if ( param('select') )
{
    unless (grep { $_ eq $passage } @display_files)
    {
    print br() x 2;
    print h1( {class=>'big'},  "*Backward Directory Traversal* hack wi
+ll NOT help you here, Mighty Lamer!" );
    
     $select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, 
+counter=counter+1 WHERE host=?" );
    $select->execute( $passage, $date, $host );
    
        exit;
    }
[download]

Nik, you've been here long enough to know that "it didn't work" is fairly meaningless to everyone who wants to try to help you.

However, I do suspect that if you've verified that the user is trying to do something naughty, updating the database anyway is probably wrong. If so, your exit is in the wrong place and you need at least one more closing brace.

You are right i must of coutse be more precise.
Actually i did made it work :-)


my $passage = param('select') || "Αρχική
+ Σελίδα!";
Encode::from_to($passage, "utf8", "ISO-8859-7") if param();

if ( param('select') )
{
    unless (grep { $_ eq param('select') } @display_files)
    {
    $passage = "*Backward Directory Traversal* hack will NOT help you 
+here, Mighty Lamer!";
    print br() x 2, h1( {class=>'big'}, $passage );
    
     $select = $dbh->prepare( "UPDATE guestlog SET passage=?, date=?, 
+counter=counter+1 WHERE host=?" );
    $select->execute( $passage, $date, $host );
    
        exit;
    }
[download]

Actually inside grep function i had to sue param('select') and not variable $passage not sure why though...