='$des' WHERE id='$id'") or die $dbh->errstr; } print qq~ <p>$cat, settings has been updated</p> ~; if($id) { print "<a href=\"admin.cgi?cart=cat&id=$id\">Return to Manage Categ +ories</a>"; } else { print "<a href=\"admin.cgi?cart=cat\">Return to Manage Categories</ +a>"; } }
    Theres some more info if you need it
      It would help more if you told me what you were seeing. I mentioned that you should add some debugging code to print out the value of $cat prior to your database update. I do see that you have a print occurring after the database update. Does this get printed by your script? Does it have the correct value for $cat here even though your database is placing a "0" into this record? Are you sure an update is actually occurring in the database? (I.e. is your code reaching this point in its execution?)

      I also notice that you may have ignored the advice regarding the use of placeholders and bind variables. You're using user-provided input here directly in your SQL query, which is a horribly bad thing to do. Hopefully you've taken this into consideration and will fix this after you've identified your more immediate problems.

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: note [id://183524]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others romping around the Monastery: (6)
As of 2015-07-08 04:29 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    The top three priorities of my open tasks are (in descending order of likelihood to be worked on) ...









    Results (94 votes), past polls