comment on

Note that you should be extremely careful when accepting user data like this; always use Taint mode and launder user input very carefully. See the discussion in Ch 23 of Camel 3rd Ed. 'Detecting and Laundering Tainted Data'.

Secondly, whenever you need to process SQL in a loop like this, consider using the prepare/execute idiom:

my $sth = $dbh->prepare(<<SQL)
INSERT INTO needed_details (quantity,item_number)
VALUES (?,?)
SQL
# Error-check here.

foreach my $quantity (@quantity) {
    $sth->execute($quantity,$item_number);
    # Error check here.
}
[download]

At the very least, this will save you the need to explicitly quote your data; if you envisage inserting many rows in a given program execute, this will save you the cost of the DBMS re-compiling the query on every pass (for those DBMSs that support query preparing).

In reply to Re: Accept array from Form and put in DB by slife
in thread Accept array from Form and put in DB by peppiv

Posts are HTML formatted. Put <p> </p> tags around your paragraphs. Put <code> </code> tags around your code and data!

Titles consisting of a single word are discouraged, and in most cases are disallowed outright.

Read Where should I post X? if you're not absolutely sure you're posting in the right place.

Please read these before you post! —

Posts may use any of the Perl Monks Approved HTML tags:

a, abbr, b, big, blockquote, br, caption, center, col, colgroup, dd, del, details, div, dl, dt, em, font, h1, h2, h3, h4, h5, h6, hr, i, ins, li, ol, p, pre, readmore, small, span, spoiler, strike, strong, sub, summary, sup, table, tbody, td, tfoot, th, thead, tr, tt, u, ul, wbr

You may need to use entities for some characters, as follows. (Exception: Within code tags, you can put the characters literally.)

	For:		Use:
	&		`&`
	<		`<`
	>		`>`
	[		`[`
	]		`]`

Link using PerlMonks shortcuts! What shortcuts can I use for linking?

See Writeup Formatting Tips and other pages linked from there for more info.