Re: pushing web form params into mysql table

Tue, 26 Jun 2007 06:29:42 -0700 

On Jun 25, 3:19 pm, [EMAIL PROTECTED] (Ricky Zhou) wrote:
> Greg Jetter wrote:
> > my $query = "insert into  tablename
> > (atablenaem1,atablename2,atablename3)VALUES($SubjPerform,$somthing2,
> > $somthing3);
>
> > # insert  stuff in the db
>
> > $dbh->do($query) or die "$DBI::errstr";
>
> To prevent SQL injection, etc.  It's strongly recommended that you use
> placeholders, which will automatically escape user-provided input for you.
>
> my $query = "insert into tablename (atablenaem1,atablename2,atablename3)
> values (? ,?, ?)";
> $dbh->do($query, $SubjPerform, $somthing2, $somthing3) or die
> "$DBI::errstr";
>
> Seehttp://search.cpan.org/~timb/DBI-1.57/DBI.pm#Placeholders_and_Bind_Va...
> for details.
>
> Hope this helps,
> Ricky
>
>  signature.asc
> 1KDownload

Okay, I see where I totally missed the point of your code....I see
that I have to put the column name after the table name in
parentheses.  So, here's the code I'm using to just place SynRegime
values into the column SynRegime in the table named test...still
getting some errors...I've added some quotes, and here's the error I
get now...with the following code:
Column count doesn't match value count at row 1 at C:\perl-scripts
\mysqlcgi.cgi line 37.
I didn't think the column count should match the value count since I'm
only inserting one these five enum values into one column when the
user submits.  Thanks again for any advice.  I'll continue to work on
this...
Shad


#!/perl/bin/perl -w
use CGI qw(:standard);
use CGI::Carp qw(warningsToBrowser fatalsToBrowser);
use Fcntl qw(:flock :seek);
use strict;
use DBI;

my $DATABASE ="test";
my $USERNAME = "root";
my $PASSWORD ="bamboo";
my $HOSTNAME = "localhost";
my $data_Source = "DBI:mysql:".$DATABASE .":".$HOSTNAME;


print header;
print start_html("Gradients");

my $q=new CGI;



my $RI = $q->param("RI");
my $ET = $q->param("ET");
my $AT = $q->param("AT");
my $CUT = $q->param("CUT");
my $FLT = $q->param("FLT");

my $dbh = DBI->connect($data_Source,$USERNAME,$PASSWORD) or  die
"$DBI::errstr";


my $query = "insert into regimetest(SynRegime) VALUES('?', '?', '?',
'?', '?')";


#$dbh->do($query) or die "$DBI::errstr";

$dbh->do($query, $RI, $ET, $AT, $CUT, $FLT) or die "$DBI::errstr";


print end_html;

#sub dienice  {
# my($errmsg) = @_;
# print "<h2>Error</h2>\n";
# print "<p>$errmsg</p>\n";
# print end_html;
# exit;
#}


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/

Reply via email to