Re^4: mysql update table how to

in reply to Re^3: mysql update table how to
in thread mysql update table how to

This is the correct code to do the JOB

use strict;
use warnings;
use DBI;

my $userid   = DB::trim( param('USERID') ); 
my $DISABLED = DB::trim( param('Disabled'));

my $sql= "UPDATE EmployerJobs SET Disabled = ". 
"'$DISABLED' where USERID = '$userid'";

$dbh = DB::connect ();

$dbh->prepare($sql);
$dbh->do($sql);

$dbh->disconnect ();
[download]

Thanks everyone!

Comment on Re^4: mysql update table how to Download Code

Replies are listed 'Best First'.
Re^5: mysql update table how to by choroba (Cardinal) on Mar 19, 2019 at 19:51 UTC
And now guess what happens when someone calls it with the parameter USERID set to `Robert'; DROP TABLE EmployerJobs; --` [download] Update: Fixed the SQL syntax to make it real. `map{substr$_->[0],$_->[1]\|\|0,1}[\\|\|{},3],[[]],[ref qr-1,-,-1],[{}],[sub{}^ARGV,3]`	[reply] [d/l] [select]
Re^5: mysql update table how to by huck (Prior) on Mar 19, 2019 at 19:52 UTC
Very dangerous Bobby tables	[reply]
Re^6: mysql update table how to by VC (Novice) on Mar 20, 2019 at 16:56 UTC
It is PART of another sub routine that only the Admin can access, no user or hacker could even guess or get to were it is, besides no one else came up with an answer? But thanks anyway!	[reply]
Re^7: mysql update table how to by poj (Abbot) on Mar 20, 2019 at 17:03 UTC
Why take the risk, it's easy enough to avoid `my $sql= 'UPDATE EmployerJobs SET Disabled = ? WHERE USERID = ?'; my $dbh = DB::connect (); my $count = $dbh->do($sql,undef,$DISABLED,$userid); $dbh->disconnect (); printf "%d records updated\n",$count;` [download] also be aware that by not using the `->update_record()` method in package `DB::TableInfo` you could be missing important audit logging or database consistency/integrity checks. poj	[reply] [d/l] [select]
Re^8: mysql update table how to by VC (Novice) on Apr 07, 2019 at 22:48 UTC

In Section Seekers of Perl Wisdom