Let's say you have a form with one option being a numeric user ID with a name of 'id' and the other option a color named 'color' that you want to set for that user ID (let's say you're setting a color preference). The following (untested) example assumes that the table is called 'preferences' and that the appropriate field names are 'id' and 'color'.
Note, this is just an example and is NOT the most efficient way of constructing the SQL statement, but it's simple and effective. Further, it assumes that the record already exists. If it doesn't you'd have to use an INSERT statement.#!/usr/bin/perl -wT use strict; use CGI; use DBI; # I'm just assuming that you use the DBI module for # database connectivity. Substitute another module # as appropriate. my $query = new CGI; # The regexes are for "taint checking" $query->param('color') =~/^([a-zA-Z]+)$/ or die "Bad data in color"; my $color = $1; $query->param('id') =~/^([0-9]+)$/ or die "Bad data in id"; my $id = $1; my $database = 'preferences'; my $sql = "UPDATE $database SET color='$color' WHERE id='$id'"; # now, connect to the database and execute the SQL.
Regarding the taint checking, see perlsec for details. If you are unfamiliar with connecting to a database with Perl, please read A Short Guide to DBI.
Cheers,
Ovid
Join the Perlmonks Setiathome Group or just go the the link and check out our stats.
In reply to (Ovid) Re: saving form values to database
by Ovid
in thread saving form values to database
by Anonymous Monk
| For: | Use: | ||
| & | & | ||
| < | < | ||
| > | > | ||
| [ | [ | ||
| ] | ] |