I'm trying to write a CGI script as part of a web technology programme I am undertaking. There's a challenge with getting form data to concatenate into my SQL strings to populate my database which is in Postgre.
This is my HTML form:
<form action="review_input.cgi" method="post">
<input type="hidden" id="cdid" name="cdid" value="1" />
<label for="review">Rate from 1 to 5:</label>
<select name="review" class="review">
<option value="1"selected="selected">1- Don't bother</option>
<option value="2">2- Borrow from a friend</option>
<option value="3">3- Worth the money</option>
<option value="4">4- Wonderful</option>
<option value="5">5- Instant classic</option>
</select>
<label for="comment" >Comment:</label>
<br />
<textarea name="comment" wrap="soft"></textarea>
<input type="submit" value="Submit" class="button" />
</form>
These are relevant snippets from C++ source for review_input.cgi. All required libraries that we have learned to date are loading. If they did not, I would get warnings if not outright compiling errors.
CGI_parameters request;
const int cdid = atoi(request["cdid"].c_str());
const int rating = atoi(request["review"].c_str());
const string comments = request["comment"];
connection conn ("<blah - blah - blah>");
nontransaction db (conn);
ostringstream ipt_sql;
ipt_sql << "insert into ratings "
<< "(cdid, userid, rating, comments) "
<< "values "
<< "(" << cdid <<", " << user_ID <<", " << rating <<", '" << comments << "')";
The source compiles all right but if I load the form with data and submit it, none of it transfers to the variables in the last line of the SQL statement. I receive a database error of a primary key violation for cdid is 0. I modified the program to spit out the concatenated SQL and this is what I receive:
insert into ratings (cdid, userid, rating, comments) values (0, 38, 0, '')
The second attribute of the input, userid=38, comes from a global variable I have set as part of a class. Essentially, the form data can only be processed if userid is greater than 0. That means someone is considered authenticated and logged in. If the user is not logged-in, they are directed to the log-in page.
All those other elements work. In trying to debug things, I also tried to have just the request["cdid"] and request["review"] output to the screen in an ostringstream as strings. The variable data is simply not getting to the variables and I can't see why.
Can anyone find what I am doing wrong?