html checkbox and perl cgi

AdrianJ217 has asked for the wisdom of the Perl Monks concerning the following question:

Hi everyone. So I'm writing an html form for the first time, results of which will be submitted to a mySQL database using a CGI script. The html file incorporates a checkbox but I can't get the results of the checkbox to pass correctly through the CGI. Below is the code for the html and for the CGI. Thank you.

HTML

 <!DOCTYPE html>
<html>
<body>
<form action = "http://bioinfo.lnx.biu.ac.il/aj-cgi/trypsnodb2.cgi" me
+thod="POST">
    <select name="family">
        <option>C/D</option>
        <option>H/ACA</option>
        <option>ALL</option>
    </select><br>
    <input type="checkbox" name="TB" value="on">Trypanosoma brucei<br>
    <input type="checkbox" name="LM" value="on">Leishmania major<br>
    <input type="checkbox" name="HS" value="on">Homo sapiens<br>
    <input type="checkbox" name="SC" value="on">Saccharomyces cerevisi
+ae<br>
    <input type="checkbox" name="AT" value="on">Arabidopsis thaliana<b
+r>
    <input type="submit" name="submit1">
    <input type="reset" name="reset1"><br><br>
    <input type="text" name="enter_sno" placeholder="snoRNA">
    <input type="submit" name="submit2">
</form>
</body>
</html>
[download]

CGI

#!/usr/bin/perl -w
use strict;
use DBI;
use CGI;

my $query = new CGI;
print $query->header();
my $my_database = "TrypSnoDB";
my $localhost = "localhost";
my $dsn = "DBI:mysql:$my_database:$localhost";
my $db_user_name = "adrian";
my $db_password = "temp_pass";
my $dbh = DBI->connect("DBI:mysql:database=TrypSnoDB;host=localhost;my
+sql_socket=/private/software/mysql/mysql.sock","adrian","temp_pass", 
+{'RaiseError' => 1});

if ($query->param('submit1')){
    my $family = $query->param('family');
    my $TB = $query->param('TB');
    my $LM = $query->param('LM');
    my $HS = $query->param('HS');
    my $SC = $query->param('SC');
    my $AT = $query->param('AT');
    my $db_query;
    if ($family eq "ALL") {
        $family = "'C/D' or ST.family='H/ACA'"
    }
    else {
        $family = "'$family'";
    }
    $db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST,
+Homolog_Table HT,sno_Homologs SH,Organism O 
WHERE ST.sno_id=SH.sno_id AND SH.homolog_id=HT.homolog_id AND HT.org_i
+d=O.org_id and (ST.family=$family) and
O.organism='$TB'";
    my $sth = $dbh->prepare($db_query);
    $sth->execute();
    my$total = $sth->rows;
    print "<table border=1>\n
    <tr>
        <th>snoRNA</th>\n
        <th>Homolog</th>\n
    </tr>\n";
    while (my@row = $sth->fetchrow_array()){
        my$sno_name = $row[0];
        my$homolog_name = $row[1];
        print "<tr>\n<td>$sno_name</d><td>$homolog_name</td></tr>\n";
    }
    print "<tr>
        <th>TOTAL</th>\n
        <th>$total</th>\n
    </tr>\n";
    print "</table>";        
}
elsif ($query->param('submit2')){
    my $ud_sno = $query->param('enter_sno'); 
    my$db_query;
    $db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST,
+Homolog_Table HT,sno_Homologs SH 
WHERE ST.sno_id=SH.sno_id AND SH.homolog_id=HT.homolog_id AND ST.sno_n
+ame='$ud_sno'";
    my $sth = $dbh->prepare($db_query);
    $sth->execute();
        print "<table border=1>\n
    <tr>
        <th>snoRNA</th>\n
        <th>Homolog</th>\n
    </tr>\n";
    while (my@row = $sth->fetchrow_array()){
        my$ud_sno_name = $row[0];
        my$hom_name = $row[1];
        print "<tr>\n<td>$ud_sno_name</d><td>$hom_name</td></tr>\n";
    }
    print "</table>";
}
[download]

Comment on html checkbox and perl cgi Select or Download Code

Replies are listed 'Best First'.
Re: html checkbox and perl cgi by tangent (Parson) on Jan 18, 2014 at 18:50 UTC
When you come across problems like these it is a good idea to add some print statements to your script to see what is going on. So if you added some lines like this: `if ($query->param('submit1')){ my $family = $query->param('family'); my $TB = $query->param('TB'); my $LM = $query->param('LM'); my $HS = $query->param('HS'); my $SC = $query->param('SC'); my $AT = $query->param('AT'); print qq\|TB: $TB<br>\|; print qq\|LM: $LM<br>\|; print qq\|HS: $HS<br>\|; print qq\|SC: $SC<br>\|; print qq\|AT: $AT<br>\|;` [download] You would see that if any of the checkboxes were ticked they have the value 'on' which is probably not what you want. So the problem is with your HTML - you could change the 'value' attribute of the checkbox to: `<input type="checkbox" name="TB" value="TB">Trypanosoma brucei<br> <input type="checkbox" name="LM" value="LM">Leishmania major<br> <input type="checkbox" name="HS" value="HS">Homo sapiens<br> <input type="checkbox" name="SC" value="SC">Saccharomyces cerevisiae<b +r> <input type="checkbox" name="AT" value="AT">Arabidopsis thaliana<br>` [download] It is also a good idea to check the values from your form before passing the query to the database	[reply] [d/l] [select]
Re^2: html checkbox and perl cgi by AdrianJ217 (Novice) on Jan 18, 2014 at 19:03 UTC
Thank you so much!	[reply]
Re^3: html checkbox and perl cgi by AdrianJ217 (Novice) on Jan 18, 2014 at 19:45 UTC
Sorry, could you tell me why the value 'on' is an issue? I thought it is considered on only when it's clicked on. I guess I don't understand the difference between name and value. I thought name is what is passed as the parameter to CGI, not value.	[reply]
Re^4: html checkbox and perl cgi by tangent (Parson) on Jan 18, 2014 at 20:30 UTC
Re^4: html checkbox and perl cgi by AdrianJ217 (Novice) on Jan 18, 2014 at 20:56 UTC
Re^5: html checkbox and perl cgi by tangent (Parson) on Jan 18, 2014 at 21:27 UTC
Some notes below your chosen depth have not been shown here
Re: html checkbox and perl cgi by ruzam (Curate) on Jan 19, 2014 at 00:33 UTC
`$db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST, Homolog_Table HT,sno_Homologs SH,Organism O WHERE ST.sno_id=SH.sno_id AND SH.homolog_id=HT.homolog_id AND HT.org_i d=O.org_id and (ST.family=$family) and O.organism='$TB'";` You have just passed $family and $TB directly into an SQL statement as entered into a web page by an untrusted random stranger with no validation what so ever. That will not end well (http://www.bobby-tables.com/). Use place holders to protect your queries from SQL injections `$db_query = "SELECT ST.sno_name,HT.homolog_name FROM sno_Table ST, Hom +olog_Table HT,sno_Homologs SH,Organism O WHERE ST.sno_id=SH.sno_id AN +D SH.homolog_id=HT.homolog_id AND HT.org_i d=O.org_id and (ST.family= +?) and O.organism=?"; ... $sth->execute($family, $TB);` [download]	[reply] [d/l] [select]


Pathologically Eclectic Rubbish Lister
	PerlMonks