> &get_my_input; #Split and decode the GET string, you call them with
> $INPUT{whateverfield}
This isn't related to your question, but you do realize that CGI can do
this for you, and in a tested method that traps several security holes?
There is no good reason for 99.99% of perl scripters to parse the GET
string themselves.
If you were unaware of this, I can point you to some good resources. If
you were aware of this, why are you doing it yourself?
> # grab the stuff from the database
> my $sth = $dbh->prepare("
> SELECT lognumber, logdate, logdescription
> FROM log
> WHERE logcontactnumber = '$INPUT{contactnumber}'
> ORDER BY logdate DESC
> ");
Here you have a potential security problem. What if their contactnumber
is
'; ANY_HARMFUL_SQL_STATEMENT;
In such a case, you'd be letting them execute anything on your database.
Far better to use:
my $sth = $dbh->prepare("
SELECT lognumber, logdate, logdescription
FROM log
WHERE logcontactnumber = ?
ORDER BY logdate DESC
");
$sth->execute($INPUT{contractnumber});
> my $rows = $sth->fetchall_arrayref(); # works when query is empty
Here you've told the statement handler ($sth) to return everything, as an
arrayref of arrayrefs.
> #push @{$rows}, $_ while $_ = $sth->fetchrow_hashref(); # works when query
> contains data
This takes each row as hashref and pushes it onto an arrayref. The two
are mutually exclusive. (you have only one set of results)
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
