Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I have a form that displays a bunch of drop down menus with just 2 options the user can choose from. How can i collect all the values selected and create an sql query based on those values?

Replies are listed 'Best First'.
(Ovid) Re: saving form values to database
by Ovid (Cardinal) on Sep 23, 2000 at 01:42 UTC
    I'm assuming that you already know how to connect to your database and execute an SQL statement with Perl. I'm also assuming that you know how to create the HTML form.

    Let's say you have a form with one option being a numeric user ID with a name of 'id' and the other option a color named 'color' that you want to set for that user ID (let's say you're setting a color preference). The following (untested) example assumes that the table is called 'preferences' and that the appropriate field names are 'id' and 'color'. 

    #!/usr/bin/perl -wT
use strict;

use CGI;
use DBI; # I'm just assuming that you use the DBI module for
         # database connectivity.  Substitute another module
         # as appropriate.

my $query = new CGI;

# The regexes are for "taint checking"
$query->param('color') =~/^([a-zA-Z]+)$/ or die "Bad data in color";
my $color = $1;
$query->param('id')    =~/^([0-9]+)$/    or die "Bad data in id";
my $id = $1;

my $database = 'preferences';

my $sql = "UPDATE $database SET color='$color' WHERE id='$id'";

# now, connect to the database and execute the SQL.

    [download]
    Note, this is just an example and is NOT the most efficient way of constructing the SQL statement, but it's simple and effective. Further, it assumes that the record already exists. If it doesn't you'd have to use an INSERT statement.

    Regarding the taint checking, see perlsec for details. If you are unfamiliar with connecting to a database with Perl, please read A Short Guide to DBI.

    Cheers,
    Ovid

    Join the Perlmonks Setiathome Group or just go the the link and check out our stats.

[reply]
[d/l]
Re: saving form values to database
by Anonymous Monk on Sep 23, 2000 at 01:33 UTC
    To be more clear: I'd like to pass all the values selected to a save subroutine where the sql statement will be created and executed.
[reply]
automated solution to create SQL from a form
by markjugg (Curate) on Sep 24, 2000 at 09:00 UTC
    This answer might be a bit more advanced then what you are looking for, but if you are familiar with CGI.pm and DBI.pm, this module I wrote called CGI::SQL.pm may be useful to you. For example, if you have a bunch of fields that you want inserted into a table called 'item', you can could name all those fields with a 'item_' prefix, and then put this in the script that processes the form. It assumes there is an existing DBI database handle at $DBH. 
    use CGI::SQL;

$db = new CGI::SQL($DBH,'item_');
$rv = $db->insert_from_param('item');

    [download]
    That's it! &insert_from_param analysis the CGI environment, plucks out all the fields with a "item_" prefix and their associated values and stuff them into the item table, where the keys are the columns name and the values are the data. You can download my code and documentation here: http://summersault.com/software/cascade/cgi_sql/ Good luck. -mark
[reply]
[d/l]
Re: saving form values to database
by Anonymous Monk on Sep 23, 2000 at 02:48 UTC
    Actually, I'd like to find out more about recursively saving the values chosen in the <select> drop downs. I don't quite actually understand how to collect both the name and value of the <select> fields and pass them all at once to a subroutine.
[reply]

Back to Seekers of Perl Wisdom