On Wed, Aug 28, 2002 at 11:11:23AM -0500, Dan Muey wrote:
>
> >I think you will need to show us more of your code. Where are the ids
> >coming from?
>
> First the html generated by the script :
> <input type=checkbox name="IDS" value="26,">
> <input type=checkbox name="IDS" value="18,">
> @recs = split(/,/, $ids);
>
> >Perhaps the later ids include a non-printable character, which trace() is
> >outputting as a period. Try printing your query like this:
> >($tmp = $query) =~ s/([^\x20-\x7E])/'\x' . sprintf "%x", ord $1/ge;
> >print $tmp;
>
> $tmp prints out as : DELETE FROM customer WHERE ID IN ('25','\x018')
(Woops, I should have made that sprintf "%02x", ord $1)
> sure enough odd char
> It seems to get there somewhere in between pressing submit and after
> parse
> ( I use the &ReadParse subroutine in cgi-lib )
I thought that might be it. cgi-lib uses the null character to join
multiple values for a single parameter. Instead of including a comma in
each value to split on later, you can just split on /\0/.
However, I would really recommend switching to the CGI module, which will
do all the parameter parsing and unencoding for you.
Ronald
