Apache 2.0.46 modperl 1.99-10.dev (CVS snapshot from last night) perl 5.8.0 NetBSD 1.6.1
I've got a form that I'm posting to an MP2 script, and am parsing the output with the following subroutines :
sub hash_post {
# returns a hash of all the POST valuesmy ($r) = shift;
my $post_string = CB::read_post($r);
my %rethash = {}; my @bits = split(/&/, $post_string);
foreach my $bit (@bits) {
$bit =~ /^(.*)=(.*)$/;
my $key = CGI::Util::unescape($1);
my $value = CGI::Util::unescape($2);
$rethash{$key} = $value;
}
return %rethash;
}
CB::read_post() is : sub read_post { use Apache::Filter (); use APR::Bucket (); use APR::Brigade (); use constant IOBUFSIZE => 8192; use Apache::Const -compile => qw(MODE_READBYTES); use APR::Const -compile => qw(SUCCESS BLOCK_READ);
use CGI::Util;
my $r = shift;
my $debug = shift || 0; my @data = ();
my $seen_eos = 0;
my $filters = $r->input_filters();
my $ba = $r->connection->bucket_alloc;
my $bb = APR::Brigade->new($r->pool, $ba); do {
my $rv = $filters->get_brigade($bb,
Apache::MODE_READBYTES, APR::BLOCK_READ, IOBUFSIZE);
if ($rv != APR::SUCCESS) {
return $rv;
} while (!$bb->empty) {
my $buf;
my $b = $bb->first;$b->remove;
if ($b->is_eos) {
warn "EOS bucket:\n" if $debug;
$seen_eos++;
last;
} my $status = $b->read($buf);
warn "DATA bucket: [$buf]\n" if $debug;
if ($status != APR::SUCCESS) {
return $status;
}
push @data, $buf;
}
$bb->destroy; } while (!$seen_eos);
my $string = join '', @data;
return $string;
}
The observant will notice that read_post() is pretty-much Stas's code from the mp test scripts, so I figure it's got to be good code (Stas wrote it :) )
This all seems to work quite nicely for the simple form I'm processing, like so :
my %posted_data = CB::hash_post($r);
foreach my $key (keys %posted_data) {
$vars->{form}->{$key} = $posted_data{$key};
}
The %vars gets thrown into template toolkit and
as far as I can see, it looks fine, so I _think_
I'm parsing the POST data correctly at this point.
But ....I then want to throw the data at a database insert : CB::submit_training_log($user_id, %posted_data);
sub submit_training_log {
my ($user_id,%values) = @_;# use DBI;
#my $dbh = DBI->connect("DBI:mysql:".$db_name.":".$db_server, $db_user, $db_pass,
{ RaiseError => 1}) or return -1;
my $fields = "user_id";
my $values = "\'".$user_id."\'";
foreach my $key (keys %values) {
$fields .= ",$key";
$values .= ",\'".$values{$key}."\'";
}
my $insert = "INSERT into training_log ($fields) VALUES ($values)"; logit($log,$insert);
# $dbh->disconnect;
}(yes, I need to do lots of safety/sanity/taint checks etc ... )
What I see in the INSERT log message is this :
INSERT into training_log ('user_id','av_hr','distance','time','percent_fat','max_speed','comments',
'time_e3','time_o2','max_power','weather','weight','resting_hr','day',
'mon','time_e1','motivation','fatigue','energy_burnt','max_hr','stress',
'time_e2','time_rec','location','planned_session','av_speed',
'actual_session','HASH(0x8d7be98)','av_power','time_se','soreness',
'sleep','year') VALUES ('1','','','','','','The session was great!','','','','funky','','','25','6','','1','1','','','1','','',
'','','','As per planned session','','','','1','1','2003')
There's a "HASH(0x8d7be98)" in there. That's a problem! Can anyone
see where it might be coming from? All the form variables are
accounted for, so it seems to be coming from nowhere? The onlyplace I can think of is the submit button?
thanks
Carl
