Moritz Sinn > HTML-FormEngine-DBSQL-1.01 > HTML::FormEngine::DBSQL::SkinClassic

Download:
HTML-FormEngine-DBSQL-1.01.tar.gz

Dependencies

Annotate this POD

CPAN RT

New  3
Open  0
View/Report Bugs
Source  

NAME ^

HTML::FormEngine::DBSQL::SkinClassic - the standard FormEngine::DBSQL skin

ABOUT ^

This is the default skin of FormEngine::DBSQL. It is based on the skin class HTML::FormEngine::SkinClassic.

Please read its source code for more ;)

METHODS ^

set_dbsql_secret ( SECRET )

If you want to update records, you can use the dbsql_update method of HTML::FormEngine::DBSQL That method uses the given values of the primary key to create where conditions, so that the right records are updated. The weak point is, that someone could corrupt the input data, so that the primary key values are changed and the wrong records are updated. To prevent this, for every record a extra hidden field is created which contains the md5 sum of the primary key concatenated with a secret string. So it is recognized if a primary key value was changed (because the newly created md5 sum won't match the submitted md5 sum).

With this method you can set the secret string. By default it is set to NULL, which means that calling dbsql_conf will raise an error. For security reason an update isn't allowed without a secret string, except you pass false (0) to the dbsql_set_hide_pkey method of HTML::FormEngine::DBSQL, which will allow changing the primary key and so no secret string will be needed.

Another possibilty is changing the value of dbsql_secret in the _init_child method of this package. By that you would set a valid default secret string. But be careful, someone might just edit SkinClassic.pm and so get the secret string, whereas using diffrent keys in your scripts is much more secure.

It is recommended that you set the read permissions of scripts which define secret keys as restrictive as possible. For cgi scripts this means, that only the webserver user (mostly nobody or www-data) must be able to read them.

get_dbsql_dthandler ( NAME )

Returns a reference on the datatype handler with the given name. If name is not given a hash reference with all datatype handlers is returned.

set_dbsql_dthandler ( HASHREF )

Expects a hash reference with the handler names as keys and the referenced handler functions as elements. It overwrites the current dthandler settings completly, its not recommended to use this method.

alter_dbsql_dthandler ( HASHREF )

Expects a hash reference like "set_dbsql_dthandler ( HASHREF )" but instead of overwriting all settings it just updates the settings.

syntax highlighting: