Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Check my code please... HTML form->Perl->mySQL db

Status
Not open for further replies.
dupank

dupank

Programmer
Joined
Mar 30, 2009
Messages
4
Location
US
I was given a project to create a simple HTML registration form in which the data is validated using Javascript. It is then validated on the server side using Perl before being sent to a mySQL database. This is my first time using Perl so I would appreciate some expert feedback. Have I gotten this right? Any productive feedback will be greatly appreciated. Thanks.






(Here is my SQL database named db_register.sql)





CREATE DATABASE db_register;

USE db_register;

CREATE TABLE contact (
fname VARCHAR(20),
lname VARCHAR(20),
address VARCHAR(30),
city VARCHAR(20),
state VARCHAR(2),
zip SMALLINT(5),
phone VARCHAR(12),
email VARCHAR(30) NOT NULL,
PRIMARY KEY(email)
);







(Here is my code named register.cgi)





sub display_form
{
my $error_message = shift;
my $fname = shift;
my $lname = shift;
my $address = shift;
my $city = shift;
my $state = shift;
my $zip = shift;
my $phone = shift;
my $email = shift;

# Remove and potentially malicious HTML tags
$fname =~ s/<([^>]|\n)*>//g;
$lname =~ s/<([^>]|\n)*>//g;
$address =~ s/<([^>]|\n)*>//g;
$city =~ s/<([^>]|\n)*>//g;
$state =~ s/<([^>]|\n)*>//g;
$zip =~ s/<([^>]|\n)*>//g;
$phone =~ s/<([^>]|\n)*>//g;
$email =~ s/<([^>]|\n)*>//g;

#Display the form
print <<END_HTML;
<html>

<head>
<title>Newsletter Registration Form</title>
</head>

<body>

<script type="text/javascript">
<!--

function validate_form ( )
{
valid = true;

// validate name fields
if ( document.registration_form.fname.value == "" )
{
alert ( "Please fill in the 'First Name' box." );
valid = false;
}
if ( document.registration_form.lname.value == "" )
{
alert ( "Please fill in the 'Last Name' box." );
valid = false;
}

// validate address field
if ( document.registration_form.address.value == "" )
{
alert ( "Please fill in the 'Address' box." );
valid = false;
}

// validate city field
if ( document.registration_form.city.value == "" )
{
alert ( "Please fill in the 'City' box." );
valid = false;
}

// validate state field
if ( document.registration_form.state.value == "" )
{
alert ( "Please fill in the 'State' box." );
valid = false;
}

// validate zip field
if ( document.registration_form.zip.value == "" )
{
alert ( "Please fill in the 'Zip' box." );
valid = false;
}
else if ( isNaN( document.registration_form.zip.value ) )
{
alert ( "Please enter a 5-digit zip code." );
valid = false;
}

// validate phone field
if ( document.registration_form.phone.value == "" )
{
alert ( "Please fill in the 'Phone' box." );
valid = false;
}
else if ( isNaN( document.registration_form.phone.value ) )
{
alert ( "Please enter a 10-digit phone number." );
valid = false;
}

// validate email field
var emailFilter=/^.+@.+\..{2,3}$/;
if ( document.registration_form.email.value == "" )
{
alert ( "Please fill in the 'Email' box." );
valid = false;
}
else if (!(emailFilter.test(document.registration_form.email.value))) {
alert ("Please enter a valid email address.");
valid = false;
}

if ( valid == true )
{
alert ("Thank you for registering." );
}

return valid;
}

//-->
</script>

<h1>Newsletter Registration Form</h1>
<p>$error_message</p>
<FORM NAME="registration_form" ACTION="form_validation.cgi" METHOD="POST" onsubmit="return validate_form();">

<table border="3" width="100%" bgcolor="#D5D5FF" bordercolor="blue" cellspacing="0">
<tr>
<td width="30%" align="right"><b>First Name:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="fname" VALUE="$fname" SIZE=40></td>
</tr>
<tr>
<td width="30%" align="right"><b>Last Name:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="lname" VALUE="$lname" SIZE=40></td>
</tr>
<tr>
<td width="30%" align="right"><b>Address:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="address" VALUE="$address" SIZE=40></td>
</tr>
<tr>
<td width="30%" align="right"><b>City:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="city" VALUE="$city" SIZE=40></td>
</tr>
<tr>
<td width="30%" align="right"><b>State:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="state" VALUE="$state" SIZE=2 MAXLENGTH="2"></td>
</tr>
<tr>
<td width="30%" align="right"><b>Zip:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="zip" VALUE="$zip" SIZE=5 MAXLENGTH="5"></td>
</tr>
<tr>
<td width="30%" align="right"><b>Phone:</b><br>Do not include () or -</td>
<td width="70%"><INPUT TYPE="text" NAME="phone" VALUE="$phone" SIZE=10 MAXLENGTH=10></td>
</tr>
<tr>
<td width="30%" align="right"><b>Email:</b></td>
<td width="70%"><INPUT TYPE="text" NAME="email" VALUE="$email" SIZE=40></td>
</tr>
</table>
<br>
<hr size="2" color="blue">
<center>
<INPUT TYPE="submit" VALUE="Submit Data">
<INPUT TYPE="reset" VALUE="Clear Data">
</center>
</FORM>
</body></html>

END_HTML
}

sub validate_form
{
my $fname = $query->param("fname");
my $lname = $query->param("lname");
my $address = $query->param("address");
my $city = $query->param("city");
my $state = $query->param("state");
my $zip = $query->param("zip");
my $phone = $query->param("phone");
my $email = $query->param("email");

my $error_message = "";

$error_message .= "Please enter your first name<br/>" if ( !$fname );
$error_message .= "Please enter your last name<br/>" if ( !$lname );
$error_message .= "Please enter your address<br/>" if ( !$address );
$error_message .= "Please enter your city<br/>" if ( !$city );
$error_message .= "Please enter your state<br/>" if ( !$state );
$error_message .= "Please enter your zip<br/>" if ( !$zip );
$error_message .= "Please enter your phone<br/>" if ( !$phone );
$error_message .= "Please enter your email<br/>" if ( !$email );

if ( $error_message )
{
# Errors with the form - redisplay it and return failure
display_form ( $error_message, $fname, $lname, $address, $city, $state, $zip, $phone, $email );
return 0;
}
else
{
# Form OK - return success
return 1;
}
}

#!/usr/bin/perl

use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use DBI;

# Connection to CGI and Database
$q = new CGI;
$dbh = DBI->connect('dbi:mysql:database=db_register','','',{RaiseError=>1});

# Output the HTTP header
print $q->header ();

# Process form if submitted; otherwise display it
if ( $q->param("submit") )
{
process_form();
}
else
{
display_form();
}

sub process_form
{
if ( validate_form () )
{
# Insert form elements into database
my $sql= $dbh->prepare('INSERT INTO contact(fname,lname,address,city,state,zip,phone,email)
values("$fname","$lname","$address","$city","$state","$zip","$phone","$email")');

$sql->execute();

# Finish database connection
$dbh->disconnect if $dbh;

# Display Thank You page
print <<END_HTML;
<html><head><title>Thank You</title></head>
<body>
Thank you for registering!
</body></html>
END_HTML
}
}




1. I think I already caught one minor error. In the sub "validate_form" I'm using a variable named $query but below when I create a new CGI object I named it $q. These need to match.

2. Does the sub process_form need to exist before it's being called upon?
 
Sort by date Sort by votes
Student posting is not allowed here.

------------------------------------------
- Kevin, perl coder unexceptional! [wiggle]
 
Upvote 0 Downvote
Sorry, i forgot the code tags...

db_register.sql

Code: 
CREATE DATABASE db_register;

USE db_register;

CREATE TABLE contact (
  fname VARCHAR(20) NOT NULL,
  lname VARCHAR(20) NOT NULL,
  address VARCHAR(30),
  city VARCHAR(20),
  state VARCHAR(2),
  zip SMALLINT(5),
  phone VARCHAR(12),
  email VARCHAR(30) NOT NULL,
  PRIMARY KEY(email)
);

register.cgi

Code: 
sub display_form
{
	my $error_message = shift;
	my $fname = shift;
	my $lname = shift;
	my $address = shift;
	my $city = shift;
	my $state = shift;
	my $zip = shift;
	my $phone = shift;
	my $email = shift;

	# Remove and potentially malicious HTML tags
	$fname =~ s/<([^>]|\n)*>//g;
	$lname =~ s/<([^>]|\n)*>//g;
	$address =~ s/<([^>]|\n)*>//g;
	$city =~ s/<([^>]|\n)*>//g;
	$state =~ s/<([^>]|\n)*>//g;
	$zip =~ s/<([^>]|\n)*>//g;
	$phone =~ s/<([^>]|\n)*>//g;
	$email =~ s/<([^>]|\n)*>//g;

	#Display the form
	print <<END_HTML;
	<html>

	<head>
	  <title>Newsletter Registration Form</title>
	</head>

	<body>

	  <script type="text/javascript">
	  <!--

	  function validate_form ( )
	  {
	    valid = true;
	    
	    // validate name fields
	    if ( document.registration_form.fname.value == "" )
	    {
		alert ( "Please fill in the 'First Name' box." );
		valid = false;
	    }
	    if ( document.registration_form.lname.value == "" )
	    {
		alert ( "Please fill in the 'Last Name' box." );
		valid = false;
	    }
	    
	    // validate address field
	    if ( document.registration_form.address.value == "" )
	    {
		alert ( "Please fill in the 'Address' box." );
		valid = false;
	    }
	    
	    // validate city field
	    if ( document.registration_form.city.value == "" )
	    {
		alert ( "Please fill in the 'City' box." );
		valid = false;
	    }
	    
	    // validate state field
	    if ( document.registration_form.state.value == "" )
	    {
		alert ( "Please fill in the 'State' box." );
		valid = false;
	    }
	    
	    // validate zip field
	    if ( document.registration_form.zip.value == "" )
	    {
		alert ( "Please fill in the 'Zip' box." );
		valid = false;
	    }
	    else if ( isNaN( document.registration_form.zip.value ) )
	    {
		alert ( "Please enter a 5-digit zip code." );
		valid = false;
	    }
	    
	    // validate phone field
	    if ( document.registration_form.phone.value == "" )
	    {
		alert ( "Please fill in the 'Phone' box." );
		valid = false;
	    }
	    else if ( isNaN( document.registration_form.phone.value ) )
	    {
		alert ( "Please enter a 10-digit phone number." );
		valid = false;
	    }
	    
	    // validate email field
	    var emailFilter=/^.+@.+\..{2,3}$/;
	    if ( document.registration_form.email.value == "" )
	    {
		alert ( "Please fill in the 'Email' box." );
		valid = false;
	    }
	     else if (!(emailFilter.test(document.registration_form.email.value))) {
	       alert ("Please enter a valid email address.");
	       valid = false;
	    }

	    if ( valid == true )
	    {
		alert ("Thank you for registering." );
	    }

	    return valid;
	  }

	  //-->
	  </script>

	  <h1>Newsletter Registration Form</h1>
	  <p>$error_message</p>
	  <FORM NAME="registration_form" ACTION="form_validation.cgi" METHOD="POST" onsubmit="return validate_form();">
	  
	  <table border="3" width="100%" bgcolor="#D5D5FF" bordercolor="blue" cellspacing="0">
	    <tr>
	      <td width="30%" align="right"><b>First Name:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="fname" VALUE="$fname" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Last Name:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="lname" VALUE="$lname" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Address:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="address" VALUE="$address" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>City:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="city" VALUE="$city" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>State:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="state" VALUE="$state" SIZE=2 MAXLENGTH="2"></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Zip:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="zip" VALUE="$zip" SIZE=5 MAXLENGTH="5"></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Phone:</b><br>Do not include () or -</td>
	      <td width="70%"><INPUT TYPE="text" NAME="phone" VALUE="$phone" SIZE=10 MAXLENGTH=10></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Email:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="email" VALUE="$email" SIZE=40></td>
	    </tr>
	  </table>
	  <br>
	  <hr size="2" color="blue">
	  <center>
	    <INPUT TYPE="submit" VALUE="Submit Data">
	    <INPUT TYPE="reset" VALUE="Clear Data">
	  </center>
	  </FORM>
	</body></html>

END_HTML
}

sub validate_form
{
	my $fname = $query->param("fname");
	my $lname = $query->param("lname");
	my $address = $query->param("address");
	my $city = $query->param("city");
	my $state = $query->param("state");
	my $zip = $query->param("zip");
	my $phone = $query->param("phone");
	my $email = $query->param("email");

	my $error_message = "";

	$error_message .= "Please enter your first name<br/>" if ( !$fname );
	$error_message .= "Please enter your last name<br/>" if ( !$lname );
	$error_message .= "Please enter your address<br/>" if ( !$address );
	$error_message .= "Please enter your city<br/>" if ( !$city );
	$error_message .= "Please enter your state<br/>" if ( !$state );
	$error_message .= "Please enter your zip<br/>" if ( !$zip );
	$error_message .= "Please enter your phone<br/>" if ( !$phone );
	$error_message .= "Please enter your email<br/>" if ( !$email );

	if ( $error_message )
	{
		# Errors with the form - redisplay it and return failure
		display_form ( $error_message, $fname, $lname, $address, $city, $state, $zip, $phone, $email );
		return 0;
	}
	else
	{
		# Form OK - return success
		return 1;
	}
}

#!/usr/bin/perl

use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use DBI;

# Connection to CGI and Database
$q = new CGI;
$dbh = DBI->connect('dbi:mysql:database=db_register','','',{RaiseError=>1});

# Output the HTTP header
print $q->header ();

# Process form if submitted; otherwise display it
if ( $q->param("submit") )
{
	process_form();
}
else
{
	display_form();
}

sub process_form
{
	if ( validate_form () )
	{
		# Insert form elements into database
		my $sql= $dbh->prepare('INSERT INTO contact(fname,lname,address,city,state,zip,phone,email) 
		values("$fname","$lname","$address","$city","$state","$zip","$phone","$email")');

		$sql->execute();

		# Finish database connection
		$dbh->disconnect if $dbh;
                         
		# Display Thank You page
		print <<END_HTML;
		<html><head><title>Thank You</title></head>
		<body>
		Thank you for registering!
		</body></html>
		END_HTML
	}
}
 
Upvote 0 Downvote
This isn't a student posting.
 
Upvote 0 Downvote
Does the sub process_form need to exist before it's being called upon?
Click to expand...
That's something you could find out easily by experiment, but the answer is no - you can declare subs after they're called. In fact, that's common practice - put the subs after the main body of the code (if they're not in a separate module altogether! ).

A couple of points:

This should be the first line of your file, not somewhere in the middle:
Code: 
#!/usr/bin/perl

You're not doing anything with successful input, but I guess you're taking things one step at a time.

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd
 
Upvote 0 Downvote
Thank you for your response.

I've made some modifications. Successful input is supposed to be sent to the mysql database using the process_form subroutine. Do you see an issue there?

FILE: register.cgi
Code: 
#!/usr/bin/perl

use warnings;
use CGI;
use CGI::Carp qw(fatalsToBrowser);
use DBI;



# Create CGI object and connect to Database
$query = new CGI;
$dbh = DBI->connect('dbi:mysql:database=db_register','','',{RaiseError=>1});



# Output the HTTP header
print $query->header ();



# Process form if submitted; otherwise display it
if ( $query->param("submit") )
{
	process_form();
}
else
{
	display_form();
}



# SUBROUTINES FOLLOW
# Process the form, send to sql database
sub process_form
{
	if ( validate_form () )
	{
		# Insert form elements into database
		my $sql= $dbh->prepare('INSERT INTO contact(fname,lname,address,city,state,zip,phone,email) 
		values("$fname","$lname","$address","$city","$state","$zip","$phone","$email")');

		$sql->execute();

		# Finish database connection
		$dbh->disconnect if $dbh;
                         
		# Display Thank You page
		print <<END_HTML;
		<html><head><title>Thank You</title></head>
		<body>
		Thank you for registering!
		</body></html>
		END_HTML
	}
}



# Displays the HTML form and includes validation using javascript
sub display_form
{
	my $error_message = shift;
	my $fname = shift;
	my $lname = shift;
	my $address = shift;
	my $city = shift;
	my $state = shift;
	my $zip = shift;
	my $phone = shift;
	my $email = shift;

	# Remove and potentially malicious HTML tags
	$fname =~ s/<([^>]|\n)*>//g;
	$lname =~ s/<([^>]|\n)*>//g;
	$address =~ s/<([^>]|\n)*>//g;
	$city =~ s/<([^>]|\n)*>//g;
	$state =~ s/<([^>]|\n)*>//g;
	$zip =~ s/<([^>]|\n)*>//g;
	$phone =~ s/<([^>]|\n)*>//g;
	$email =~ s/<([^>]|\n)*>//g;

	#Display the form
	print <<END_HTML;
	<html>

	<head>
	  <title>Newsletter Registration Form</title>
	</head>

	<body>

	  <script type="text/javascript">
	  <!--

	  function validate_form ( )
	  {
	    valid = true;
	    
	    // validate name fields
	    if ( document.registration_form.fname.value == "" )
	    {
		alert ( "Please fill in the 'First Name' box." );
		valid = false;
	    }
	    if ( document.registration_form.lname.value == "" )
	    {
		alert ( "Please fill in the 'Last Name' box." );
		valid = false;
	    }
	    
	    // validate address field
	    if ( document.registration_form.address.value == "" )
	    {
		alert ( "Please fill in the 'Address' box." );
		valid = false;
	    }
	    
	    // validate city field
	    if ( document.registration_form.city.value == "" )
	    {
		alert ( "Please fill in the 'City' box." );
		valid = false;
	    }
	    
	    // validate state field
	    if ( document.registration_form.state.value == "" )
	    {
		alert ( "Please fill in the 'State' box." );
		valid = false;
	    }
	    
	    // validate zip field
	    if ( document.registration_form.zip.value == "" )
	    {
		alert ( "Please fill in the 'Zip' box." );
		valid = false;
	    }
	    else if ( isNaN( document.registration_form.zip.value ) )
	    {
		alert ( "Please enter a 5-digit zip code." );
		valid = false;
	    }
	    
	    // validate phone field
	    if ( document.registration_form.phone.value == "" )
	    {
		alert ( "Please fill in the 'Phone' box." );
		valid = false;
	    }
	    else if ( isNaN( document.registration_form.phone.value ) )
	    {
		alert ( "Please enter a 10-digit phone number." );
		valid = false;
	    }
	    
	    // validate email field
	    var emailFilter=/^.+@.+\..{2,3}$/;
	    if ( document.registration_form.email.value == "" )
	    {
		alert ( "Please fill in the 'Email' box." );
		valid = false;
	    }
	     else if (!(emailFilter.test(document.registration_form.email.value))) {
	       alert ("Please enter a valid email address.");
	       valid = false;
	    }

	    if ( valid == true )
	    {
		alert ("Thank you for registering." );
	    }

	    return valid;
	  }

	  //-->
	  </script>

	  <h1>Newsletter Registration Form</h1>
	  <p>$error_message</p>
	  <FORM NAME="registration_form" ACTION="form_validation.cgi" METHOD="POST" onsubmit="return validate_form();">
	  
	  <table border="3" width="100%" bgcolor="#D5D5FF" bordercolor="blue" cellspacing="0">
	    <tr>
	      <td width="30%" align="right"><b>First Name:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="fname" VALUE="$fname" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Last Name:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="lname" VALUE="$lname" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Address:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="address" VALUE="$address" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>City:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="city" VALUE="$city" SIZE=40></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>State:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="state" VALUE="$state" SIZE=2 MAXLENGTH="2"></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Zip:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="zip" VALUE="$zip" SIZE=5 MAXLENGTH="5"></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Phone:</b><br>Do not include () or -</td>
	      <td width="70%"><INPUT TYPE="text" NAME="phone" VALUE="$phone" SIZE=10 MAXLENGTH=10></td>
	    </tr>
	    <tr>
	      <td width="30%" align="right"><b>Email:</b></td>
	      <td width="70%"><INPUT TYPE="text" NAME="email" VALUE="$email" SIZE=40></td>
	    </tr>
	  </table>
	  <br>
	  <hr size="2" color="blue">
	  <center>
	    <INPUT TYPE="submit" NAME="submit" VALUE="Submit Data">
	    <INPUT TYPE="reset" NAME="clear" VALUE="Clear Data">
	  </center>
	  </FORM>
	</body></html>

END_HTML
}



# Server-side validation in Perl
sub validate_form
{
	my $fname = $query->param("fname");
	my $lname = $query->param("lname");
	my $address = $query->param("address");
	my $city = $query->param("city");
	my $state = $query->param("state");
	my $zip = $query->param("zip");
	my $phone = $query->param("phone");
	my $email = $query->param("email");

	my $error_message = "";

	$error_message .= "Please enter your first name<br/>" if ( !$fname );
	$error_message .= "Please enter your last name<br/>" if ( !$lname );
	$error_message .= "Please enter your address<br/>" if ( !$address );
	$error_message .= "Please enter your city<br/>" if ( !$city );
	$error_message .= "Please enter your state<br/>" if ( !$state );
	$error_message .= "Please enter your zip<br/>" if ( !$zip );
	$error_message .= "Please enter your phone<br/>" if ( !$phone );
	$error_message .= "Please enter your email<br/>" if ( !$email );

	if ( $error_message )
	{
		# Errors with the form - redisplay it and return failure
		display_form ( $error_message, $fname, $lname, $address, $city, $state, $zip, $phone, $email );
		return 0;
	}
	else
	{
		# Form OK - return success
		return 1;
	}
}

FILE: db_register.sql
Code: 
CREATE DATABASE db_register;

USE db_register;

CREATE TABLE contact (
  fname VARCHAR(20),
  lname VARCHAR(20),
  address VARCHAR(30),
  city VARCHAR(20),
  state VARCHAR(2),
  zip SMALLINT(5),
  phone VARCHAR(12),
  email VARCHAR(30) NOT NULL,
  PRIMARY KEY(email)
);
 
Upvote 0 Downvote
Putting the inserted values into the query string like that leaves you vulnerable to SQL injection attacks. It's safer to do it like this:
Code: 
my $sql= $dbh->prepare('INSERT INTO contact(fname,lname,address,city,state,zip,phone,email) 
        values(?,?,?,?,?,?,?,?)');

        $sql->execute($fname,$lname,$address,$city,$state,$zip,$phone,$email);
Also, you're using [tt]email[/tt] as the primary key of the table, what happens if the same person sends you more than one message?

-- Chris Hunt
Webmaster & Tragedian
Extra Connections Ltd
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

svar
  • Locked
  • Question Question
Building strawberry perl with modules
Replies
0
Views
250
svar
svar
Ave_Y
  • Locked
  • Question Question
What means ($_ =~ m/\ &lt;.*\ &gt;/g) ? (perl)
Replies
1
Views
717
feherke
feherke
rob54321
  • Locked
  • Question Question
Perl how to read line from file with interpolation
Replies
6
Views
1K
rob54321
rob54321
Limbomusic
  • Locked
  • Question Question
Perl files getting accessed directly
Replies
0
Views
682
Limbomusic
Limbomusic
eslie
  • Locked
  • Question Question
Perl script behavior makes no sense!!!
Replies
0
Views
557
eslie
eslie

Part and Inventory Search

Sponsor

Back
Top