[ic] SQL query returning no results
graham hadgraft
graham.hadgraft at gmail.com
Fri Oct 27 09:47:02 EDT 2006
On 27/10/06, Kevin Walsh <kevin at cursor.biz> wrote:
> "graham hadgraft" <graham.hadgraft at gmail.com> wrote:
> > On 27/10/06, Peter <peter at pajamian.dhs.org> wrote:
> > > I recommend that you do something like this instead (untested):
> > >
> > > [perl tables=products interpolate=0]
> > > # interpolate=0 because you don't have any tags in this block
> > > # that need to be parsed ahead of time.
> > > my @array = split(/-/,$CGI->{from});
> > > my $db = $Db{products};
> > > # Specify your return fields to avoid unecessary overhead,
> > > # and also you know what order they come in that way.
> > > my $sql = "SELECT description FROM products WHERE icons LIKE '%'";
> > >
> > > foreach (@array) {
> > > # Quote any untrusted input to prevent an SQL injection
> > > # attack.
> > > my $test = $db->quote("\%$_\%");
> > > $sql .= " AND icons LIKE $test";
> > > }
> > >
> > > # This is a better way of sending a query from a [perl] block.
> > > # it returns an array ref of array refs (rather than hash refs)
> > > # so it is handy to know what order the fields get returned in.
> > > my $ref = $db->query($sql);
> > >
> > > # This is just another way of joining up the results. You can
> > > # assign it to a variable and return the variable, or return
> > > # this code directly, or just leave it like this and the return
> > > # value will still be the same because it falls off the end of
> > > # the [perl] block.
> > > join ('', map { $_->[0] . 'test<br>' } @$ref);
> > > [/perl]
> > >
> > Using this code if the checkbox had only one value selected the code
> > works however when more than one check box is selected it stops
> > working despite the query being used working in direct sql.
> >
> > Any idea why this would happen. Trying this with the previous code i
> > had it also does the same. Sql injection will not be a problem as
> > this page is only available on a page only used by me and someone else
> > in my company as this is on the admin page.
> >
> I see you are splitting $CGI->{from} using /-/. Did you add the "-"
> character to the end of each of the checkbox values so that you could
> split on it in your code?
>
> If so then don't do that; Don't add the "-" - just split $CGI->{from}
> using /\0/ instead.
>
> --
> _/ _/ _/_/_/_/ _/ _/ _/_/_/ _/ _/
> _/_/_/ _/_/ _/ _/ _/ _/_/ _/ K e v i n W a l s h
> _/ _/ _/ _/ _/ _/ _/ _/_/ kevin at cursor.biz
> _/ _/ _/_/_/_/ _/ _/_/_/ _/ _/
> _______________________________________________
> interchange-users mailing list
> interchange-users at icdevgroup.org
> http://www.icdevgroup.org/mailman/listinfo/interchange-users
>
Thanks Very much kevin that works perfectly. I had been looking at
this for the past day trying to figure out what was wrong.
If i could ask what does \0 actually split on? ive not come accross
that control charachter before.
More information about the interchange-users
mailing list