Hi Jan, Apologies in advance if any of this seems too pedantic.
What you are essentially looking for is SQL capable of handling tree structures so you can pull this data in a single fetch. You can read about this in Joe Celko's SQL for Smarties or (more specifically) Joe Celko's Trees and Hierarchies in SQL for Smarties. As for your actual code, I didn't change it so much as clean up the formatting so I could see what was going on (though your formatting really wasn't too bad) and fix a couple of more obvious issues. You can feel free to ignore my formatting. The new code is below my signoff. First, you'll notice that I pass in $dbh and $page_hash. Good subroutines are frequently treated like black boxes. They accept information and they give a response. In your subroutine, it's almost there, but it relies on $dbh and $page_hash being declared globally. If those ever get munged, it can be quite difficult to track down the error. Plus, if you reuse this code elsewhere, it's harder to do if those are global. The more serious problem, though, was how you were using selectrow_array. My guess, from how your form was set up, is that $mutterid was being passed in from the form. If you've carefully untainted it, it's probably OK to use it the way you were, but it's still a tripwire for further maintenance and possibly a serious security hole due to having it embedded directly in the SQL. This leaves the code vulnerable to an SQL injection attack (http://www.unixwiz.net/techtips/sql-injection.html). I've converted the code to use bind values to prevent this security problem. See "perldoc DBI" and read the section entitled "Placeholders and Bind Values". Cheers, Ovid sub pathmenu { my ($dbh, $page_hash, $mutterid, $page_type) = @_; my ($muttertype) = $dbh->selectrow_array( "SELECT page_type FROM pages WHERE page_id = ?", undef, $mutterid ); return if $page_type == 2 || $muttertype == 2; my $mutterpfad = ''; $mutterpfad .= qq{ <div class="pathmenu"> <form action="/cgi-bin/show.pl" method="post" enctype="application/x-www-form-urlencoded" accept-charset="utf-8"> <select name="id" onchange="submit()"> <option value="$page_hash->{mother_id}">Pfad</option> } unless $page_hash->{mother_id} == 1; while ($mutterid) { my ($mother_title, $uebermutter, $muttertype) = $dbh->selectrow_array( "SELECT title, mother_id, page_type FROM pages WHERE page_id = ?", undef, $mutterid ); last if $muttertype == 2; $mutterpfad .= qq{<option value="$mutterid">$mother_title</option> }; $mutterid = $uebermutter; } $mutterpfad .= qq{</select> <input type="submit" name="Up" value="Up!" /> </form> </div>}; return $mutterpfad; } ===== If this message is a response to a question on a mailing list, please send follow up questions to the list. Web Programming with Perl -- http://users.easystreet.com/ovid/cgi_course/ -- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] <http://learn.perl.org/> <http://learn.perl.org/first-response>
