in reply to html checkbox and perl cgi
$db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST, Homolog_Table HT,sno_Homologs SH,Organism O WHERE ST.sno_id=SH.sno_id AND SH.homolog_id=HT.homolog_id AND HT.org_i d=O.org_id and (ST.family=$family) and O.organism='$TB'";
You have just passed $family and $TB directly into an SQL statement as entered into a web page by an untrusted random stranger with no validation what so ever. That will not end well (http://www.bobby-tables.com/).
Use place holders to protect your queries from SQL injections
$db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST, Hom +olog_Table HT,sno_Homologs SH,Organism O WHERE ST.sno_id=SH.sno_id AN +D SH.homolog_id=HT.homolog_id AND HT.org_i d=O.org_id and (ST.family= +?) and O.organism=?"; ... $sth->execute($family, $TB);
|
---|
In Section
Seekers of Perl Wisdom