Re: C++ query with mySQL

Mon, 10 Apr 2006 07:30:44 -0700 

On 4/10/06, Sara <[EMAIL PROTECTED]> wrote:
> I have been stuck here, SOS call:
>
> Using CGI.pm, I have the script calling certain categories from mySQL table.
>
> my $cat = $q->param('cat');
> my $dbh -> prepare ("SELECT * FROM main WHERE CAT='$cat'");
>
> Sample Categories('CAT') are given below:
>
> PHP/Ad_Management/Classifieds
> Perl_and_CGI/Ad_Management
> C_and_C++/Ad_Management
>
> etc.
>
> Calling the categories starting with PHP and Perl didn't cause any issue, but 
> when I called the Categories
> starting with C_and_C++, nothing was shown because CGI.pm was removing the 
> characters ++.
>
> I replaced the All ++ in the mySQL database with ASCII &#43&#43, so now the 
> categories are in the DB are:
> C_and_C&#43&#43/Ad_Management
>
> And now when I am calling the script:
> http://mysite.com/cgi-bin/index.cgi?cat=C_and_C++/Ad_Management
>
> Since CGI.pm removing ++, so in script I did this:
>
> my $cat =~ s/C_and_C/C_and_C&#43&#43/gi;
>
> It should have extracted the results from DB containing C_and_C&#43&#43, BUT 
> NO.
>
> it's printing and calling cat within script as "C_and_C&#43&#43 /Ad_Managment"
>
> Putting an extra Space after &#43, so mySQL failed to deliver matching 
> categories.
>
> Why an extra white space? or anything more reasonable I can do to call cat 
> with "C++" from mySQL.
>
>
> TIA.

Don't you mean  '&#43;'? Anyway, don't do it by hand. See URI::Escape,
Tie::UrlEncoder, String::Util, etc.

Knowing that a plus is difficult to deal with in a get query string,
I'd revise my methods, or implement a crutch. Option one is to use
Post instead of Get. Failing that, check the return value. You should
really be taint checking anyway, so modifying the regex shouldn't be
too hard. In your action form, just do the opposite, more or less, of
what you do in your post form. If it starts with 'C_and_C', you know
it needs to be 'C_and_C++/...'. Then it doesn't matter how CGI.pm or
the browser garble the string:

    $cat = $q->param('cat');
    $cat =~ s!C_and_C\.?/(\.+)$!C_and_C++/$1!;
    $sth = $dbh->prepare("SELECT * FROM main WHERE CAT='$cat'");

HTH,

-- jay
--------------------------------------------------
This email and attachment(s): [  ] blogable; [ x ] ask first; [  ]
private and confidential

daggerquill [at] gmail [dot] com
http://www.tuaw.com  http://www.dpguru.com  http://www.engatiki.org

values of β will give rise to dom!

Reply via email to