Re: Editing Data in SQL database

I am trying to use the AssetTag field that I THINK is being sent via the POST

The first thing to do is to make sure that the data is indeed being sent and is well received.

Write two simple pages: the first one which sends the data and the second one which receives the data and prints it to the screen. If that works, you can add the other stuff.

Oh, and NEVER EVER interpolate your SQL queries with external data. ALWAYS ALWAYS use placeholders so you will never get hit by a Little Bobby Tables attack.

Update: It looks like you are re-inventing wheels. Did you ever think of looking into web-frameworks such as Catalyst or Dancer, or templating engines such as Template Toolkit and an ORM like DBIx::Class? Together they provide easy and fool-proof solutions to matters you are now struggling with.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

Comment on Re: Editing Data in SQL database

Replies are listed 'Best First'.
Re^2: Editing Data in SQL database by cavac (Prior) on Mar 01, 2011 at 22:53 UTC
Depending on the amount of clicks you expect, you should also avoid connect/disconnect to the database in every script call. Use persistent database connections instead. I can't recommend a solution from the top of my head (i have my own MAPLAT webframework for that, but thats a bit overkill for that purpose and anyway is also still subject to change).	[reply]