[Mason] Web form issues

Tue, 28 Feb 2006 06:42:30 -0800 

I have a web form that we use to submit comments to a database, however
some characters will make the insert fail. For instance usage of ' or ;.
Below is the snipit that handles this, perhaps I could be corrected in the
errors of my ways.

Everything in the DB is varchar except for the comments which is a blob.

Thanks, Scott

Page that handles the input:
------------------------------
<%perl>
 if (@_) {
  if ((!$_[1]) or (!$_[3])) {
   print "ERROR: You missed some required information...<br><br>
         You will be returned shortly";
  } else {
   print "Thank you for your submission,<br><br>
         You will be auto-redirected in 5 seconds...";
   my $ip = $r->get_remote_host;
   my $ua = $r->header_in('User-Agent');
   my $ref = $r->header_in('referer');

   use Net::SMTP;
   use DBI;

   my $dsn = 'DBI:mysql:xxxxxx:localhost';
   my $dbuser = 'xxxxx';
   my $dbpass = 'xxxxxx';
   my $dbh = DBI->connect($dsn, $dbuser, $dbpass);

   my $name = $_[3];
   my $email = $_[1];
   my $comment = $_[5];
   $dbh->do("insert into email
        (name, email, comments, host, agent) values
        ('$name', '$email', '$comment', '$ip', '$ua')");

   my $subject = "xxxxxxxx.net Email Form...";
   my $smtp = Net::SMTP->new("xxxx.xxxxx.net");
   my $addr = "[EMAIL PROTECTED]";

   $smtp->mail($email);
   $smtp->to($addr);
   $smtp->data();
   $smtp->datasend("Subject: $subject \n");
   $smtp->datasend("\n");
   $smtp->datasend("Name: $name\n\n");
   $smtp->datasend("Comment:\n$comment");
   $smtp->dataend();
   $smtp->quit();
   close($smtp)
  }
 }
</%perl>

---------------------------
Section with form:
---------------------------
} elsif ($source eq "contact") {
  print "<center><br><table width='70%'><tr><td>";
  print "<form NAME='CONTACT' action='email.ml'>";
  print "Name: <input type='text' name='name'
         size='50'><font color=red>*</font><br>";
  print "Email: <input type='text' name='email'
         size='50'><font color=red>*</font><br>";
  print "<textarea name='comments' COLS=80 ROWS=25></textarea><br>";
  print "<input type='submit' value='Submit Email'>";
  print "</td></tr></table></center>";

---------------------------




-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Mason-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/mason-users

Reply via email to