I'm trying to write a CGI script as part of a web technology programme I am undertaking. There's a challenge with getting form data to concatenate into my SQL strings to populate my database which is in Postgre.
This is my HTML form:
<form action="review_input.cgi" method="post"> <input type="hidden" id="cdid" name="cdid" value="1" /> <label for="review">Rate from 1 to 5:</label> <select name="review" class="review"> <option value="1"selected="selected">1- Don't bother</option> <option value="2">2- Borrow from a friend</option> <option value="3">3- Worth the money</option> <option value="4">4- Wonderful</option> <option value="5">5- Instant classic</option> </select> <label for="comment" >Comment:</label> <br /> <textarea name="comment" wrap="soft"></textarea> <input type="submit" value="Submit" class="button" /> </form>
These are relevant snippets from C++ source for review_input.cgi. All required libraries that we have learned to date are loading. If they did not, I would get warnings if not outright compiling errors.
CGI_parameters request; const int cdid = atoi(request["cdid"].c_str()); const int rating = atoi(request["review"].c_str()); const string comments = request["comment"]; connection conn ("<blah - blah - blah>"); nontransaction db (conn); ostringstream ipt_sql; ipt_sql << "insert into ratings " << "(cdid, userid, rating, comments) " << "values " << "(" << cdid <<", " << user_ID <<", " << rating <<", '" << comments << "')";
The source compiles all right but if I load the form with data and submit it, none of it transfers to the variables in the last line of the SQL statement. I receive a database error of a primary key violation for cdid is 0. I modified the program to spit out the concatenated SQL and this is what I receive:
insert into ratings (cdid, userid, rating, comments) values (0, 38, 0, '')
The second attribute of the input, userid=38, comes from a global variable I have set as part of a class. Essentially, the form data can only be processed if userid is greater than 0. That means someone is considered authenticated and logged in. If the user is not logged-in, they are directed to the log-in page.
All those other elements work. In trying to debug things, I also tried to have just the request["cdid"] and request["review"] output to the screen in an ostringstream as strings. The variable data is simply not getting to the variables and I can't see why.
Can anyone find what I am doing wrong?