RE: Safe handling of an SQL query
Vincent,
Don't make the mistake of thinking that you're not directly using DBI.
These modules provide an abstraction for creating SQL that is data driven.
They free you from the error-prone string manipulation process, and allow you
to build your queries in such a way as to be able to handle a variety of data.
For example, from the SQL::Abstract mod docs:
my $sql = SQL::Abstract-new;
my $table = 'widgets';
my($stmt, @bind) = $sql-select($table, \@fields, \%where, \@order);
Now you can use this for any table selecting any fields with or without
specifying a where clause or an order by clause.
This allows you to directly create a quick hash to represent your where clause.
So, to get a SQL statement where first_name = 'Sally', last_name starts with
S, your %where hash would look like this:
%where = (first_name = 'Sally',
Last_name = { like = 'S%'});
Which would set the $stmt variable above to
select * from widgets where first_name = ? and last_name like ?
And the @bind would be
@bind = ('Sally', 'S%')
Very helpful! Very flexible! And no more of that messy string manipulation
and escaping quotes.
Oh, and of course, the next thing you do is:
my $sth = $dbh-prepare($stmt);
$sth-execute(\@bind);
Which is where you directly use DBI.
Most all of this stuff is just an abstraction layer for creating SQL in a
data-centric way.
-Original Message-
From: Vincent Veyron [mailto:vv.li...@wanadoo.fr]
Sent: Tuesday, April 17, 2012 6:09 PM
To: Michael Ludwig
Cc: modperl@perl.apache.org
Subject: Re: Safe handling of an SQL query
Le mardi 17 avril 2012 à 20:10 +0200, Michael Ludwig a écrit :
Bonjour Vincent,
Vincent Veyron schrieb am 16.04.2012 um 22:21 (+0200):
I guess (in the message I forwarded to the list) Andreas is right,
though : the only way to be safe is to keep control of the query,
therefore keep it on the server.
I am doing this now, but passing parameters to the query becomes
cumbersome :-(
If you haven't done that already, you could take a look at the
following
three modules. While I have never used any of them I've bookmarked
them
for future opportunities …
https://metacpan.org/module/SQL::Interp
https://metacpan.org/module/SQL::Abstract
https://metacpan.org/module/DBIx::Simple
Guten Tag Michael,
I did not know about those, but what I don't see the benefit compared
to
using DBI directly, which is really concise. This is all I need to get
a
reference to a data set :
my $dbh = $r-pnotes('dbh_data');
my $sql = 'SELECT ... FROM ... WHERE X=? AND Y=?';
#collect data
eval { $data = $dbh-selectall_arrayref($sql, { Slice = {} },
( $param_x, $param_y ) ) };
where dbh_data is a reference to a dbi connection using connect_cached,
stored in pnotes.
?
--
Vincent Veyron
http://marica.fr/
Logiciel de gestion des sinistres assurances et des dossiers
contentieux pour le service juridique
___
Barclays is one of the world's leading banks, and we believe that by continuing
to integrate the organisation we can better deliver the full power of Barclays
to customers, clients and the communities in which we work.
As a visible sign of that integration we are moving to a single Barclays brand
for the majority of our divisions, including those formerly known as Barclays
Capital, Barclays Wealth and Barclays Corporate.
___
This e-mail may contain information that is confidential, privileged or
otherwise protected from
disclosure. If you are not an intended recipient of this e-mail, do not
duplicate or redistribute
it by any means. Please delete it and any attachments and notify the sender
that you have received
it in error. Unless specifically indicated, this e-mail is not an offer to buy
or sell or a
solicitation to buy or sell any securities, investment products or other
financial product or
service, an official confirmation of any transaction, or an official statement
of Barclays. Any
views or opinions presented are solely those of the author and do not
necessarily represent those
of Barclays. This e-mail is subject to terms available at the following link:
www.barcap.com/emaildisclaimer.
By messaging with Barclays you consent to the foregoing. Barclays offers
premier investment banking
products and services to its clients through Barclays Bank PLC, a company
registered in England
(number 1026167) with its registered office at 1 Churchill Place, London, E14
5HP. This email may
relate to or be sent from other members of the Barclays Group.
___
RE: Considering using Perl Sections
We use a combination of Perl sections and Template Toolkit to generate our apache configs. The Perl sections are good for run-time setup for things like host names (i.e., to name logs per host in our cluster) and the templating is good for setting up things like multiple proxies that have just a few differences. In this case, I set up a data structure, and then iterate over it to generate the configs for the proxies. I also set up a utility script to deploy the whole shebang, since you can't use the templated configs as actual apche config files. Rendering these templates takes maybe 2 seconds, so I render my dev version against those that I've deployed to one of our DEV, STAGE, or PROD environments. Eric -Original Message- From: Chris Bennett [mailto:ch...@bennettconstruction.biz] Sent: Friday, October 01, 2010 4:47 PM To: modperl@perl.apache.org Subject: Considering using Perl Sections A while back I realized the futility of using a single httpd.conf after having many errors due to not repeating things correctly in SSL section and the long length of the file. I broke it up into a httpd.conf, mod_gzip.conf, a global SSL.conf and a conf file (and SSL version if needed) for each virtual host. Right now that is a total of 13 conf files. I like being able to diff the two versions for each virtual host to look for errors. Right now I am using Apache::AuthCookie to protect a variety of locations, but that is making things complicated again. At this point, should I break the AuthCookie sections out into confs for each virtual host using it, learn to use Perl Sections, or something different? Any suggestions are welcome. Thanks Chris Bennett ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
RE: [mp2] mod_perl closes apache's stdin and/or stdout
I'm starting to use Gearman to get around this whole problem. We use a lot of external processes for many things, so this issue wtih Apache2 really bit me hard in the bee-hind. I've gone to great lengths to work around it, but so far the job queue approach seems to be the most elegant and least problematic approach. Of course, the recommendation came from the gentle folks on this list originally. Eric From: Heiko Weber [mailto:he...@wecos.de] Sent: Thursday, February 18, 2010 3:22 AM To: Salvador Ortiz Garcia Cc: mod_perl list Subject: Re: [mp2] mod_perl closes apache's stdin and/or stdout Salvador, to avoid such issues my external tasks don't use STDOUT, STDIN or STDERR. They take their parameters from control files and write their results back to a status file. This tasks don't send any output back to the browsers. As I said, usually some sudo's to change some system settings. Well, I could replace all system() calls and just store the task jobs into a database table, to schedule a background job with cron to check and complete this tasks, but then I lost the immediately feedback to the user/browser ... AND this is a lot of work for me - unless I can exactly repeat the issue I am not sure if it is worth to try it. Currently it feels to me like a leakage, sometimes a httpd/mod_perl/process do something, and later (maybe when working on the next client request) STDOUT is closed. This makes it hard to create a sample program to repeat it. Within a single script I can do almost everything: call system(), open DBI connections, write to STDOUT, ... everything seems to be fine. Heiko Am 16.02.2010 um 23:26 schrieb Salvador Ortiz Garcia: On 02/05/2010 12:16 PM, Heiko Weber wrote: Hi André, I know what you mean, and I can't agree with you - the server response time is really low - most pages are finished loading in less 1-2 seconds, and the overall load of the server is at a low level. I believe there is an issue, maybe something what Jon is talking about, I also using some system() call's to execute sendmail or sudo tasks, so maybe STDOUT really gets closed - I have no idea. I only see the abort messages in errorlog very frequent, maybe 3-4 per minute. Heiko Of course STDOUT, STDIN, and STDERR get closed, not by mod_perl but by apache. Every UNIX process when demonized must close them to detach from its controling terminal. Apache reopens STDERR to its log file, but STDOUT and STDIN remain closed. Maybe de confusion arises from the fact that when executing a CGI the server connects them to the client socket, but in mod_perl you are in the deamon process space. Please check Advanced Programing in the UNIX environment, chapter 13: Daemon processes by W. Richard Stevens. Regards. Salvador. -- Wecos Heiko Weber Computer Systeme D-21644 Sauensiek Immenweg 5 he...@wecos.demailto:he...@wecos.de http://www.wecos.dehttp://www.wecos.de/ ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
RE: Apache2::SubProcess subprocess not subprocessing properly
We are configured to have mod_perl serve the .pl scripts and leave the .cgi
scripts to be served as regular old CGI, just as a point of interest.
Eric
-Original Message-
From: Tosh Cooey [mailto:t...@1200group.com]
Sent: Thursday, February 11, 2010 6:08 AM
To: Torsten Förtsch
Cc: modperl@perl.apache.org
Subject: Re: Apache2::SubProcess subprocess not subprocessing properly
Actually my solution to this problem was pretty rational. I
just turned
mod_perl off for this particular program.
Files ~ (?!myfork)\.pl$
PerlHandler ModPerl::Registry
/Files
Will I a have possible performance problems? Sure, but nothing a few
more $25/month servers can't fix, and it saves me all the
aggravation of
the past months trying to get this to work.
Problem solved!
Tosh
Torsten Förtsch wrote:
On Tuesday 09 February 2010 14:21:57 Tosh Cooey wrote:
use POSIX 'setsid';
if( fork ) { POSIX::_exit 0; CORE::exit 0 }
chdir '/'or die Can't chdir to /: $!;
simplest is to fork() another time to break the
parent-child relationship.
Keep in mind that you make your service vulnerable if you
simply fork off long
running processes.
What prevents a user from testing it:
ab -n 10 -c 100 http://...
This will quite fast create a *lot* of processes.
I tend to use some kind of queue for such processing. But,
of course, it
depends.
Torsten
--
McIntosh Cooey - Twelve Hundred Group LLC - http://www.1200group.com/
___
This e-mail may contain information that is confidential, privileged or
otherwise protected from disclosure. If you are not an intended recipient of
this e-mail, do not duplicate or redistribute it by any means. Please delete it
and any attachments and notify the sender that you have received it in error.
Unless specifically indicated, this e-mail is not an offer to buy or sell or a
solicitation to buy or sell any securities, investment products or other
financial product or service, an official confirmation of any transaction, or
an official statement of Barclays. Any views or opinions presented are solely
those of the author and do not necessarily represent those of Barclays. This
e-mail is subject to terms available at the following link:
www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the
foregoing. Barclays Capital is the investment banking division of Barclays
Bank PLC, a company registered in England (number 1026167) with its registered
office at 1 Churchill Place, London, E14 5HP. This email may relate to or be
sent from other members of the Barclays Group.
___
Logs show reasonable request handling duration, but proxied clients timing out
For sometime I've had complaints from one of the users of a particular mod_perl handler that is timing out on their end. They are using a programmatic Java client, accessing a mod_perl registry handler that simply returns a text file. The client is accessing my servers via a proxy which then connects to a load balancer that balances between two of my boxes. The client uses a 500 millisecond read timeout which is often reached, causing the client process to throw exceptions. However, when I look at my logs, the %D param shows durations well below this limit. At times I do not see the requests at all. What should I be looking at on my servers to see if the problem is on my end? As much as it appears that the problem is in the proxies, I want to make sure that I've covered all the bases from my end before I escalate the issue. There are no fixup handlers or log handlers, which I believe might impact post-logging timings. Thanks, everybody. Eric ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
Subprocess still running and spawn_proc_prog() returns immediately
I've got an Apache2 problem with a registry script that runs another perl script in a subprocess. The spawn_proc_prog() returns immediately, though the subprocess is still running, which causes a blocking situation when I try to read the stdout/err causing the script to hang indefinitely. The subprocess script doesn't fork or anything like that, yet spawn_proc_prog() is not waiting for it to exit. Any ideas? Need more info? Thanks, folks. Eric ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
RE: Subprocess still running and spawn_proc_prog() returns immediately
BTW, using IPC::Run3 -- which I could do since I didn't have to set env vars or a few other things -- worked just fine. Eric -Original Message- From: Berg, Eric: IT (NYK) Sent: Thursday, September 03, 2009 1:31 PM To: modperl@perl.apache.org Subject: Subprocess still running and spawn_proc_prog() returns immediately I've got an Apache2 problem with a registry script that runs another perl script in a subprocess. The spawn_proc_prog() returns immediately, though the subprocess is still running, which causes a blocking situation when I try to read the stdout/err causing the script to hang indefinitely. The subprocess script doesn't fork or anything like that, yet spawn_proc_prog() is not waiting for it to exit. Any ideas? Need more info? Thanks, folks. Eric ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
RE: tracking a coredump problem
Carl, I may have missed it, but did you say at what point you were seeing the segfault? I assume you mean at startup, but can you confirm? E -Original Message- From: Carl Brewer [mailto:c...@bl.echidna.id.au] Sent: Wednesday, January 28, 2009 7:43 AM To: Philippe M. Chiasson Cc: modperl@perl.apache.org Subject: Re: tracking a coredump problem Carl Brewer wrote: Philippe M. Chiasson wrote: Selinux enabled ? Good question, I don't think so, but will double-check. Nope, selinux is disabled on /etc/selinux/config ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
RE: Apache 1.3 - 2.x portability
We have a bunch of registry/CGI tools that exec external apps, including Autosys CLI tools and CVS. The problem is that, whereas in 1.3 the environment was passed to the spawned process, in 2.0, that's not the case. We had to make use of Env::C and the Apache2::SubRequest mods to allow us to successfully port these tools. Not much is made of it in the docs, but it was a huge issue for us. Eric -Original Message- From: Phil Carmody [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2008 8:26 AM To: modperl@perl.apache.org Subject: Apache 1.3 - 2.x portability I'm currently running only Apache 1.3 (mod_perl 1.22) and am wondering what kinds of issues there might be if I were to want to migrate my server to Apache 2.x and mod_perl 2. Are there any things that I can do (or avoid) to make such a migration as close to trivial as possible. ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
Custom Error Log for Specific URL/File matches
I'd like to be able to provide separate logs for developers who are devloping in their ~/public_html directories so that any error log messages for requests made for content that is in one of those directories would be logged to a file in that user's directory instead of (or in addition to) the standard error log. I think I've found sample code that brings me close, but I haven't been able to figure out how to get the text of the error message. I'd like to do this for both system-generated errors (i.e., compile errors) as well as for any STDERR generated by my code. Thanks. I appreciate the help as always. Eric ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
RE: Checking Return Codes in Apache2::SubProcess-spawn_proc_prog()
Am I missing something, Fred, or is there actually something in that test that indicates how to read the exit status of the process (i.e., $?)? I have read this a number of times, but have yet to find anything relevant there. Eric -Original Message- From: Fred Moyer [mailto:[EMAIL PROTECTED] Sent: Wednesday, October 08, 2008 12:46 PM To: Berg, Eric Cc: modperl@perl.apache.org Subject: Re: Checking Return Codes in Apache2::SubProcess-spawn_proc_prog() [EMAIL PROTECTED] wrote: I'm using spawn_proc_prog() to run external programs from apache, but can't find any docs on how to check the return status. It doesn't appear to set $?, nor have I found any reference to variables or methods that would provide that information. Can anybody help me with this? Was this part of the documentation useful or did it not explain what you need? http://perl.apache.org/docs/2.0/api/Apache2/SubProcess.html#C_ spawn_proc_prog_ The specific problem that I'm trying to solve has to do with executing CVS commands from within the context of Apache2. CVS returns both STDOUT and STDERR in response to, in this case, the rdiff command. It is sometimes possible to check the content of STDERR to determine the status of a command, but the STDERR is often valid output. I suppose that using the -q to suppress output of nice-to-have STDERR is an option too, but I'm looking for something more discrete. ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
Checking Return Codes in Apache2::SubProcess-spawn_proc_prog()
I'm using spawn_proc_prog() to run external programs from apache, but can't find any docs on how to check the return status. It doesn't appear to set $?, nor have I found any reference to variables or methods that would provide that information. Can anybody help me with this? The specific problem that I'm trying to solve has to do with executing CVS commands from within the context of Apache2. CVS returns both STDOUT and STDERR in response to, in this case, the rdiff command. It is sometimes possible to check the content of STDERR to determine the status of a command, but the STDERR is often valid output. I suppose that using the -q to suppress output of nice-to-have STDERR is an option too, but I'm looking for something more discrete. Thanks for any insight you can provide. Eric ___ This e-mail may contain information that is confidential, privileged or otherwise protected from disclosure. If you are not an intended recipient of this e-mail, do not duplicate or redistribute it by any means. Please delete it and any attachments and notify the sender that you have received it in error. Unless specifically indicated, this e-mail is not an offer to buy or sell or a solicitation to buy or sell any securities, investment products or other financial product or service, an official confirmation of any transaction, or an official statement of Barclays. Any views or opinions presented are solely those of the author and do not necessarily represent those of Barclays. This e-mail is subject to terms available at the following link: www.barcap.com/emaildisclaimer. By messaging with Barclays you consent to the foregoing. Barclays Capital is the investment banking division of Barclays Bank PLC, a company registered in England (number 1026167) with its registered office at 1 Churchill Place, London, E14 5HP. This email may relate to or be sent from other members of the Barclays Group. ___
