Re: Right answer (wrong question...)

I don't understand why you are trying to read your query string from a file like that. Just use a string:

my @field = qw(
   Title Email City State Country URL
   Date Description rid dt_create publish
);

my $insert_sth = $dbh->prepare(
   'INSERT INTO ads_2004 ('
   . join(', ', map "'$_'", @fields)
   . ') VALUES (?,?,?,?,?,?,?,?,NULL, NOW(), 0)'
);
[download]

And use placeholders (those question marks). Now, if your form fields are named JUST LIKE your database table columns, then you can do some tricks to save typing and prevent typos:

use CGI qw(:standard);

my %field;
for (@field) {
   my $param = param($_);
   die unless $param;     # do validation on $param here ...
   $field{$_} = $param;
}

# or validate specific pieces outside the loop:
die unless $field{rid} =~ /^\d+$/;
die unless is_valid_email($field{Email});

$insert_sth->execute(values %field);
[download]

By the way, your SQL snippet has ELEVEN fields and only TEN values. This is the kind of typo i was talking about. ;)

jeffa

L-LL-L--L-LL-L--L-LL-L--
-R--R-RR-R--R-RR-R--R-RR
B--B--B--B--B--B--B--B--
H---H---H---H---H---H---
(the triplet paradiddle with high-hat)

Comment on Re: Right answer (wrong question...) Select or Download Code

Replies are listed 'Best First'.
Re: Re: Right answer (wrong question...) by bobafifi (Beadle) on Feb 22, 2004 at 23:39 UTC
Thanks! Your code looks great but unfortunately, I'm not quite sure how to integrate it into the existing script I use, sorry. However, I've been creating a new version of the script with all the field names matching the database as you suggested but am not quite there yet. Thanks again, :-) -Bob "so many drummers, so little time"	[reply]