Beefy Boxes and Bandwidth Generously Provided by pair Networks
Don't ask to ask, just ask
 
PerlMonks  

Re^3: mysql update table how to

by VC (Novice)
on Mar 19, 2019 at 16:02 UTC ( [id://1231436]=note: print w/replies, xml ) Need Help??


in reply to Re^2: mysql update table how to
in thread mysql update table how to

what you see in the code

Replies are listed 'Best First'.
Re^4: mysql update table how to
by VC (Novice) on Mar 19, 2019 at 16:04 UTC

    let me be clear as to what I want to do, I want to update only one field (Disabled) among 27 fields and I am not sending info (param())for the other 26 fields at the same time.

    I did notice when I used the code below that worked once, that it deleted the information other fields, except the Disabled, Username, Password and ID which were in the current param(). The user has multiple ads that need to be Disabled & re enabled when the administrator wants, can this be done and How? I was thinking that I should not use the tbl_info to do it, as it uses all the fields to update using the param() to do it, Please help!

    use strict;
use warnings;
use DBI;

my $userid   = DB::trim( param('Userid') ); #  ??
my $username = DB::trim( param('Username') );
my $password = DB::trim( param('Password') );
my $DISABLED = ucfirst ( DB::trim( param('Disabled') ) || '' );
$DISABLED = 'No' unless $DISABLED eq 'Yes';

my $sql = 'SELECT ID,Disabled
           FROM EmployerJobs
           WHERE Username = ?
             AND Password = ?
             AND USERID = ?
             AND Disabled = <> ?';
             
my $dbh = DB::connect();
my $tbl_info = DB::TableInfo->get ($dbh, "EmployerJobs");

my $sth = $dbh->prepare($sql);
$sth->execute($username, $password, $userid, $DISABLED);

while ( my $row = $sth->fetchrow_hashref() ){

  param (-name => "Disabled", -value => $DISABLED);
  param (-name => "ID", -value => $row->{ID});  
  $tbl_info->update_record ($dbh, "ID");
  #print "Content-Type: text/html\n\n";
  #printf "Updated ID '%s' from '%s' to '%s'\n",$row->{ID},$row->{DISA
+BLED},$DISABLED;
};

    [download]
[reply]
[d/l]
Re^4: mysql update table how to
by VC (Novice) on Mar 19, 2019 at 19:31 UTC

    This is the correct code to do the JOB

    use strict;
use warnings;
use DBI;

my $userid   = DB::trim( param('USERID') ); 
my $DISABLED = DB::trim( param('Disabled'));

my $sql= "UPDATE EmployerJobs SET Disabled = ". 
"'$DISABLED' where USERID = '$userid'";

$dbh = DB::connect ();

$dbh->prepare($sql);
$dbh->do($sql);

$dbh->disconnect ();

    [download]

    Thanks everyone!

[reply]
[d/l]
      And now guess what happens when someone calls it with the parameter USERID set to 
      Robert'; DROP TABLE EmployerJobs; --

      [download]

      Update: Fixed the SQL syntax to make it real.

      map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
[reply]
[d/l]
[select]
[reply]

        It is PART of another sub routine that only the Admin can access, no user or hacker could even guess or get to were it is, besides no one else came up with an answer? But thanks anyway!

[reply]

In Section Seekers of Perl Wisdom

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?

www.com | www.net | www.org
Node Status?
node history
Node Type: note [id://1231436]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others goofing around in the Monastery: (3)
As of 2024-04-19 19:10 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found