Re: dbi::errstr error.

On Fri, 27 Jan 2006 10:22:21 -0500, John Scoles wrote:

Hi John

> $sth->execute()||die "Unable to insert the value: $dbi::errstr\n";

As Andy has pointed out, Perl is a case-sensitive language.

What follows is really off topic...

> I took the liberty of rewriting part of your code a little so it is
> more readable and it is using params. This is a much more secure
> way to do CGI programming.

Security is a huge topic. See the appropriate section in:

http://www.perl.org/CGI_MetaFAQ.html

I too have re-written the code (in its entirety), and you can download it from:

http://savage.net.au/Perl/quick-n-dirty.pl

I emphasize that this program is not what I would write under contract. It is
simply a vehicle for explaining a few issues, both with OP's (the original
poster's) code, and with your version.

Code highlights:

# o Use fatalsToBrowser during development.
# Programs in production should never die, of course
# o Storing the CGI form field names in an array,
# so when fields are added/deleted/renamed, that array
# is normally the only thing to edit
# o Use HTML::Template for sophisticated HTML management
# o Basing HTML generation in sub generate_html()
# on parameters without any reference to field names.
# This is the way fields can be added, deleted
# or renamed without changing the HTML template
# o Use 'CGI -> new()' instead of 'new CGI'.
# Your homework is to find out why that's best
# o sub clean_user_data() to sanitize data from the user
# before that data is used in any way.
# There are many methods for sanitizing data.
# See: http://www.perl.org/CGI_MetaFAQ.html
# o Use hashes %field_type and %data keyed by field name,
# which is the Perl way of doing things
# o Basing SQL generation on @field_name via @db_field
# so, as for CGI form fields, the column names in the
# SQL adjust automatically as fields are added, deleted
# or renamed. The SQL 'create table' statement can be
# built using the same technique
# o Use placeholders to get DBI to quote the field values
# appropriately
# o Setting the charset in the CGI header to add a little
# bit more security. Not a big point, but important
# nevertheless
# o In such a simple demo, using CGI::Application is not
# appropriate, but all people aspiring to be authors
# of sophisticated CGI scripts should be as familiar
# with that module as they should be with HTML::Template

--
Cheers
Ron Savage, ron@xxxxxxxxxxxxx on 28/01/2006
http://savage.net.au/index.html
Let the record show: Microsoft is not an Australian company


.