RE: Help with database generated pop up menu

Thu, 10 Oct 2002 10:45:54 -0700 


I have made some adjustments and if I run it from a command line it
works great. The problem is getting it to work as a drop-down box on a
web page.

#!/usr/bin/perl

#use strict;
use warnings;

use CGI;
use DBI;

#Define connection values
$DBSource = 'dbi:Pg:dbname=mydb';
$DBUsername = 'test';
$DBAuth = 'test';

#Open db connection
$dbh = DBI->connect($DBSource,$DBUsername,$DBAuth);

#Prepare and execute SQL statement
my $sql = "SELECT data FROM table WHERE username LIKE '%\@joe.com'";
my $sth = $dbh->prepare($sql);
$sth->execute ||
      die "Could not execute SQL statement ... maybe invalid?";

#Output database results to pop up menu

print "<form><select name=\"realms\">";

while ( my @row = $sth->fetchrow_array() ) {
        print "<option value=\"$row[0]\">$row[0]\n";
}

print "</form>\n";

$sth->finish;
$dbh->disconnect;


-----Original Message-----
From: Janek Schleicher [mailto:[EMAIL PROTECTED]] 
Sent: Thursday, October 10, 2002 9:10 AM
To: [EMAIL PROTECTED]
Subject: Re: Help with database generated pop up menu

David Birkbeck wrote:

> Can someone help me with creating a script to return certain
information from a Postgres database to a drop down box on a webpage?


What fails ?

> #!/usr/bin/perl
> 


use strict;
use warnings;


> use CGI;
> use DBI;
> 
> #Define connection values
> $DBSource = 'dbi:Pg:dbname=mydb';
> $DBUsername = 'test';
> $DBAuth = 'test';
> 
> #Open db connection
> $dbh = DBI->connect($DBSource,$DBUsername,$DBAuth) or die "Can't
connect to SQL Database";
> 
> #Prepare and execute SQL statement
> $sqlstatement="SELECT $value FROM $table WHERE username LIKE
'[EMAIL PROTECTED]'";

                                                                  ^
That will try to interpolate.
(If you would have switched warning on, you would have got an 
informative warning about it).

One way to avoid it is to escape this character (\@).
Another way (more secure and more elegant) is to use placeholders:

my $sql = "SELECT $value FROM $table WHERE username LIKE ?";
my $sth = $dbh->prepare($sql);
$sth->execute('[EMAIL PROTECTED]')
     or die "Could not execute SQL statement ... maybe invalid?";


> $sth = $dbh->prepare($sqlstatement);
> $sth->execute || 
>       die "Could not execute SQL statement ... maybe invalid?";
> ...

 > ...


Greetings,
Janek



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to