I removed the quotes, and what's weird the values show up in the url, but not in the textfield. (I changed textfield values to lname1, fname1 from lname and fname to display them) Actually, the action doesn't get updated when I hit update or delete. This is what comes up on hitting delete:

http://localhost/cgi-bin/PROJECT/sqlconfig.cgi?lname=&fname=&phone=&email=&address=&zip=&lname1=Puma&fname1=Matthew&action=Search

and in browser: Error! Couldn't delete record. Back to Main Page

Is this re-using a form at any point? Try copying-and-pasting that URL into a new window. That'll rule out anything to do with the form being part of your problem. (Which doesn't look to be at fault anyway.

But it looks like 'DeleteContact' is being fired off when it really shouldn't be. I would be quite suspicious (and this is with the caveat - I don't have a test environment, and even if I did, the first thing to do would be reformat and use strict and warnings on your code).

This bit would make me suspicious though:

    $q->start_form(),
    $q->p(submit(-name =>'action',-value =>'Update'), submit(-name =>'
+action',-value =>'Delete')),
    $q->end_form();
[download]

Having had a quick look at 'CGI' (and not much experience) it _seems_ this will create two buttons called 'action' with different values? And more importantly - the default for 'start_form' is that 'action' is POST. Not 'GET'.

From: CGI Starting/ending forms

"start_form() will return a <form> tag with the optional method, action and form encoding that you specify. The defaults are:

    method: POST
    action: this script
[download]

So I think it's possible that what's happening is you're resubmitting the same URL (with your 'GET' encoded parameters in the URL) but POSTing data to it too.

From: Mixing POST and URL parameters "The param() method will always return the contents of the POSTed fill-out form, ignoring the URL's query string."

So I think what you need to do is fix that bit - change the method to 'GET' and you'll at least see it doing the right thing. (But seriously - strict and warnings are good, and so is formatting your code cleanly. perltidy can make this easier)

Poj & Preceptor

Thanks for your input. I am using strict & warnings now. I have also put placeholders. That brings no change or warnings to what i was already getting. About using 'get', yes that have been helpful as it updates my url with action=Update or Delete in place of search.. but it looses all the other parameters. My url gets truncated from : http://localhost/cgi-bin/PROJECT/sqlconfig.cgi?lname=&fname=&phone=&email=&address=&zip=&lname1=Puma&fname1=Matthew&action=Search

to

http://localhost/cgi-bin/PROJECT/sqlconfig.cgi?action=Update

However, if I manually replace action=Search with Delete or Update, it utilizes the functions. So my basic need is to just be able to pass all the parameters with 'get'. Any ideas?

You really need to start using placeholders (?) in your SQL like this. ;

sub deletecontact{
  my $message;
  my $sql = 'DELETE FROM test.addressbook where last_name = ?';
  my $sth = $connect->prepare($sql);
  my $rd = $sth->execute( $q->param('lname1') );
  if ($rd == 1){
    $message =  q(Record has been successfully deleted!!!);
  } else {
    $message =  q(<b style="color:red">Error! Couldn't delete record</
+b>);
  }
  return $message;
}
[download]

poj