Class::DBI::FromCGI(3pm)

1Class::DBI::FromCGI(3)User Contributed Perl DocumentationClass::DBI::FromCGI(3)
2
3
4

NAME

6       Class::DBI::FromCGI - Update Class::DBI data using CGI::Untaint
7

SYNOPSIS

9         package Film;
10         use Class::DBI::FromCGI;
11         use base 'Class::DBI';
12         # set up as any other Class::DBI class.
13
14         __PACKAGE__->untaint_columns(
15           printable => [qw/Title Director/],
16           integer   => [qw/DomesticGross NumExplodingSheep/],
17           date      => [qw/OpeningDate/],
18         );
19
20         # Later on, over in another package ...
21
22         my $h = CGI::Untaint->new( ... );
23         my $film = Film->retrieve('Godfather II');
24            $film->update_from_cgi($h);
25
26         my $new_film = Film->create_from_cgi($h);
27
28         if (my %errors = $film->cgi_update_errors) {
29           while (my ($field, $problem) = each %errors) {
30             warn "Problem with $field: $problem\n";
31           }
32         }
33
34         # or
35         $film->update_from_cgi($h => @columns_to_update);
36
37         # or
38         $film->update_from_cgi($h => { ignore => \@cols_to_ignore,
39                                        required => \@cols_needed,
40                                        all => \@columns_which_may_be_empty });
41
42         my $how = $film->untaint_type('Title'); # printable
43

DESCRIPTION

45       Lots of times, Class::DBI is used in web-based applications. (In fact,
46       coupled with a templating system that allows you to pass objects, such
47       as Template::Toolkit, Class::DBI is very much your friend for these.)
48
49       And, as we all know, one of the most irritating things about writing
50       web-based applications is the monotony of writing much of the same
51       stuff over and over again. And, where there's monotony there's a ten‐
52       dency to skip over stuff that we all know is really important, but is a
53       pain to write - like Taint Checking and sensible input validation.
54       (Especially as we can still show a 'working' application without it!).
55       So, we now have CGI::Untaint to take care of a lot of that for us.
56
57       It so happens that CGI::Untaint also plays well with Class::DBI.
58       Class::DBI::FromCGI is a little wrapper that ties these two together.
59

METHODS

61       untaint_columns
62
63       All you need to do is to 'use Class::DBI::FromCGI' in your class (or in
64       your local Class::DBI subclass that all your other classes inherit
65       from. You do do that, don't you?).
66
67       Then, in each class in which you want to use this, you declare how you
68       want to untaint each column:
69
70         __PACKAGE__->untaint_columns(
71           printable => [qw/Title Director/],
72           integer   => [qw/DomesticGross NumExplodingSheep/],
73           date      => [qw/OpeningDate/],
74         );
75
76       (where the keys are the CGI::Untaint package to be used, and the values
77       a listref of the relevant columns).
78
79       update_from_cgi
80
81       When you want to update based on the values coming in from a web-based
82       form, you just call:
83
84         $obj->update_from_cgi($h => @columns_to_update);
85
86       If every value passed in gets through the CGI::Untaint process, the
87       object will be updated (but not committed, in case you want to do any‐
88       thing else with it). Otherwise the update will fail (there are no par‐
89       tial updates), and $obj->cgi_update_errors will tell you what went
90       wrong (as a hash of problem field => error from CGI::Untaint).
91
92       create_from_cgi
93
94       Similarly, if you wish to create a new object, then you can call:
95
96         my $obj = Class->create_from_cgi($h => @columns_to_update);
97
98       If this fails, $obj will be a defined object, containing the errors, as
99       with an update, but will not contain the values submitted, nor have
100       been written to the database.
101
102       untaint_type
103
104         my $how = $film->untaint_type('Title'); # printable
105
106       This tells you how we're going to untaint a given column.
107
108       cgi_update_errors
109
110         if (my %errors = $film->cgi_update_errors) {
111           while (my ($field, $problem) = each %errors) {
112             warn "Problem with $field: $problem\n";
113           }
114         }
115
116       This returns a hash of any errors when updating. Despite its name it
117       also applies when inserting.
118

Column Auto-Detection

120       As Class::DBI knows all its columns, you don't even have to say what
121       columns you're interested in, unless it's a subset, as we can auto-fill
122       these:
123
124         $obj->update_from_cgi($h);
125
126       You can also specify columns which must be present, or columns to be
127       ignored even if they are present:
128
129         $film->update_from_cgi($h => {
130           all      => \@all_columns, # auto-filled if left blank
131           ignore   => \@cols_to_ignore,
132           required => \@cols_needed,
133         });
134
135       Doesn't this all make your life so much easier?
136

NOTE

138       Don't try to update the value of your primary key. Class::DBI doesn't
139       like that. If you try to do this it will be silently skipped.
140

ANOTHER NOTE

142       If you haven't set up any 'untaint_column' information for a column
143       which you later attempt to untaint, then we try to call $self->col‐
144       umn_type to ascertain the default handler to use. Currently this will
145       only use if you're using Class::DBI::mysql, and only for certain column
146       types.
147

AUTHOR

152       Tony Bowden
153

BUGS and QUERIES

155       Please direct all correspondence regarding this module to:
156         bug-Class-DBI-FromCGI@rt.cpan.org
157

COPYRIGHT

159       Copyright (C) 2001-2005 Kasei. All rights reserved.
160
161       This module is free software; you can redistribute it and/or modify it
162       under the same terms as Perl itself.
163
164
165
166perl v5.8.8                       2005-10-04            Class::DBI::FromCGI(3)