[ic] SQL query returning no results

graham hadgraft graham.hadgraft at gmail.com
Fri Oct 27 09:47:02 EDT 2006 

On 27/10/06, Kevin Walsh <kevin at cursor.biz> wrote:
> "graham hadgraft" <graham.hadgraft at gmail.com> wrote:
> > On 27/10/06, Peter <peter at pajamian.dhs.org> wrote:
> > > I recommend that you do something like this instead (untested):
> > >
> > > [perl tables=products interpolate=0]
> > >         # interpolate=0 because you don't have any tags in this block
> > >         # that need to be parsed ahead of time.
> > >         my @array = split(/-/,$CGI->{from});
> > >         my $db = $Db{products};
> > >         # Specify your return fields to avoid unecessary overhead,
> > >         # and also you know what order they come in that way.
> > >         my $sql = "SELECT description FROM products WHERE icons LIKE '%'";
> > >
> > >         foreach (@array) {
> > >                 # Quote any untrusted input to prevent an SQL injection
> > >                 # attack.
> > >                 my $test = $db->quote("\%$_\%");
> > >                 $sql .= " AND icons LIKE $test";
> > >         }
> > >
> > >         # This is a better way of sending a query from a [perl] block.
> > >         # it returns an array ref of array refs (rather than hash refs)
> > >         # so it is handy to know what order the fields get returned in.
> > >         my $ref = $db->query($sql);
> > >
> > >         # This is just another way of joining up the results.  You can
> > >         # assign it to a variable and return the variable, or return
> > >         # this code directly, or just leave it like this and the return
> > >         # value will still be the same because it falls off the end of
> > >         # the [perl] block.
> > >         join ('', map { $_->[0] . 'test<br>' } @$ref);
> > > [/perl]
> > >
> > Using this code if the checkbox had only one value selected the code
> > works however when more than one check box is selected it stops
> > working despite the query being used working in direct sql.
> >
> > Any idea why this would happen.  Trying this with the previous code i
> > had it also does the same.  Sql injection will not be a problem as
> > this page is only available on a page only used by me and someone else
> > in my company as this is on the admin page.
> >
> I see you are splitting $CGI->{from} using /-/.  Did you add the "-"
> character to the end of each of the checkbox values so that you could
> split on it in your code?
>
> If so then don't do that;  Don't add the "-" - just split $CGI->{from}
> using /\0/ instead.
>
> --
>    _/   _/  _/_/_/_/  _/    _/  _/_/_/  _/    _/
>   _/_/_/   _/_/      _/    _/    _/    _/_/  _/   K e v i n   W a l s h
>  _/ _/    _/          _/ _/     _/    _/  _/_/    kevin at cursor.biz
> _/   _/  _/_/_/_/      _/    _/_/_/  _/    _/
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>

Thanks Very much kevin that works perfectly.  I had been looking at
this for the past day trying to figure out what was wrong.

If i could ask what does \0 actually split on?  ive not come accross
that control charachter before.

More information about the interchange-users mailing list