#!/usr/bin/perl -wT # This is insert-article.pl, a CGI program # written in Perl that expects to be invoked from # the form in Listing 7. It inserts a new # file/date pair into the database. use strict; use diagnostics; use vars qw($query $dbh $docname $year $month $day $sql $sth); use CGI; use DBI; # Create an instance of CGI $query = new CGI; # Grab the filename and date $docname = $query->param("docname"); $year = $query->param("year"); $month = $query->param("month"); $day = $query->param("day"); # Give a warning if the filename was not entered # (We don't have to worry about the date, since the # defaults are a legitimate date of January 1, 1998) if (!$docname) { print $query->header("text/html"); print $query->start_html(-title => "No filename!"); print "<P>You forgot to enter a filename. Please try again.</P>\n"; print $query->end_html; exit; } # Get a handle to the insecure "test" database # (Good for explanations, but bad for production # code) $dbh = DBI->connect("DBI:mysql:test"); # Set the SQL $sql = "INSERT INTO Articles (filename,date) "; $sql .= "VALUES (\"$docname\", \"$year-$month-$day\")"; # Send the SQL $sth = $dbh->do($sql); # Check for errors &log_and_die("Error: " . $sth->errstr) unless $sth; # Indicate success to the user print $query->start_html(-title => :w "Added filename"); print "<P>Successfully added (SQL = \"$sql\")</P>\n"; print $query->end_html;