[ic] SQL query returning no results

Kevin Walsh kevin at cursor.biz
Fri Oct 27 09:26:16 EDT 2006 

"graham hadgraft" <graham.hadgraft at gmail.com> wrote:
> On 27/10/06, Peter <peter at pajamian.dhs.org> wrote:
> > I recommend that you do something like this instead (untested):
> >
> > [perl tables=products interpolate=0]
> >         # interpolate=0 because you don't have any tags in this block
> >         # that need to be parsed ahead of time.
> >         my @array = split(/-/,$CGI->{from});
> >         my $db = $Db{products};
> >         # Specify your return fields to avoid unecessary overhead,
> >         # and also you know what order they come in that way.
> >         my $sql = "SELECT description FROM products WHERE icons LIKE '%'";
> >
> >         foreach (@array) {
> >                 # Quote any untrusted input to prevent an SQL injection
> >                 # attack.
> >                 my $test = $db->quote("\%$_\%");
> >                 $sql .= " AND icons LIKE $test";
> >         }
> >
> >         # This is a better way of sending a query from a [perl] block.
> >         # it returns an array ref of array refs (rather than hash refs)
> >         # so it is handy to know what order the fields get returned in.
> >         my $ref = $db->query($sql);
> >
> >         # This is just another way of joining up the results.  You can
> >         # assign it to a variable and return the variable, or return
> >         # this code directly, or just leave it like this and the return
> >         # value will still be the same because it falls off the end of
> >         # the [perl] block.
> >         join ('', map { $_->[0] . 'test<br>' } @$ref);
> > [/perl]
> >
> Using this code if the checkbox had only one value selected the code
> works however when more than one check box is selected it stops
> working despite the query being used working in direct sql.
> 
> Any idea why this would happen.  Trying this with the previous code i
> had it also does the same.  Sql injection will not be a problem as
> this page is only available on a page only used by me and someone else
> in my company as this is on the admin page.
>
I see you are splitting $CGI->{from} using /-/.  Did you add the "-"
character to the end of each of the checkbox values so that you could
split on it in your code?

If so then don't do that;  Don't add the "-" - just split $CGI->{from}
using /\0/ instead.

-- 
   _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
  _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
 _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
_/   _/  _/_/_/_/      _/    _/_/_/  _/    _/

More information about the interchange-users mailing list