Hi Brett,
I appreciate your comments, but what is the solution?
I thought the second was the most logical, but causes an error when the
query is empty.
> my $rows = $sth->fetchall_arrayref(); # works when query is empty
Here you've told the statement handler ($sth) to return everything, as an
arrayref of arrayrefs.
> #push @{$rows}, $_ while $_ = $sth->fetchrow_hashref(); # works when query
> contains data
This takes each row as hashref and pushes it onto an arrayref. The two
are mutually exclusive. (you have only one set of results)
At 22:28 18/04/2002, you wrote:
> > &get_my_input; #Split and decode the GET string, you call them with
> > $INPUT{whateverfield}
>
>This isn't related to your question, but you do realize that CGI can do
>this for you, and in a tested method that traps several security holes?
>There is no good reason for 99.99% of perl scripters to parse the GET
>string themselves.
>
>If you were unaware of this, I can point you to some good resources. If
>you were aware of this, why are you doing it yourself?
>
> > # grab the stuff from the database
> > my $sth = $dbh->prepare("
> > SELECT lognumber, logdate, logdescription
> > FROM log
> > WHERE logcontactnumber = '$INPUT{contactnumber}'
> > ORDER BY logdate DESC
> > ");
>
>Here you have a potential security problem. What if their contactnumber
>is
>'; ANY_HARMFUL_SQL_STATEMENT;
>In such a case, you'd be letting them execute anything on your database.
>Far better to use:
>
>my $sth = $dbh->prepare("
>SELECT lognumber, logdate, logdescription
>FROM log
>WHERE logcontactnumber = ?
>ORDER BY logdate DESC
>");
>$sth->execute($INPUT{contractnumber});
>
> > my $rows = $sth->fetchall_arrayref(); # works when query is empty
>
>Here you've told the statement handler ($sth) to return everything, as an
>arrayref of arrayrefs.
>
> > #push @{$rows}, $_ while $_ = $sth->fetchrow_hashref(); # works when query
> > contains data
>
>This takes each row as hashref and pushes it onto an arrayref. The two
>are mutually exclusive. (you have only one set of results)
Hi all,
I am struggling with some query result stuff.
I'm fairly new to perl and h::t
The query itself runs fine.
Below, between the ## 's.
I have tried to get some sort of if ( ) { else } around it (wondering if
that is a good solution anyway),
but don't manage to get it work.
This is the error I get:
[root@euro selling]# perl log_list.cgi
HTML::Template::param() : attempt to set parameter 'itemlist' with a scalar
- parameter is not a TMPL_VAR! at log_list.cgi line 83
[root@euro selling]#
Would anyone mind lending a hand?
Thanks,
Oscar
use DBI;
use HTML::Template;
use CGI;
use CGI qw/:standard :html3/;
use CGI qw/carpout fatalsToBrowser/;
require '../pg_tools.lib';
&get_my_input; #Split and decode the GET string, you call them with
$INPUT{whateverfield}
&sql_connect;
my $CGI = new CGI;
# grab the stuff from the database
my $sth = $dbh->prepare("
SELECT lognumber, logdate, logdescription
FROM log
WHERE logcontactnumber = '$INPUT{contactnumber}'
ORDER BY logdate DESC
");
$sth->execute();
my $rows;
#############################
my $rows = $sth->fetchall_arrayref(); # works when query is empty
#push @{$rows}, $_ while $_ = $sth->fetchrow_hashref(); # works when query
contains data
#############################
# prepare the template and substitute the values
my $template = HTML::Template->new(path => '../templates',
filename => 'log_list.tmpl',
associate => $CGI,
loop_context_vars => 1,
);
$template->param(ITEMLIST => $rows);
# print the goods
print $CGI->header;
print $template->output;
$sth->finish;
$dbh->disconnect;
Here the template:
<table width="100%">
<TMPL_LOOP NAME="ITEMLIST">
<tr>
<TMPL_IF NAME="__FIRST__">
<th class="header">LOGS</th></tr>
</TMPL_IF>
<TMPL_IF NAME="__ODD__">
<td class="tablerowodd"><a href=""
onClick="InfoWindow=window.open('log_show.cgi?lognumber=<TMPL_VAR
NAME="LOGNUMBER">','InfoWindow','toolbar=no, location=no, directories=no,
status=no, menubar=no, scrollbars=yes, resizable=yes, width=400,
height=400, left=350, top=200'); return false;"><TMPL_VAR
NAME="LOGDATE"> => <TMPL_VAR
NAME="LOGDESCRIPTION"></a></td>
<TMPL_ELSE>
<td class="tableroweven"><a href=""
onClick="InfoWindow=window.open('log_show.cgi?lognumber=<TMPL_VAR
NAME="LOGNUMBER">','InfoWindow','toolbar=no, location=no, directories=no,
status=no, menubar=no, scrollbars=yes, resizable=yes, width=400,
height=400, left=350, top=200'); return false;"><TMPL_VAR
NAME="LOGDATE"> => <TMPL_VAR
NAME="LOGDESCRIPTION"></a></td>
</TMPL_IF>
</tr>
</TMPL_LOOP>
</table>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: [EMAIL PROTECTED]
>For additional commands, e-mail: [EMAIL PROTECTED]
__________________________________________________________________
Elbie.com
Oscar Buijten
Tel: +33.4.67.57.97.45
Fax: +33.4.67.57.97.46
GSM: +33.6.20.84.15.22
Email: [EMAIL PROTECTED]
Web: www.elbie.com
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
