Re: database execute status

2002-08-30 Thread Wiggins d'Anconia 

 From > perldoc DBI

  $rc  = $h->err;
  $str = $h->errstr;
  $rv  = $h->state;

You should look at the docs for DBI, error handling is described in 
detail. That should get you started

http://danconia.org



aman cgiperl wrote:
> Hi All
> Is there a way to check the status of $sth->execute; to check if it successfully 
>executed.
> Also if I pass on a query to a mysql database using perl's DBI, and suppose it runs 
>into error, how can I capture that error.
> Thank you
> Aman
> 



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

update.cgi

2002-08-30 Thread Jimmy George 

Hello Steve

I have lousy success with the $q cgi system as well. I will watch the
replies for all the good ideas.

Good luck mate

JimmyG

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: encryption

2002-08-30 Thread Wiggins d'Anconia 



zentara wrote:
> On Fri, 30 Aug 2002 10:32:27 +1000, [EMAIL PROTECTED] (Jimmy
> George) wrote:
> 
> 
>>Is there any way of encrypting a credit card number etc. so that it can
>>not be seen when being transmitted from desktop to server? The user
>>needs to see what they type to make sure it is correct - so how do we
>>get cgi to encrypt that at the user end before transmission.
> 



> You can make your own "self-certified certificate", but it
> is not trusted, because no "external authority" like Verisign
> has "endorsed" you as being trustworthy. What is to stop
> people from setting up phony stores with a "self-certified
> certificates", just to collect credit card numbers? The Verisign
> people, and their competitors, investigate your legitimacy, then
> they give you a "signed certificate" to use in your web server.





With the exception of micro$oft internet explorer which still doesn't 
handle this correctly, which is what all the news has been about lately.



use Mozilla;

(Had to get that out of my system, carry on)

http://danconia.org


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

database execute status

2002-08-30 Thread aman cgiperl 

Hi All
Is there a way to check the status of $sth->execute; to check if it successfully 
executed.
Also if I pass on a query to a mysql database using perl's DBI, and suppose it runs 
into error, how can I capture that error.
Thank you
Aman

Re: database connection problem

2002-08-30 Thread Felix Geerinckx 

on Fri, 30 Aug 2002 16:46:08 GMT, Aman Cgiperl wrote:

> 12  my $dth = DBI->connect("DBI:mysql:db_name","user","pass");
> 26  my $sth_check = dth->prepare("SELECT * FROM mytab WHERE
 ^

Try 

$dth->prepare(...);
^

-- 
felix

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

RE: database connection problem

2002-08-30 Thread Greg Smith 

Try adding the hostname of the MySQL to your connect string.

my $dth =
DBI->connect("DBI:mysql:database=db_name;host=hostname","user","pass");

Greg


> -Original Message-
> From: aman cgiperl [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 30, 2002 10:46 AM
> To: [EMAIL PROTECTED]
> Subject: database connection problem
>
>
> Hello everyone
> I am doing the following
>
> -
>  1  #!/usr/bin/perl
>  2
>  3  use strict;
>  4  use CGI qw(:standard);
>  5  use CGI::Carp qw(fatalsToBrowser);
>  6  use DBI;
>  7
>  8  print header;
>  9  print start_html();
> 10 $s = 'aman';
>
> 12  my $dth = DBI->connect("DBI:mysql:db_name","user","pass");
> 26  my $sth_check = dth->prepare("SELECT * FROM mytab WHERE s='$s'");
> 28  sth_check->execute;
> 41  $dth->disconnect;
>
> 137  print end_html;
>
> ---
> I am getting the following output. What could be wrong ???
> --
> Content-type: text/html
> Software error:
> Can't locate object method "prepare" via package "dth" (perhaps
> you forgot to load "dth"?) at /home/somesite/cgi-bin/script line 26.
>
> For help, please send mail to the webmaster
> ([EMAIL PROTECTED]), giving this error message and the time
> and date of the error.
>
>


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

database connection problem

2002-08-30 Thread aman cgiperl 

Hello everyone
I am doing the following

-
 1  #!/usr/bin/perl
 2
 3  use strict;
 4  use CGI qw(:standard);
 5  use CGI::Carp qw(fatalsToBrowser);
 6  use DBI;
 7
 8  print header;
 9  print start_html();
10 $s = 'aman';

12  my $dth = DBI->connect("DBI:mysql:db_name","user","pass");
26  my $sth_check = dth->prepare("SELECT * FROM mytab WHERE s='$s'");
28  sth_check->execute;
41  $dth->disconnect;

137  print end_html;

---
I am getting the following output. What could be wrong ???
--
Content-type: text/html 
Software error:
Can't locate object method "prepare" via package "dth" (perhaps you forgot to load 
"dth"?) at /home/somesite/cgi-bin/script line 26.

For help, please send mail to the webmaster ([EMAIL PROTECTED]), giving this 
error message and the time and date of the error.

RE: Redirect and cookies

2002-08-30 Thread Bob Showalter 

> -Original Message-
> From: Alex Agerholm [mailto:[EMAIL PROTECTED]]
> Sent: Friday, August 30, 2002 5:01 AM
> To: [EMAIL PROTECTED]
> Subject: Redirect and cookies
> 
> 
> Hi all,
> 
> I have a problem with redirect.
> I have made a login system and when the user has logged in 
> correctly I set a
> cookie and redirects the user to the first page.
> But on all pages (including the first one) I make a check to 
> see if the user
> is logged in based on the cookie.
> 
> When I redirect from the login page to the first page I 
> therefore need to
> give the cookie along like:  redirect( -uri=>xxx.cgi, 
> -cookie=>$cookie);
> BUT IT DOES NOT WORK - my xxx.cgi script does not get the cookie.
> What can I do to fix this ?

Try using a "full" URL, e.g. -url => http://myserver/cgi-bin/xxx.cgi

The "relative" URL may be triggering an internal redirect, which would not
pass the cookie.

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Error: requires explicit package name

2002-08-30 Thread t 

Felix

Thanks! That was just what i needed:)

thia


--- Felix Geerinckx <[EMAIL PROTECTED]> wrote:
> on Fri, 30 Aug 2002 13:58:47 GMT, [EMAIL PROTECTED] (T) wrote:
> 
> >  "Global symbol "$auto" requires explicit package name"
> 
> [...]
>  
> >  if ($Country eq "Argentina")
> >  {my $auto = $q->param( '[EMAIL PROTECTED]' ); 
> >  }
> > and
> >  if ($Country eq "Argentina")
> >  {$auto = $q->param( '[EMAIL PROTECTED]' ); 
> >  }
> > 
> 
> A lexical my declaration is only visible in the enclosing block.
> 
> You should write:
> 
> my $auto;
> if ($Country eq "Argentina") {
> $auto = $q->param( '[EMAIL PROTECTED]' );
> }
> 
> See M-J. Dominus' "Coping with Scoping" article for an excellent 
> introduction to scoping at
> 
>   
> 
> -- 
> felix
> 
> -- 
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
> 


__
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: sorting arrays of arrays

2002-08-30 Thread Felix Geerinckx 

on Fri, 30 Aug 2002 14:29:40 GMT, [EMAIL PROTECTED] (Alex B.) wrote:

> 1. how do I assign new dynamic arrays, like @a25 if there is 25
> rows? or lets say there is 78 rows, then I don't really want to
> type "my @a00 = ();" through "my @a77 = ();" using the strict
> module... is there a way of solving that problem?

You use an array of array(refs):

my @array  = ();
$array[0]  = [  1,  2,  3];
$array[1]  = [  4,  5,  6];
#...
$array[77] = [232,233,234]; 

You can then access individual elements with the following syntax:

print $array[3][1];  # prints 11


> 2. I would like to sort the array of arrays by specifying a
> certain element of an array inside the big array.
> Lets say array00 in the big surrounding array consists of
> ("McNew", "Matthew", "[EMAIL PROTECTED]") and array01 ("Clarich",
> "Paul", "[EMAIL PROTECTED]") I'd like to reorder the arrays 00 and 01 so
> that if I sort by the last name array00[0] and array01[0], that
> array01 is infront of array00... 


my @sorted_array = sort { $a->[0] <=> $b->[0] } @array;

(You may want to use 'cmp' instead of '<=>', since you want to sort 
ASCIIbetically.)

-- 
felix

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

sorting arrays of arrays

2002-08-30 Thread Alex B. 

Hello pplz,

  I have this tiny project goin', where I scan a html-file, get all
entries from out of the table and and every single  - table row -
into an array...

well, I do have two problems:
1. how do I assign new dynamic arrays, like @a25 if there is 25 rows?
or lets say there is 78 rows, then I don't really want to type
"my @a00 = ();" through "my @a77 = ();" using the strict module...
is there a way of solving that problem?

2. I would like to sort the array of arrays by specifying a certain
element of an array inside the big array.
Lets say array00 in the big surrounding array consists of
("McNew", "Matthew", "[EMAIL PROTECTED]") and array01 ("Clarich", "Paul", "[EMAIL PROTECTED]")
I'd like to reorder the arrays 00 and 01 so that if I sort by the last
name array00[0] and array01[0], that array01 is infront of array00...

I believe you guys get the picture...

TIA


--
mfg
 Alex  mailto:[EMAIL PROTECTED]


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Error: requires explicit package name

2002-08-30 Thread Felix Geerinckx 

on Fri, 30 Aug 2002 13:58:47 GMT, [EMAIL PROTECTED] (T) wrote:

>  "Global symbol "$auto" requires explicit package name"

[...]
 
>  if ($Country eq "Argentina")
>  {my $auto = $q->param( '[EMAIL PROTECTED]' ); 
>  }
> and
>  if ($Country eq "Argentina")
>  {$auto = $q->param( '[EMAIL PROTECTED]' ); 
>  }
> 

A lexical my declaration is only visible in the enclosing block.

You should write:

my $auto;
if ($Country eq "Argentina") {
$auto = $q->param( '[EMAIL PROTECTED]' );
}

See M-J. Dominus' "Coping with Scoping" article for an excellent 
introduction to scoping at



-- 
felix

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Error: requires explicit package name

2002-08-30 Thread t 

Hello:)

i am working on a script and have come across a problem. if i call a variable from the 
preceeding
form, it works correctly, BUT, if i declare a variable within the script, then try to 
use it as
the "To:" fiels in an e-mail, it tells me that 
 "Global symbol "$auto" requires explicit package name"

i have been looking through my perl and cgi books to try to figure out what this 
means, but am
totally at a loss. 

i have declared it two different ways, and both ways it comes back with the same error:

 if ($Country eq "Argentina")
{my $auto = $q->param( '[EMAIL PROTECTED]' ); 
}
and
 if ($Country eq "Argentina")
{$auto = $q->param( '[EMAIL PROTECTED]' ); 
}

i figure i am probably missing one little thing, but i can't figure out what it is. 
Anyone got any
ideas? This is the last part of my script that i need to get working, as it will be a 
huge
if/elsif statement that i will end up putting into a module.

thanks:)

thia

__
Do You Yahoo!?
Yahoo! Finance - Get real-time stock quotes
http://finance.yahoo.com

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Redirect and cookies

2002-08-30 Thread zentara 

On Fri, 30 Aug 2002 11:01:08 +0200, [EMAIL PROTECTED] (Alex Agerholm)
wrote:

>Hi all,
>
>I have a problem with redirect.
>I have made a login system and when the user has logged in correctly I set a
>cookie and redirects the user to the first page.
>But on all pages (including the first one) I make a check to see if the user
>is logged in based on the cookie.
>
>When I redirect from the login page to the first page I therefore need to
>give the cookie along like:  redirect( -uri=>xxx.cgi, -cookie=>$cookie);
>BUT IT DOES NOT WORK - my xxx.cgi script does not get the cookie.
>What can I do to fix this ?

Have you checked that the cookie is actually being set in the browser?
Then what code are you using to retreive the cookie?




-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: encryption

2002-08-30 Thread zentara 

On Fri, 30 Aug 2002 10:32:27 +1000, [EMAIL PROTECTED] (Jimmy
George) wrote:

>Is there any way of encrypting a credit card number etc. so that it can
>not be seen when being transmitted from desktop to server? The user
>needs to see what they type to make sure it is correct - so how do we
>get cgi to encrypt that at the user end before transmission.

You don't use cgi to encrypt data on the user side.  If you are
accepting credit card data, you need to be using the SSL protocol
(https instead of http), which sends everything encrypted. The user
can enter cc data in the browser, then send to a https address. None of
the cc data will be visible in the transmission.

If you notice, most online stores will switch from http to https when
you check out. Some just run https all the time.

There is a developer who is trying a method of Login Authentication
with MD5 over http for people who don't have a secure server, it's
called Javascript-LoginMD5. It works like this: When you first go
to the cgi-script, it sends out a md5 key, which is used by some
javascript in the browser to hide the password. It times out after
a time delay, like 30 seconds.
BUT this is totally inadequate for credit card data. If you try
something like that for credit cards, you could be held liable
for negligence with the data.

If you are running your own server, you need to get a 
"server-certificate" from someplace like Verisign.Then you can start
running a secure server with https on port 443.
You can make your own "self-certified certificate", but it
is not trusted, because no "external authority" like Verisign
has "endorsed" you as being trustworthy. What is to stop
people from setting up phony stores with a "self-certified
certificates", just to collect credit card numbers? The Verisign
people, and their competitors, investigate your legitimacy, then
they give you a "signed certificate" to use in your web server.

If you are running on a server from someone else, look at
their help section for "secure server" or ask the administrator.

>I have read some books about it but all we appear to be able to do is to
>encrypt the received raw number before storing it so that the file it is
>kept in cannot be opened and read. Is that the limit right now?

That is the way it is, your cgi program can only do encryptions on 
the data it has on the server.  The encryption during transmission
is handled by the "protocol used" either http on port 80, or https on
port 443.



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Application Design for User Authentication

2002-08-30 Thread doug 

I don't believe these considerations represent actual risks of
using web-server based authentication (.htaccess files).

- Once a user is authenticated, the script can still tell who they are,
  and assume roles based on that information.

- There are many scripts out there that can manage NCSA/Apache
  style BasicAuth (.htaccess/.htpasswd) files via a web page, with varying
  levels of access control.  I use .htaccess files to link the web server
  up with MySQL/Postgresql or LDAP databases, instead of having the
  passwords in a text file.  Then I'll have a web-based (or command-line
  based, or Windows desktop based) program that allows users to change
  their own information in the database.

- .htaccess files, in a basic configuration (i.e. text-file passwords) are
  really no less secure than the text of your Perl script.  The common
  misconfigurations of the web server that cause .htaccess files to be
  readable also make the perl scripts in the same directory readable.
  If you use a databasized .htaccess, then passwords aren't kept in any
  file accessible by the web server.

On 30 Aug 2002, Gfoo wrote:

>
> >
> > you have ruled out using .htaccess for some reason?
> >
> >
> > ciao
> > drieux
> >
> > ---
> >
> >
>
> I don't want to use .htaccess, because:
> - there are scripts that their actions depend on the role of the user that
> executes them. For example there is a  script all users can execute it, but
> its output is different for every user/user_id.
> - I want the users to be able to change their profile info and passwords
> from around the world, without having to log-in on a server to do that.
> - I also want to have a (web) administration console that can be used to
> manage users accounts that can be used by users without knowledge of how
> apache and .htaccess files work.
> - I think .htaccess files are a bit more "open" to be retrieved by
> individuals trying to break the system.
>
> Gfoo
>
> --
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
>


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: encryption

2002-08-30 Thread fliptop 

On Fri, 30 Aug 2002 at 10:32, Jimmy George opined:

JG:Is there any way of encrypting a credit card number etc. so that it can
JG:not be seen when being transmitted from desktop to server? The user
JG:needs to see what they type to make sure it is correct - so how do we
JG:get cgi to encrypt that at the user end before transmission.
JG:
JG:I have read some books about it but all we appear to be able to do is to
JG:encrypt the received raw number before storing it so that the file it is
JG:kept in cannot be opened and read. Is that the limit right now?
JG:
JG:Any ideas or places to look?

you could use FreezeThaw and store all the info associated with the credit
card (number, exp date, address, name, etc) as a string.

http://search.cpan.org/author/ILYAZ/FreezeThaw-0.43/FreezeThaw.pm

or, you can use one of the Crypt:: modules.

http://search.cpan.org/search?mode=all&query=encrypt


-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Redirect and cookies

2002-08-30 Thread Alex Agerholm 

Hi all,

I have a problem with redirect.
I have made a login system and when the user has logged in correctly I set a
cookie and redirects the user to the first page.
But on all pages (including the first one) I make a check to see if the user
is logged in based on the cookie.

When I redirect from the login page to the first page I therefore need to
give the cookie along like:  redirect( -uri=>xxx.cgi, -cookie=>$cookie);
BUT IT DOES NOT WORK - my xxx.cgi script does not get the cookie.
What can I do to fix this ?

Regards
Alex



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Application Design for User Authentication

2002-08-30 Thread Gfoo 


> 
> you have ruled out using .htaccess for some reason?
> 
> 
> ciao
> drieux
> 
> ---
> 
> 

I don't want to use .htaccess, because:
- there are scripts that their actions depend on the role of the user that 
executes them. For example there is a  script all users can execute it, but 
its output is different for every user/user_id.
- I want the users to be able to change their profile info and passwords 
from around the world, without having to log-in on a server to do that.
- I also want to have a (web) administration console that can be used to 
manage users accounts that can be used by users without knowledge of how 
apache and .htaccess files work.
- I think .htaccess files are a bit more "open" to be retrieved by 
individuals trying to break the system.

Gfoo

-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: SSI calls

2002-08-30 Thread Nitish Bezzala 

Try escaping the double quotes with a backslash
 print DATAFILE ("The file was recorded at ");


"Jimmy George" <[EMAIL PROTECTED]> wrote in message
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> Hello World
>
> Is the line
>
> print DATAFILE ("The file was recorded at ");
>
> a valid cgi line? All I want to do is record the time a cgi script is
> called that writes other form data to a file but the server objects to
> this line. The rest of the form goes into DATAFILE OK.
>
> Is it because of the use of double quotes twice by any chance???
>
> cheers
>
> JimmyG
>
>



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

encryption

2002-08-30 Thread Jimmy George 

Hello world

Is there any way of encrypting a credit card number etc. so that it can
not be seen when being transmitted from desktop to server? The user
needs to see what they type to make sure it is correct - so how do we
get cgi to encrypt that at the user end before transmission.

I have read some books about it but all we appear to be able to do is to
encrypt the received raw number before storing it so that the file it is
kept in cannot be opened and read. Is that the limit right now?

Any ideas or places to look?

thanks all

JimmyG



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

SSI calls

2002-08-30 Thread Jimmy George 

Hello World

Is the line

print DATAFILE ("The file was recorded at ");

a valid cgi line? All I want to do is record the time a cgi script is
called that writes other form data to a file but the server objects to
this line. The rest of the form goes into DATAFILE OK.

Is it because of the use of double quotes twice by any chance???

cheers

JimmyG



-- 
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]