sub writeElems {
my ($tbl, $prm, $dbh) = (shift, shift, shift);
#table name, CGI object, DBI connection.
my %valid = preinsert($prm, $tbl); #Creates the hash
if (%valid) { $dbh->do(insertstr($tbl, %valid)); } #Creates and execs the statement
return %valid;
}
####
# A sub to take CGI parameters, untaint and validate them.
# Returns: a hash with ready-to-insert data,
# or undef if any field fails to validate or untaint;
# Arguments: A CGI object, the name of a table to prepare.
sub preinsert {
my $page = shift;
my $tbl = shift;
my (%fields, %retval);
foreach ($page->param) {
if ($_ =~ /^$tbl\./) {
s/^($tbl\.)//;
$fields{$_} = $page->param("$tbl.$_");
}
}
#There's a table XML descriptor, and it's just fine.
my $dsc = XMLin(M_LIB."/$tbl.descriptor",
ForceArray => ['field']);
foreach my $fieldref (keys %{$dsc->{field}}) {
my %tags = %{$dsc->{field}->{$fieldref}};
my $untaint;
return undef if ($fields{$fieldref} !~ /$tags{untaint}/);
$untaint = $1;
print STDERR "recieved $1\n";
if ($untaint =~ /$tags{validate}/) {
print STDERR "transmitted", ($retval{$fieldref} = $untaint), "\n";
} else {
print STDERR "Invalid data";
return undef;
}
}
return %retval;
}
####
# Prepares the insert statement string, using results of preinsert.
sub insertstr {
my $tbl = shift;
my %fields = @_;
my $str = "insert into $tbl set";
foreach (keys %fields) {print STDERR "$fields{$_}\n";
$str .= " $_=\'$fields{$_}\',";}
#watch this print:
chop($str); print STDERR "$str\n";
return $str.";";
}
####
if (scalar($page->param) > 1) {
$Xtable = getXTableName($mtype, $dbh);
$page->param('items.media_type', $mtype);
#This is it:
writeElems('items', $page, $dbh);
writeElems($Xtable, $page, $dbh) if $Xtable;
$page->delete('items.media_type');
}