Re: Code Review Needed!
At the suggestion of a few people I've converted the program into text files to make things easier for reviewers. Here are the four files: http://www.redsquirreldesign.com/soapbox/Soapbox.pm.txt http://www.redsquirreldesign.com/soapbox/main.txt http://www.redsquirreldesign.com/soapbox/soap.txt http://www.redsquirreldesign.com/soapbox/soapbox.conf.txt I am particularly interested in feedback about: Any common newbie blunders you may find Security issues Specific areas where the code could be more efficient A critique on my use of object-oriented Perl The feedback I have received thus far has been very helpful. It's been a learning experience...particularly about taint checking! Thanks, --Dave --- dave hoover <[EMAIL PROTECTED]> wrote: > I would greatly appreciate ANY feedback anyone could > provide. The following page will provide details and > a > link to download the tarball. > > http://www.redsquirreldesign.com/soapbox > > TIA > > > = > Dave Hoover > "Twice blessed is help unlooked for." --Tolkien > http://www.redsquirreldesign.com/dave __ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail http://personal.mail.yahoo.com/
Re: the phantom file handle
Francesco Scaglioni <[EMAIL PROTECTED]> said something to this effect on 06/29/2001: > Hi > > And thanks again. > > Can anyone suggest why the following gives me an error of: > > 'no comma allowed after filehandle at /cgi-bin/filename line 13' > > Line 13 is the print header, start_html( etc etc one You need to import ':standard,' not 'standard', from CGI. Perl is interpreting 'header' as a filehandle since it doesn't know about the function called header. use CGI qw(standard); needs to become use CGI qw(:standard); (darren) -- The three most dangerous things are a programmer with a soldering iron, a manager who codes, and a user who gets ideas.
Re: Uploading files in binary
I'll try that. Thanks. Adam Carson MIS Department Berkeley County, SC >>> "Brett W. McCoy" <[EMAIL PROTECTED]> 06/29/01 03:49PM >>> On Fri, 29 Jun 2001, Adam Carson wrote: > Does anyone have any advice for me? I am trying to load an MS Access > Database onto a server on my local intranet, but it needs to be > uploaded in binary instead of ASCII.This isn't exactly a Perl problem, > but Perl might have a solution. Why can't you use ftp in binary mode? -- Brett http://www.chapelperilous.net/btfwk/ Anyone can make an omelet with eggs. The trick is to make one with none.
Re: Uploading files in binary
On Fri, 29 Jun 2001, Adam Carson wrote: > Does anyone have any advice for me? I am trying to load an MS Access > Database onto a server on my local intranet, but it needs to be > uploaded in binary instead of ASCII.This isn't exactly a Perl problem, > but Perl might have a solution. Why can't you use ftp in binary mode? -- Brett http://www.chapelperilous.net/btfwk/ Anyone can make an omelet with eggs. The trick is to make one with none.
Uploading files in binary
Does anyone have any advice for me? I am trying to load an MS Access Database onto a server on my local intranet, but it needs to be uploaded in binary instead of ASCII.This isn't exactly a Perl problem, but Perl might have a solution. Adam Carson MIS Department Berkeley County, SC
Re: Strange Behavior
Hello James,
Friday, June 29, 2001, James Kelty <[EMAIL PROTECTED]> wrote:
JK> I was wondering if someone could help me with the following code bit. It
JK> is acting strangely.
JK> if($ARGV[0] =~ m/^-l$|^-list$/i) {
JK> print "What ports? (Press return after each port and CRTL-D when done.)";
JK> chomp(@getem = <>);
you mean, 'chomp(@getem = );' ?
JK> print "Who do you wanna hit, Homie? ";
JK> chomp($peer = <>);
JK> foreach $item (@getem) {
JK> &pointscan($item);
JK> }
JK> }
JK> else{
JK> print "$ARGV[0] bad flag. \"-l|-list\" only good option\n";
JK> exit(0);
JK> }
JK> I am trying to take "-l" or "-list" as a command line argument, but it
JK> bombs out with this error when run.
JK> james@warbaby:~/perl > ./sinner.pl -l
JK> What ports? (Press return after each port and CRTL-D when done.)
JK> Can't open -l: No such file or directory
JK> Who do you wanna hit, Homie?
perldoc perlop
The null filehandle <> is special: it can be used to emu-
late the behavior of sed and awk. Input from <> comes
either from standard input, or from each file listed on
the command line. Here's how it works: the first time <>
is evaluated, the @ARGV array is checked, and if it is
empty, "$ARGV[0]" is set to "-", which when opened gives
you standard input. The @ARGV array is then processed as
a list of filenames.
...
Best wishes,
Maximmailto:[EMAIL PROTECTED]
Re: Strange Behavior
On Fri, 29 Jun 2001, James Kelty wrote: > I am trying to take "-l" or "-list" as a command line argument, but it > bombs out with this error when run. Perl, by default, will treat a command-line option as a file, so you also need to make sure you shift it off the @ARGV array if you are going to use it directly. In fact, the first thing you should do is shift out the @ARGV elements you want to use instead of using @ARGV elements directly, which you are doing. Better yet, take a look at Getopts::Std or Getopts::Long for a very clean way of using command-line switches. -- Brett http://www.chapelperilous.net/btfwk/ Some men feel that the only thing they owe the woman who marries them is a grudge. -- Helen Rowland
RE: hidden field value not getting set
Thank you for the info ...
"-override=>1" did what you stated ...
I tried using CGI qw(-nosticky) ... but it doesn't seem to do it ...
Am I stating this pragma incorrectly ?
Are all "named" parameters "sticky" for each invocation of a "-name=>"
parameter ?
I guess I'm not understanding "what/how much" is being "sticky" ...
Can anyone expand on this ?
-Original Message-
From: Howdy! [mailto:[EMAIL PROTECTED]]
Sent: June 28, 2001 22:13
To: Moon, John
Subject: Re: hidden field value not getting set
- Original Message -
From: "Moon, John [EMAIL PROTECTED] X"
Subject: hidden field value not getting set
> Below is code to generate one or two forms...
> When both forms are generated the "hidden" value for the second form is
not
> getting replaced with the "correct" value...
>
> Does anyone see a problem with this code ?
> foreach (sort keys %buttons) {
> $row .= $q->td({-align=>'CENTER',-colspan=>"$span"},
> $q->start_form(-name=>"$buttons{$_}[2]"),
> $q->submit(-name=>"$buttons{$_}[1]"),"\n",
> $q->hidden(-name=>'ACCT',
> -value=>"$REQUEST{ACCT}"),"\n",
> $q->hidden(-name=>'CUST_ID',
> -value=>"$REQUEST{CUST_ID}"),"\n",
> $q->hidden(-name=>'TITLE',
> -value=>"$REQUEST{TITLE}"),"\n",
> $q->hidden(-name=>'ACTIVE',
> -value=>"$REQUEST{ACTIVE}"),"\n",
> $q->hidden(-name=>'START',
> -value=>"$buttons{$_}[0]"),"\n", # < Problem ?
> $q->hidden(-name=>'END',
> -value=>"$REQUEST{END}"),"\n",
> $q->hidden(-name=>'INITIAL',
> -value=>'NO'),"\n",
> '');
> }
CGI.pm's form parameters are STICKY. To override them add '-override=1' to
each call to $q->hidden or other types of parameters.
Joel
Strange Behavior
I was wondering if someone could help me with the following code bit. It
is acting strangely.
if($ARGV[0] =~ m/^-l$|^-list$/i) {
print "What ports? (Press return after each port and CRTL-D when
done.)";
chomp(@getem = <>);
print "Who do you wanna hit, Homie? ";
chomp($peer = <>);
foreach $item (@getem) {
&pointscan($item);
}
}
else{
print "$ARGV[0] bad flag. \"-l|-list\" only good option\n";
exit(0);
}
I am trying to take "-l" or "-list" as a command line argument, but it
bombs out with this error when run.
james@warbaby:~/perl > ./sinner.pl -l
What ports? (Press return after each port and CRTL-D when done.)
Can't open -l: No such file or directory
Who do you wanna hit, Homie?
I understand that the @ARGV array if for processing files added on the
command
line, but I thought that you could use it to process flags as well. I
mean, I have before, I've looked over some of my older code, and I just
can't see what I am doing differently, or incorrectly.
All help is very much appreciated. Thank you!
-James
--
--
James Kelty
Sr. Unix Systems Administrator
The Ashland Agency
[EMAIL PROTECTED]
re filehandle
please ignore my dumbass previous post - I was looking in the wrong place. THe error lies in the missing : in the use cgi line Aplogies but have been looking at this for 30 minutes Francesco
Re: the phantom file handle
On Fri, Jun 29, 2001 at 03:45:32PM +0100, Francesco Scaglioni wrote:
: Hi
:
: And thanks again.
:
: Can anyone suggest why the following gives me an error of:
:
: 'no comma allowed after filehandle at /cgi-bin/filename line 13'
:
: Line 13 is the print header, start_html( etc etc one
That is actually a byproduct from the following error:
: #!/usr/bin/perl -w
: #
: # test script to query an mysql database via cgi and web interface
: # developed as standalone and now for conversion to run as cgi
: # - in hashes at the bottom is the functionning standalone version
: #
: use strict;
: use DBI;
: use CGI qw(standard);
Should be:
use CGI qw(:standard);
: my ($sql, $dbh, $sth, $field1, $value1, $field2, $value2, @rows, $counter, $q);
:
: print header, start_html("test_query"), h1("test_query");
:
: print p("If you want to query the database please fill in the form
: below and press the Query button"), print hr();
:
: $q = CGI -> new();
: if (param()) {
: $field1 = param ("field1");
: $value1 = param ("value1");
: $field2 = param ("field2");
: $value2 = param ("value2");
:
: print h2("OK so far");
:
: $dbh = DBI -> connect ("DBI:mysql:ami","fgs") || die $DBI::errstr;
: $sql = qq{SELECT * FROM testami WHERE $field1 = '$value1' and $field2 = '$value2'};
: $sth = $dbh -> prepare($sql);
: $sth -> execute();
:
: $counter = 0;
:
: while (@rows = $sth -> fetchrow_array()) {
: $counter++;
: $dbh -> disconnect();
: }
: print p("The toal number of matches was \$counter");
: }
: else {
: print hr();
: print start_form();
: print p("What is the first field ? : ", textfield ("field1"));
: print p("WHat is value for field one ? : ", textfield ("value1"));
: print p("What is name of field2 ? : ", textfield("field2"));
: print p("What is value for field2 ? : ", testfield("value2"));
: print p(submit("Query"), reset("Clear"));
: print end_form(), hr();
: }
:
: print end_html();
:
:
: #!/usr/bin/perl -w
: #
: #use strict;
: #use DBI;
: #my ($sql, $dbh, $sth, $field1, $value1, $field2, $value2, @rows, $counter);
: #
: #print "Enter the first fieldname (field1) : "; chomp ($field1 = <>);
: #print "enter the value for field one (value1) : "; chomp ($value1 = <>);
: #print "Enter the second fieldname (field2) : "; chomp ($field2 = <>);
: #print "enter the value for field two (value2) : "; chomp ($value2 = <>);
:
: #$dbh = DBI -> connect ("DBI:mysql:ami","fgs") || die $DBI::errstr;
: #$sql = qq{SELECT * FROM testami WHERE $field1 = '$value1' and $field2 = '$value2'};
: #$sth = $dbh -> prepare($sql);
: #$sth -> execute();
: #$counter = 0;
: #while (@rows = $sth -> fetchrow_array()) {
: #$counter++;
: #print "@rows\n";
: #};
: #print "Number of records = $counter\n\n";
: #$dbh -> disconnect;
:
Casey West
--
Shooting yourself in the foot with Prolog
You attempt to shoot yourself in the foot, but the bullet, failing to
find its mark, backtracks to the gun, which then explodes in your
face.
the phantom file handle
Hi
And thanks again.
Can anyone suggest why the following gives me an error of:
'no comma allowed after filehandle at /cgi-bin/filename line 13'
Line 13 is the print header, start_html( etc etc one
A script which begins in exactly the same way does not do this (and
alos runs fine).
#!/usr/bin/perl -w
#
# test script to query an mysql database via cgi and web interface
# developed as standalone and now for conversion to run as cgi
# - in hashes at the bottom is the functionning standalone version
#
use strict;
use DBI;
use CGI qw(standard);
my ($sql, $dbh, $sth, $field1, $value1, $field2, $value2, @rows, $counter, $q);
print header, start_html("test_query"), h1("test_query");
print p("If you want to query the database please fill in the form
below and press the Query button"), print hr();
$q = CGI -> new();
if (param()) {
$field1 = param ("field1");
$value1 = param ("value1");
$field2 = param ("field2");
$value2 = param ("value2");
print h2("OK so far");
$dbh = DBI -> connect ("DBI:mysql:ami","fgs") || die $DBI::errstr;
$sql = qq{SELECT * FROM testami WHERE $field1 = '$value1' and $field2 = '$value2'};
$sth = $dbh -> prepare($sql);
$sth -> execute();
$counter = 0;
while (@rows = $sth -> fetchrow_array()) {
$counter++;
$dbh -> disconnect();
}
print p("The toal number of matches was \$counter");
}
else {
print hr();
print start_form();
print p("What is the first field ? : ", textfield ("field1"));
print p("WHat is value for field one ? : ", textfield ("value1"));
print p("What is name of field2 ? : ", textfield("field2"));
print p("What is value for field2 ? : ", testfield("value2"));
print p(submit("Query"), reset("Clear"));
print end_form(), hr();
}
print end_html();
#!/usr/bin/perl -w
#
#use strict;
#use DBI;
#my ($sql, $dbh, $sth, $field1, $value1, $field2, $value2, @rows, $counter);
#
#print "Enter the first fieldname (field1) : "; chomp ($field1 = <>);
#print "enter the value for field one (value1) : "; chomp ($value1 = <>);
#print "Enter the second fieldname (field2) : "; chomp ($field2 = <>);
#print "enter the value for field two (value2) : "; chomp ($value2 = <>);
#$dbh = DBI -> connect ("DBI:mysql:ami","fgs") || die $DBI::errstr;
#$sql = qq{SELECT * FROM testami WHERE $field1 = '$value1' and $field2 = '$value2'};
#$sth = $dbh -> prepare($sql);
#$sth -> execute();
#$counter = 0;
#while (@rows = $sth -> fetchrow_array()) {
#$counter++;
#print "@rows\n";
#};
#print "Number of records = $counter\n\n";
#$dbh -> disconnect;
RE: CSS in Perl
> The ASP and HTML pages on the site use CSS, and I need to > include the same > styles on the page that returns the search results, to give the site > consistency. Does anyone know of a way this can be > accomplished, apart from > rewriting the entire CSS in Perl, which is beyond my capabilities? you don't need to rewrite the style sheet, only apply existing tags from the sheet that you will be using to appropriate elements in the page(s) you create. since you are creating the pages in Perl yourself, you can put the tags anywhere you want as a part of the creation process. just be sure to include the CSS attachment line in your created page. hth Al Hospers CamberSoft, Inc. alcambersoftcom http://www.cambersoft.com A famous linguist once said: "There is no language wherein a double positive can form a negative." YEAH, RIGHT
CSS in Perl
Hi I'm in the process of developing an intranet which includes a site search engine. Having downloaded Perl scripts from the internet, I am now tweaking those scripts to fit in with the rest of the site. I have the initial search box embedded in an ASP page which on submission calls the Perl script in the cgi-bin. This script writes the html and displays the results. The ASP and HTML pages on the site use CSS, and I need to include the same styles on the page that returns the search results, to give the site consistency. Does anyone know of a way this can be accomplished, apart from rewriting the entire CSS in Perl, which is beyond my capabilities? Thanks Doug German [EMAIL PROTECTED]
Re: DBI with SQL question
In your script, you'll have to use a function to only pull out the time. I'm only familiar with MySQL, but I've done this many times. You can find information on Date and Time functions for here - http://www.mysql.com/doc/D/a/Date_and_time_functions.html Kolene Joe Santiago wrote: > I have a perl script using a do to insert stuff into a database. The only > problem that I am having is entering a time into a DATETIME datatype field. > When I enter it manually using the manager gui I can enter something like > '9:00 AM' but when I use my script it always enters the value as '01/01/2001 > 9:00 AM'. It adds that date. Any help would be appreciated. I do not have a > snippet of the code until I make it to work but I was wondering if anyone > was familiar with the DATETIME datatype for SQL server 7. Thanks.
DBI with SQL question
I have a perl script using a do to insert stuff into a database. The only problem that I am having is entering a time into a DATETIME datatype field. When I enter it manually using the manager gui I can enter something like '9:00 AM' but when I use my script it always enters the value as '01/01/2001 9:00 AM'. It adds that date. Any help would be appreciated. I do not have a snippet of the code until I make it to work but I was wondering if anyone was familiar with the DATETIME datatype for SQL server 7. Thanks.
RE: Some Advice plz :))
You are rude! dive the guy a break man! -Original Message- From: Pierre Smolarek [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 27, 2001 10:24 PM To: RDWest Sr.; [EMAIL PROTECTED] Subject: Re: Some Advice plz :)) e. you want us to do your work for you? /me points out that amazon has a large selection of very good perl books. - Original Message - From: "RDWest Sr." <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 27, 2001 3:11 PM Subject: Some Advice plz :)) hi yall, yup, i'm an old country boy... loli'm strugling here to learn perl on my own and with help from(maybe yall)lol so plz bare with me... i need some advice on an issue here... i'm creating, well trying to create, a ranking system for my online pals... i've accomplished user signup, print info to flatfile database... send confirmation of account and a search for lost userid and pwd... now, i got to thinking... if say a user wants to update their info( change pwd, name, etc...)i'm just completely lost here... does anyone have a good explanation or some code snippets i can look at? tx again RD Sr. _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
