Re: C++ query with mySQL

[David Dorward]

On Mon, 2006-04-10 at 10:02 +0500, Sara wrote:
 Calling the categories starting with PHP and Perl didn't cause any issue, but 
 when I called the Categories
 starting with C_and_C++, nothing was shown because CGI.pm was removing the 
 characters ++.

 I replaced the All ++ in the mySQL database with ASCII #43#43, so now the 
 categories are in the DB are:
 C_and_C#43#43/Ad_Management

The + character has no special meaning in HTML, so you don't need to
represent it with HTML entities unless it doesn't exist in the character
encoding you are using (which is unlikely).

 And now when I am calling the script:
 http://mysite.com/cgi-bin/index.cgi?cat=C_and_C++/Ad_Management

However, the + character _does_ have special meaning in URLs - it
represents a space character. You should URL encode the data you pull
from the database. The URI::Escape module can help with this.

-- 
David Dorward   http://dorward.me.uk/
Anybody remotely interesting is mad, in some way or another.
 -- The Greatest Show in the Galaxy

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
http://learn.perl.org/ http://learn.perl.org/first-response

Re: C++ query with mySQL

[Jay Savage]

On 4/10/06, Sara [EMAIL PROTECTED] wrote:
 I have been stuck here, SOS call:

 Using CGI.pm, I have the script calling certain categories from mySQL table.

 my $cat = $q-param('cat');
 my $dbh - prepare (SELECT * FROM main WHERE CAT='$cat');

 Sample Categories('CAT') are given below:

 PHP/Ad_Management/Classifieds
 Perl_and_CGI/Ad_Management
 C_and_C++/Ad_Management

 etc.

 Calling the categories starting with PHP and Perl didn't cause any issue, but 
 when I called the Categories
 starting with C_and_C++, nothing was shown because CGI.pm was removing the 
 characters ++.

 I replaced the All ++ in the mySQL database with ASCII #43#43, so now the 
 categories are in the DB are:
 C_and_C#43#43/Ad_Management

 And now when I am calling the script:
 http://mysite.com/cgi-bin/index.cgi?cat=C_and_C++/Ad_Management

 Since CGI.pm removing ++, so in script I did this:

 my $cat =~ s/C_and_C/C_and_C#43#43/gi;

 It should have extracted the results from DB containing C_and_C#43#43, BUT 
 NO.

 it's printing and calling cat within script as C_and_C#43#43 /Ad_Managment

 Putting an extra Space after #43, so mySQL failed to deliver matching 
 categories.

 Why an extra white space? or anything more reasonable I can do to call cat 
 with C++ from mySQL.


 TIA.

Don't you mean  '#43;'? Anyway, don't do it by hand. See URI::Escape,
Tie::UrlEncoder, String::Util, etc.

Knowing that a plus is difficult to deal with in a get query string,
I'd revise my methods, or implement a crutch. Option one is to use
Post instead of Get. Failing that, check the return value. You should
really be taint checking anyway, so modifying the regex shouldn't be
too hard. In your action form, just do the opposite, more or less, of
what you do in your post form. If it starts with 'C_and_C', you know
it needs to be 'C_and_C++/...'. Then it doesn't matter how CGI.pm or
the browser garble the string:

$cat = $q-param('cat');
$cat =~ s!C_and_C\.?/(\.+)$!C_and_C++/$1!;
$sth = $dbh-prepare(SELECT * FROM main WHERE CAT='$cat');

HTH,

-- jay
--
This email and attachment(s): [  ] blogable; [ x ] ask first; [  ]
private and confidential

daggerquill [at] gmail [dot] com
http://www.tuaw.com  http://www.dpguru.com  http://www.engatiki.org

values of β will give rise to dom!