Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2009
    Posts
    1

    Unanswered: Problems using Perl DBI to edit database entries - basic stuff

    Hello. I am taking a Perl class in college and we've briefly covered SQL and moved on. We have a term project and we can do whatever we want. My project will rely strongly on an SQL Database so I am trying to learn as much about Perl DBI as I can to get things up and going.

    I am basically making CGI scripts that take user input from forms and then put that into database tables so I will need to be able to search, edit, insert and delete data entries. I am essentially having trouble getting on my feet with how to manipulate data in my database.

    My instructor set up a database for me which I can access and edit but I am already having trouble with my script. I am hoping that someone can help me figure out what things I need to include in my code to get this working.

    So far, I have a CGI script that takes a few fields of form data from a webpage: username, email, and password. I am attempting to put this into an SQL table called "user_accounts" and this table has three colomns named "username", "password", and "email".

    Here is my Perl code with the DBI code in there to access the database:
    Code:
    #!/usr/local/bin/perl
    use CGI qw(:standard);
    use CGI::Carp qw(fatalsToBrowser);
    
    print header;
    print start_html;
    use DBI;
    
    #FROM FORM
    $NewUserName=param('NewUserName');
    $NewEmail=param('NewEmail');
    $Password=param('Password');
    $CryptPassword=crypt("$Password","CS");
    
    #SQL CODE
    
    $dbh = DBI->connect("DBI:mysql:daveDB","dave","pass412");
    $sth = $dbh->prepare($sql);
    $res = $sth->execute();
    $dbh = ("INSERT INTO user_accounts (username, email, password)
    VALUES ($NewUserName, $NewEmail, $CryptPassword)");
    $sth->finish();
    $dbh->disconnect();
    
    print end_html;
    When I run this, I get this error message: "Can't locate object method "disconnect" via package "INSERT INTO user_accounts (username, email, password)"

    I have googled this error message and I have edited my code a little here and there and gotten a few different errors which I do not fully understand or know how to fix. I have read over the pages of my textbook that cover DBI and I have looked at Oreilly's Perl DBI book and I have googled countless times and I just cant figure out how to simply make some lines of code that access and edit my SQL database. I really need some help so I can get things functioning for my project as I am going to eventually run out of time.

    Any help is very appreciated
    Dave247

  2. #2
    Join Date
    Oct 2002
    Location
    Baghdad, Iraq
    Posts
    697
    Ah, the perils of copy and paste coding.

    Putting use warnings at the top of your file might help. (Not sure how it interacts with CGI::Carp, though. Debuggering CGIs always sucks.)

    Let's go over what your code is actually doing, and it should be clear where the problem is. (Clear as mud still counts.)

    Code:
    print header;
    print start_html;
    "header" and "start_html" are subs defined in the CGI module. The header sub returns the headers that a CGI passes to a web browser. The start_html sub just returns "<html>", indicating an html document.

    Code:
    $sth = $dbh->prepare($sql);
    $res = $sth->execute();
    Okay... you're telling the database handle $dbh to prepare a SQL statement stored in the variable $sql, and the result is a statement handle which you assign to $sth. Is something missing here?

    You then executed the prepared statement and the result has been stored in $res.

    Code:
    $dbh = ("INSERT INTO user_accounts (username, email, password)
    VALUES ($NewUserName, $NewEmail, $CryptPassword)");
    Here you are combining some values to create a string. The parens aren't necessary, incidentally. The resulting string is going to be something like:

    Code:
    INSERT INTO user_accounts (username, email, password) VALUES (bob, bob@foo.com, ow34if)
    SQL injection is bad, mmkay. Use placeholders, mmkay.

    Here are the docs on placeholders. It can be tricky, but if you don't use placeholders any idiot can run arbitrary code on your system. If you have a variable number of values to splice in, use the $dbh->quote() function.

    You've now assigned that string to your variable $dbh.

    Code:
    $sth->finish();
    $dbh->disconnect();
    Now you've called finish on your statement handle. What did that accomplish? Read the docs to find out. You then tried to call disconnect on your malformed SQL string, which is where you ran into the error.

    Handy links: the docs for DBI and for the MySQL driver.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •