in reply to Right answer (wrong question...)

After reading the previous thread I think what you're asking for is complete code to show you how to dynamically insert results of html forms into a database. Assuming this is the case, here is a simple (untested!) script which does this: 
#!/usr/bin/perl -wT
use strict;
use DBI;
use CGI;

my $cgi = CGI->new();          
print $cgi->header(),       # Print header etc.
      $cgi->start_html();


if($cgi->param()) {    # something was submitted
     my $name =    $cgi->param("name") || "Anonymous";
     my $message = $cgi->param("message") || "";

     if($message)  {   # If they submitted some message

          # Make a connection to the database.
          my $dbh = DBI->connect("DBI:mysql:host=localhost;database=my
+_db",
                    "my_id", "my_pass",
                    {AutoCommit => 1,   # commit immediately
                     PrintError => 0,   
                     RaiseError => 1
                     ShowErrorStatement => 1
                    }
          );

          # Prepare the SQL so we can then use it to insert
          # into the database.  Notice that we use ?s instead
          # of actual values.  This means that we can get
          # DBI to do our actual quoting and saves us a lot
          # of bother.
          my $sth = $dbh->prepare("INSERT INTO guestbook  
                    (name, message, date) VALUES (?,?,?)");

          # Now we execute the SQL.  We pass in one value
          # for each question mark that we put into the 
          # prepare statement up there.  DBI will make sure
          # that our values are properly escaped.
          $sth->execute($name, $message, scalar(localtime(time)));

          # This entry has now been added to the database.
          # Since we (probably) don't need the database 
          # handle anymore, we tidy up by disconnecting.
          $dbh->disconnect();

          # Print something for the user to see.
          print "Thankyou for your addition to the guestbook.";

     }
     print "I think you forgot to add a message";
}

print_guestbook();     # You'll have to fill this one out.
print_addtoguestbook();# You'll have to fill this one out too.

print $cgi->end_html;

[download]

I whole-heartedly agree with davorg's advice that you replace your original script with the drop in replacement from nms. This code is free, well written and more secure than Matt's scripts. It is probably easier to improve in the manner you're trying than Matt's scripts will be, too.

Anyway, I hope this now makes sense to you.

jarich

Replies are listed 'Best First'.
Re: Re: Right answer (wrong question...)
by bobafifi (Beadle) on Feb 23, 2004 at 01:55 UTC
    Thanks Jarich!

    The script already produces INSERT strings that work fine. Count Zero's code does excatly what I'm after, that is, it posts an INSERT string into MySQL. The problem is, that string is from an example that I made and placed on an HTML page, not what the form generates. In other words, every time the form is submitted, the same INSERT string posts. What I'm hoping somebody can see here is how to get the INSERT strings from the form to post - either by modifying CountZero's code or with something else - rather than the sample INSERT.

    Thanks again,

[reply]

In Section Seekers of Perl Wisdom