1) I'm not announcing code, I'm announcing only idea and some examples about how this may look like in real code. I have at this time code which realize this idea, but this code is not ready for publishing at this time (it was written in ~6 hours and commented only in Russian) and most part of this code WILL be changed in near future becouse we work up hardly on idea itself, functions interface and so on.

2) Checking for invalid and insecure values is out of scope of this idea and must be done as usual before calling Update().

I don't want waste code with building another hash with many not important fields. This is ugly. See this example:

# ... here user-supplied values was checked

# variant 1, selecting all fields
%newQ = ( id_cust=>$CustID, login => $Q{login}, pass => $Q{pass}, emai
+l => $Q{email}, addr1 => $Q{addr1}, addr2 => $Q{addr2}, phone => $Q{p
+hone}, ........... );

# variant 2, force only required fields
%newQ = (%Q, id_cust=>$CustID);
[download]

I think my way is right and secure becouse:

• Really required fields like login and pass will be checked before calling Update(), and if user do not send values for these fields Update() will not be called.
• If field like addr1 is not required, does not matter send user &addr1= or not if in table this field declared as NOT NULL.
• Variant 2 mean user can update any users's own field. This is flexible and secure.

Update:
3) About DBIx::Abstract - my inferface is more suitable for lazy programmers becouse it is designed to parse all required information from single hash in form, which can be supplied by user running CGI. And for best security this hash NEVER contain part of SQL queries like "DATE_ADD(NOW(), INTERVAL ? HOUR)". Such type of queries can be done with help of special field names like FIELDNAME__date_add.

---

---

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

• How do I compose an effective node title?
• How do I post a question effectively?
• Markup in the Monastery

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		&
	<		&lt;
	>		&gt;
	[		&#91;
	]		&#93;

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.