CGI/HTML checkboxes to SQL query

Rachel has asked for the wisdom of the Perl Monks concerning the following question:

Guys, RE. My earlier checkbox question(s)! I have a minor problem with a SQL Query being run in Perl within IndigoPerl running on Win32 platform. The web server I am using is a local version of Apache. The SQL Statement is below: What I am trying to do is to feed each form value into the SQL statement from a posted form with checkboxes and drop down lists. My error message on the apache server is

Content-type: text/html

<!-- warning: DBD::ODBC::db prepare failed: [Microsoft][ODBC Microsoft
+ Access Driver] Syntax error (missing operator) in query expression '
+ResourceSettings.ResID=Resources.ResID and
                 ()
          if     ()'. (SQL37000)(DBD: st_prepare/SQLPrepare err=1) {
+SELECT ResType, ResLevel, ResManage, Details, Length, Source, Cost, F
+urtherDetails 
          FROM ResourceSettings, Resources
          WHERE ResourceSettings.ResID=Resources.ResID and
                 ()
          if     ()
          ORDER BY ResType, ResLevel, ResManage, 
                Details, Length, Source, Cost, FurtherDetails} at c:\I
+NDIGO~1\CGIBIN\DRIVE2.PL line 46. -->
<H1>Software error:</H1>
<PRE>No sth: ''No such file or directory at c:\INDIGO~1\CGI-BIN\DRIVE2
+.PL line 46.
</PRE>
<P>
For help, please send mail to the webmaster (<a href="mailto:you@your.
+address">you@your.address</a>), giving this error message 
and the time and date of the error.
[download]

 my $hash ={ Initiative=>'DriveInitiative', 
            ResOrientation => 'DriveResOrient',
            Creativity => 'DriveCreativity',
            ChangeOrientation => 'DriveChangeOrient',
            DecisionMaking => 'DriveDecisionMake',
            SelectLevel => 'ResLevel',
            ManagesPeople => 'ResManage'};

    my @clauses = ();
       foreach my $checkbox (keys %$hash) {
       push @clauses, $hash->{$checkbox} if validate($cgi->param($chec
+kbox));
       }

      
    my $where_clause = join(' and ',map($_.= ' = "on"', @clauses));

    my $sql = "SELECT ResType, ResLevel, ResManage, Details, Length, S
+ource, Cost, FurtherDetails 
          FROM ResourceSettings, Resources
          WHERE ResourceSettings.ResID=Resources.ResID and
                 ($where_clause)
          if     ($where_clause)
          ORDER BY ResType, ResLevel, ResManage, 
                Details, Length, Source, Cost, FurtherDetails";
[download]

Any feedback would be greatly appreciated.

update (broquaint): title change (was RE. My earlier checkbox question(s)!)

Comment on CGI/HTML checkboxes to SQL query Select or Download Code

Replies are listed 'Best First'.
Re: RE. My earlier checkbox question(s)! by UnderMine (Friar) on Nov 23, 2002 at 13:52 UTC
You need to dynamically add the $where_clause only if the checkboxes are set. `my $sql = "SELECT ResType, ResLevel, ResManage, Details, Length, S +ource, Cost, FurtherDetails FROM ResourceSettings, Resources WHERE ResourceSettings.ResID=Resources.ResID "; $sql.=" and ($where_clause) " if ($where_clause); $sql.=" ORDER BY ResType, ResLevel, ResManage, Details, Length, Source, Cost, FurtherDetails";` [download] Hope it Helps UnderMine	[reply] [d/l]
CGI/HTML checkboxes to SQL query by Rachel (Acolyte) on Nov 23, 2002 at 14:33 UTC
Hi Mate, Thanks very much for your help. it is appreciated. As you can see I am a complete Perl beginner!!! I still have errors. When I ran the perl script with your changes I can get results back and it works great. However, when I put some form values in from the query string i.e http://localhost/cgi-bin/drive2.pl?Initiative=Initiative&ResOrientation=ResOrientation etc. What I don't understand is how to integrate these into the SQL statement based on what has been chosen. I get the `error message <!-- warning: DBD::ODBC::st execute failed: [Microsoft][ +ODBC Microsoft Access Driver] Too few parameters. Expected 1. (SQL07 +001)(DBD: st_execute/SQLExecute err=1)` [download] Again many thanks.. Rachel.	[reply] [d/l]
Re: CGI/HTML checkboxes to SQL query by rdfield (Priest) on Nov 26, 2002 at 11:35 UTC
Looks like you have a placeholder in your SQL statement (a placeholder is a question mark - "?") and you're not supplying a value for it in your execute statement. There doesn't appear to be enough information in your posts for a fuller explaination - you should post all of the relevent information: The actual SQL statement being executed Any error messages generated by the DBI interface for your prepare and execute statements Any parameters supplied to the execute statement. rdfield	[reply]
Re: Re: CGI/HTML checkboxes to SQL query by Rachel (Acolyte) on Nov 27, 2002 at 09:19 UTC
Re: Re: Re: CGI/HTML checkboxes to SQL query by rdfield (Priest) on Nov 27, 2002 at 09:42 UTC