Wierd DB Question

lisaw has asked for the wisdom of the Perl Monks concerning the following question:

When adding an entry in the database that contain the following signs: &, #, ', and others. It renders that particular line and lines following it uneditable. What can I do to the following code to allow editing lines with these characters in them? Thanks! LisaW

#################################################################
# Open the database to write data, changing the neccesary lines #
#################################################################
if ($input{'action'} eq 'add'){
open (DATABASE1,">>$database");
print DATABASE1 "$input{'ncompany_name'}|$input{'nstreet'}|$input{'nci
+ty_st_zip'}|$input{'nphone'}|$input{'nfax'}|$input{'nwebsite'}|$input
+{'nemail'}|$input{'ncategory'}|$input{'nstorefront'}|$input{'nlogo'}|
+$input{'nalpha'}|$input{'nfirst_name'}\n";
close (DATABASE1);
}

#################################################################
# Open the database to write data, changing the neccesary lines #
#################################################################
if ($input{'action'} eq 'delete'){
open (DATABASE,">$database");
@DB=<DATABASE>;
    foreach $rec (@ODB){
        chomp($rec);
        ($company_name,$street,$city_st_zip,$phone,$fax,$website,$emai
+l,$category,$storefront,$logo,$alpha,$first_name)=split(/\|/,$rec);
        if ($company_name eq $input{'company_name'} && $street eq $inp
+ut{'street'} && $city_st_zip eq $input{'city_st_zip'} && $phone eq $i
+nput{'phone'} && $fax eq $input{'fax'} && $website eq $input{'website
+'} && $email eq $input{'email'} && $category eq $input{'category'} &&
+ $storefront eq $input{'storefront'} && $logo eq $input{'logo'} && $a
+lpha eq $input{'alpha'} && $first_name eq $input{'first_name'} ){
        print DATABASE "";
        }else{
        print DATABASE "$company_name|$street|$city_st_zip|$phone|$fax
+|$website|$email|$category|$storefront|$logo|$alpha|$first_name\n";
        }
    }
close (DATABASE);
}

########################################
print "Location: $databaseview\n\n";

########################################
# Code to get the data from GET & POST #
########################################
sub parse_form {

   read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
   if (length($buffer) < 5) {
         $buffer = $ENV{QUERY_STRING};
    }
   @pairs = split(/&/, $buffer);
   foreach $pair (@pairs) {
      ($name, $value) = split(/=/, $pair);

      $value =~ tr/+/ /;
      $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;

      $input{$name} = $value;
   }
}
[download]

Comment on Wierd DB Question Download Code

Replies are listed 'Best First'.
Re: Wierd DB Question by jonjacobmoon (Pilgrim) on Jan 29, 2002 at 05:26 UTC
First, use CGI.pm to parse the data from the get and post. Second, understand that you are not dealing with a database, but a flat file. Big difference. If you are stuck with a flat file, sobeit but it is not a database. Try opening the file for read, put it into an array, loop through this array, push each record onto a new array unless a match is found and then print the contents of the second array into the file: `#!/usr/bin/perl -Tw use CGI qw(:standard); use strict; # delete a specific line if (param('action') eq 'delete' { open(FILE,"$file"); while(<FILE>) { chomp; ($company_name,$street,$city_st_zip,$phone,$fax,$website,$email,$c +ategory,$storefront,$logo,$alpha,$first_name)=split(/\\|/); if (param($company_name) eq $company_name \|\| ....) # match { push(@file,$_); } } close(FILE); open(FILE,>$file); { foreach (@file) { print FILE $_ . "\n"; } } }` [download] I am not totally sure this will solve your problem but it will make your code easier to read and therefore easier to debug. I admit it, I am Paco.	[reply] [d/l]
Re: Wierd DB Question by count0 (Friar) on Jan 29, 2002 at 09:18 UTC
I do not normally like to make posts like this. It almost feels a waste of my time to write, and a waste of others' time to read. But it really needs to be said Please take the advice and guidance you ask for. In your last post, o' wise and learn'ed tilly gave you some of the most useful advice you can take from this site! It was assistance that would surely have made this problem much easier to solve (if not completely eliminated). You still are not using CGI or strict. I do see an improvement in readability, and indentation.. so cheers on that =) So anyhow, the moral of the story is that we can't do a very good job of helping you until you decide to help yourself =/	[reply]
Re: Wierd DB Question by trs80 (Priest) on Jan 29, 2002 at 06:39 UTC
You might be able to use DBD::Sprite and make this task easier and require less modification should you choose to move to an SQL database. There is also the DBD::AnyData module that might help if DBD::Sprite doesn't.	[reply]
Re: Wierd DB Question by dhammaBum (Acolyte) on Jan 29, 2002 at 09:35 UTC
Well I first query are you doing any sort of filtering of input for inappropriate character? If your program is used to collect data from an unsecure source you need to be very careful not to leave an opening for hackers to insert programs or shell escapes or whatever. Second, do you really need those characters in the first place? Maybe put a notice on the page that only A-Z, 0-9 chars are allowed and then strip them our with something like `$field =~ s/#\|&\|'//g` If you really need to have these characters, it sounds like perl is trying to interpret these characters rather than just printing them, try escaping them: `$field =~ s/(&\|#\|')/\\$1/g;` hope that helps	[reply] [d/l] [select]