| [reply] [Watch: Dir/Any] |
| [reply] [Watch: Dir/Any] [d/l] [select] |
let me be clear as to what I want to do, I want to update only one field (Disabled) among 27 fields and I am not sending info (param())for the other 26 fields at the same time.
I did notice when I used the code below that worked once, that it deleted the information other fields, except the Disabled, Username, Password and ID which were in the current param(). The user has multiple ads that need to be Disabled & re enabled when the administrator wants, can this be done and How? I was thinking that I should not use the tbl_info to do it, as it uses all the fields to update using the param() to do it, Please help!
use strict;
use warnings;
use DBI;
my $userid = DB::trim( param('Userid') ); # ??
my $username = DB::trim( param('Username') );
my $password = DB::trim( param('Password') );
my $DISABLED = ucfirst ( DB::trim( param('Disabled') ) || '' );
$DISABLED = 'No' unless $DISABLED eq 'Yes';
my $sql = 'SELECT ID,Disabled
FROM EmployerJobs
WHERE Username = ?
AND Password = ?
AND USERID = ?
AND Disabled = <> ?';
my $dbh = DB::connect();
my $tbl_info = DB::TableInfo->get ($dbh, "EmployerJobs");
my $sth = $dbh->prepare($sql);
$sth->execute($username, $password, $userid, $DISABLED);
while ( my $row = $sth->fetchrow_hashref() ){
param (-name => "Disabled", -value => $DISABLED);
param (-name => "ID", -value => $row->{ID});
$tbl_info->update_record ($dbh, "ID");
#print "Content-Type: text/html\n\n";
#printf "Updated ID '%s' from '%s' to '%s'\n",$row->{ID},$row->{DISA
+BLED},$DISABLED;
};
| [reply] [Watch: Dir/Any] [d/l] |
use strict;
use warnings;
use DBI;
my $userid = DB::trim( param('USERID') );
my $DISABLED = DB::trim( param('Disabled'));
my $sql= "UPDATE EmployerJobs SET Disabled = ".
"'$DISABLED' where USERID = '$userid'";
$dbh = DB::connect ();
$dbh->prepare($sql);
$dbh->do($sql);
$dbh->disconnect ();
Thanks everyone! | [reply] [Watch: Dir/Any] [d/l] |
And now guess what happens when someone calls it with the parameter USERID set to
Robert'; DROP TABLE EmployerJobs; --
Update: Fixed the SQL syntax to make it real.
map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
| [reply] [Watch: Dir/Any] [d/l] [select] |
| [reply] [Watch: Dir/Any] |