1Class::DBI::FromCGI(3)User Contributed Perl DocumentationClass::DBI::FromCGI(3)
2
3
4
6 Class::DBI::FromCGI - Update Class::DBI data using CGI::Untaint
7
9 package Film;
10 use Class::DBI::FromCGI;
11 use base 'Class::DBI';
12 # set up as any other Class::DBI class.
13
14 __PACKAGE__->untaint_columns(
15 printable => [qw/Title Director/],
16 integer => [qw/DomesticGross NumExplodingSheep/],
17 date => [qw/OpeningDate/],
18 );
19
20 # Later on, over in another package ...
21
22 my $h = CGI::Untaint->new( ... );
23 my $film = Film->retrieve('Godfather II');
24 $film->update_from_cgi($h);
25
26 my $new_film = Film->create_from_cgi($h);
27
28 if (my %errors = $film->cgi_update_errors) {
29 while (my ($field, $problem) = each %errors) {
30 warn "Problem with $field: $problem\n";
31 }
32 }
33
34 # or
35 $film->update_from_cgi($h => @columns_to_update);
36
37 # or
38 $film->update_from_cgi($h => { ignore => \@cols_to_ignore,
39 required => \@cols_needed,
40 all => \@columns_which_may_be_empty });
41
42
43 my $how = $film->untaint_type('Title'); # printable
44
46 Lots of times, Class::DBI is used in web-based applications. (In fact,
47 coupled with a templating system that allows you to pass objects, such
48 as Template::Toolkit, Class::DBI is very much your friend for these.)
49
50 And, as we all know, one of the most irritating things about writing
51 web-based applications is the monotony of writing much of the same
52 stuff over and over again. And, where there's monotony there's a
53 tendency to skip over stuff that we all know is really important, but
54 is a pain to write - like Taint Checking and sensible input validation.
55 (Especially as we can still show a 'working' application without it!).
56 So, we now have CGI::Untaint to take care of a lot of that for us.
57
58 It so happens that CGI::Untaint also plays well with Class::DBI.
59 Class::DBI::FromCGI is a little wrapper that ties these two together.
60
62 untaint_columns
63 All you need to do is to 'use Class::DBI::FromCGI' in your class (or in
64 your local Class::DBI subclass that all your other classes inherit
65 from. You do do that, don't you?).
66
67 Then, in each class in which you want to use this, you declare how you
68 want to untaint each column:
69
70 __PACKAGE__->untaint_columns(
71 printable => [qw/Title Director/],
72 integer => [qw/DomesticGross NumExplodingSheep/],
73 date => [qw/OpeningDate/],
74 );
75
76 (where the keys are the CGI::Untaint package to be used, and the values
77 a listref of the relevant columns).
78
79 update_from_cgi
80 When you want to update based on the values coming in from a web-based
81 form, you just call:
82
83 $obj->update_from_cgi($h => @columns_to_update);
84
85 If every value passed in gets through the CGI::Untaint process, the
86 object will be updated (but not committed, in case you want to do
87 anything else with it). Otherwise the update will fail (there are no
88 partial updates), and $obj->cgi_update_errors will tell you what went
89 wrong (as a hash of problem field => error from CGI::Untaint).
90
91 create_from_cgi
92 Similarly, if you wish to create a new object, then you can call:
93
94 my $obj = Class->create_from_cgi($h => @columns_to_update);
95
96 If this fails, $obj will be a defined object, containing the errors, as
97 with an update, but will not contain the values submitted, nor have
98 been written to the database.
99
100 untaint_type
101 my $how = $film->untaint_type('Title'); # printable
102
103 This tells you how we're going to untaint a given column.
104
105 cgi_update_errors
106 if (my %errors = $film->cgi_update_errors) {
107 while (my ($field, $problem) = each %errors) {
108 warn "Problem with $field: $problem\n";
109 }
110 }
111
112 This returns a hash of any errors when updating. Despite its name it
113 also applies when inserting.
114
116 As Class::DBI knows all its columns, you don't even have to say what
117 columns you're interested in, unless it's a subset, as we can auto-fill
118 these:
119
120 $obj->update_from_cgi($h);
121
122 You can also specify columns which must be present, or columns to be
123 ignored even if they are present:
124
125 $film->update_from_cgi($h => {
126 all => \@all_columns, # auto-filled if left blank
127 ignore => \@cols_to_ignore,
128 required => \@cols_needed,
129 });
130
131 Doesn't this all make your life so much easier?
132
134 Don't try to update the value of your primary key. Class::DBI doesn't
135 like that. If you try to do this it will be silently skipped.
136
138 If you haven't set up any 'untaint_column' information for a column
139 which you later attempt to untaint, then we try to call
140 $self->column_type to ascertain the default handler to use. Currently
141 this will only use if you're using Class::DBI::mysql, and only for
142 certain column types.
143
145 Class::DBI. CGI::Untaint. Template.
146
148 Tony Bowden
149
151 Please direct all correspondence regarding this module to:
152 bug-Class-DBI-FromCGI@rt.cpan.org
153
155 Copyright (C) 2001-2005 Kasei. All rights reserved.
156
157 This module is free software; you can redistribute it and/or modify it
158 under the same terms as Perl itself.
159
160
161
162perl v5.28.0 2005-10-04 Class::DBI::FromCGI(3)