Re: A few que

I am not a specialist on GUI design and programming, so I leave that to other Monks to comment upon, but I do work with databases and I find this code strange:

$queryHandle = $dbshop->prepare(" SELECT * FROM Department WHERE ( Ext
+  = '$copy_text' OR Mobile = '$copy_text' OR [E-Mail] = '$copy_text' 
+OR [Full Name] = '$copy_text' OR [Direct Number] = '$copy_text' ) ");
$queryHandle->execute()
             or die $DBI::errstr;
[download]

You really should replace all instances of '$copy_text' with the placeholder ? and leave the quoting up to DBI/DBD. Your code is likely to fail if '$copy_text' contains a single quote somewhere in the string.

It also protects against SQL code injection. Your quoting is easily circumvented by putting something like

'); delete from Department;'
[download]

(note all the single quotes!) in '$copy_text'.

CountZero

A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

Comment on Re: A few que Select or Download Code