Beefy Boxes and Bandwidth Generously Provided by pair Networks
Perl-Sensitive Sunglasses
 
PerlMonks  

Re^4: mysql update table how to

by VC (Novice)
on Mar 19, 2019 at 19:31 UTC ( [id://1231450]=note: print w/replies, xml ) Need Help??


in reply to Re^3: mysql update table how to
in thread mysql update table how to

This is the correct code to do the JOB

use strict; use warnings; use DBI; my $userid = DB::trim( param('USERID') ); my $DISABLED = DB::trim( param('Disabled')); my $sql= "UPDATE EmployerJobs SET Disabled = ". "'$DISABLED' where USERID = '$userid'"; $dbh = DB::connect (); $dbh->prepare($sql); $dbh->do($sql); $dbh->disconnect ();

Thanks everyone!

Replies are listed 'Best First'.
Re^5: mysql update table how to
by choroba (Cardinal) on Mar 19, 2019 at 19:51 UTC
    And now guess what happens when someone calls it with the parameter USERID set to
    Robert'; DROP TABLE EmployerJobs; --

    Update: Fixed the SQL syntax to make it real.

    map{substr$_->[0],$_->[1]||0,1}[\*||{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^*ARGV,3]
Re^5: mysql update table how to
by huck (Prior) on Mar 19, 2019 at 19:52 UTC

      It is PART of another sub routine that only the Admin can access, no user or hacker could even guess or get to were it is, besides no one else came up with an answer? But thanks anyway!

        Why take the risk, it's easy enough to avoid

        my $sql= 'UPDATE EmployerJobs SET Disabled = ? WHERE USERID = ?'; my $dbh = DB::connect (); my $count = $dbh->do($sql,undef,$DISABLED,$userid); $dbh->disconnect (); printf "%d records updated\n",$count;

        also be aware that by not using the ->update_record() method in package DB::TableInfo you could be missing important audit logging or database consistency/integrity checks.


        poj

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://1231450]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others pondering the Monastery: (4)
As of 2024-03-29 06:22 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found