Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

How to parse a QUERY_STRING and construct an sql query out of that ?

by ghosh123 (Monk)
on Jul 26, 2012 at 06:10 UTC ( #983780=perlquestion: print w/ replies, xml ) Need Help??
ghosh123 has asked for the wisdom of the Perl Monks concerning the following question:

Dear Monks,

In my cgi perl script I have a query string retrieved from $ENV{QUERY_STRING} like below :

my $string = $ENV{QUERY_STRING}

For example $string contains

OPENBRACK1=%28&FIELD1=view&COMP1=%not like&VALUE1=micado&CLOSEBRACK1=% +29&ANDOR2=AND&OPENBRACK2=%28&FIELD2=path&COMP2=like&VALUE2=autan&CLOS +EBRACK2=%29&NoOfRows=1&savE_RPt_aS=qry2&SaVE_RUn=Save&query1=q1

How can I parse the above string a form a query like

"select view,path from MyTable where view not like %micado% and path l +ike %autan% ;

Please help.

Thanks as always for your help.

Comment on How to parse a QUERY_STRING and construct an sql query out of that ?
Select or Download Code
Re: How to parse a QUERY_STRING and construct an sql query out of that ?
by CountZero (Bishop) on Jul 26, 2012 at 06:17 UTC
    Have a look at SQL::Abstract. It turns a Perl data structure into an SQL query.

    So all you have to do is parse your QUERY_STRING into a data structure and give the data structure to SQL::Abstract.

    CountZero

    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

    My blog: Imperial Deltronics
Re: How to parse a QUERY_STRING and construct an sql query out of that ?
by Anonymous Monk on Jul 26, 2012 at 06:42 UTC
Re: How to parse a QUERY_STRING and construct an sql query out of that ?
by mjscott2702 (Pilgrim) on Jul 26, 2012 at 09:55 UTC

    Once you do write some parsing code, you probably want to do some checking, and not just execute arbitrary SQL. I would think that UPDATE, DELETE, DROP, TRUNCATE etc should probably all be prohibited.

    It may be that this is all on a closed network, and you trust the callers, but you can never be too careful...

Log In?
Username:
Password:

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://983780]
Approved by davido
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others perusing the Monastery: (7)
As of 2014-09-18 22:06 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    How do you remember the number of days in each month?











    Results (125 votes), past polls