Databases
StackOverflow2013
Postsdbo
PO
Body
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PO
    text
    copied!<p>You're after the <a href="http://tcllib.sourceforge.net/doc/ncgi.html" rel="nofollow noreferrer">ncgi package</a> (in Tcllib), which you can use to decode the values in the form and extract them into variables. To do this, you'd have a webpage with a form like this:</p> <pre><code>&lt;form method="POST" action="/cgi-bin/addTransaction.tcl"&gt; &lt;li&gt;Transaction Number: &lt;input type="text" name="tnumber"&gt; &lt;li&gt;Employee Name: &lt;input type="text" name="ename"&gt; &lt;li&gt;&lt;input type="submit" value="Add"&gt; &lt;/form&gt; </code></pre> <p>(I'll not go into much more depth with the details of writing a form on a webpage.)</p> <p>Then, in your program (<code>addTransaction.tcl</code>) you do something like this:</p> <pre><code>package require ncgi package require sqlite3 ncgi::parse set xact [ncgi::value "tnumber"] set name [ncgi::value "ename"] sqlite3 db $::env(ROOT)/database.db db eval {INSERT INTO trans VALUES ($xact, $name)} db close </code></pre> <p>Note that I've changed the names of the variables to be different from the ones in the webform. This is to show that they <em>do not need to be the same</em>. A few other things to note are that you can make the transaction number field optional (supply a default via the second optional argument to <code>ncgi::value</code>) and it might also be better to do generation of transaction ids in the database (but that's another separate question; I've focussed in this answer on how to couple from the web into SQLite).</p> <p>Of more interest is the fact that the above code is free of SQL injection attacks. However, whenever you come to taking the contents of the database and sending it back out to the web, you'll need to be careful again or you'll leave open XSS attacks. That's when the <a href="http://tcllib.sourceforge.net/doc/html.html" rel="nofollow noreferrer">html package</a> (Tcllib again) is useful, since it lets you generate correct hazard-free output with minimal effort. But that's another question...</p>
 

Querying!

 
Guidance
An individual column

Larger individual text columns get their own page to allow for proper reading.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload