bajangerry has asked for the wisdom of the Perl Monks concerning the following question:

Hi Monks, I have a script that will be run on a local machine that will update a MySQL database hosted on a website but I do not want to have the database details in the local script as it will obviously be a bit of a security issue. I understand how to use "includes" in PHP for instance to allow me to get the necessary info to a webpage etc but I do not know how to do this in Perl, can anyone enlighten me? Current script (ugly as it may be!) that works fine on a local database is below. In this script I do pull info from a local "config.ini" file as well and I need to get similar info but from a secure area in a website that I will login to and uses sessions to authenticate etc. 
use strict;
use IO::Socket;
use POSIX;
use Config::Simple;
use DBD::mysql;

for(;;){
# Reading configuration parameters from the config.ini file
my $cfg = new Config::Simple();
$cfg->read('config.ini');
my $host = $cfg->param("pbx");
my $port = $cfg->param("port");
print "Connecting to the PBX $host on port $port\n";
my $sock = new IO::Socket::INET(PeerAddr => $host, PeerPort => $port,P
+roto => "tcp",)
or die "Cannot connect to PBX at address: $host port: $port: $!";

while (<$sock>) {
s/^\0+//; # Remove leading null characters
print $_;
chomp ($_);
#$_ =~ s/^[^ ]+//;
if ($_ =~m"/") {

&TXTout;
&DBconnect;
}
} #Close While loop

sub TXTout {
my ($year, $mon, $day);
    $year = strftime '%Y', localtime;
    $mon = substr ($_, 1,2);
    $day = substr ($_, 4,2);
my $file = "$year"."-"."$mon"."-"."$day".".log";
    if (-f $file){
        open (my $fh,'>>', $file);
        print $fh "$_\n";
        close $file;
    }
    else {
        open (my $fh,'>', $file);
        print $fh "$_\n";
        close $file;
    }
}# End of filePrint routine

sub DBconnect {
# MySQL Connection parameters

# MySQL Connection parameters
my $dbuser= "user";
my $dbpassword= "password";
my $dbhost= "host";
my ($line, $mon, $day, $stime, $pm, $hrs, $mins, $sec, $callp, $leaddi
+git, $callno, $speed, $callp2, $transf, $acccode, $sysid, $tester);
            $mon = substr ($_, 1,2);
            $day = substr ($_, 4,2);
            $stime = substr($_, 7,5);
            $pm = substr($_, 12,1);
            $hrs = substr($_, 14,2);
            $mins = substr($_, 17,2);
            $sec = substr($_, 20,2);
            $callp = substr($_, 23,4);
            $leaddigit = substr($_, 29,3);
            $callno = substr($_, 33,26);
            $speed = substr($_, 60,1);
            $callp2 = substr($_, 61,5);
            $transf = substr($_, 67,5);
            $acccode = substr($_, 72,12);
            $sysid = substr($_, 85,3);
            $tester = strftime( "%Y",localtime(time));
if ($acccode == ""){$acccode = 0}
# Establish the connection which returns a DB handle
my $dbh = DBI->connect($dsn, $userid, $password, { RaiseError => 1 }) 
+ or die $DBI::errstr;
# Prepare the SQL statement
my $stmt1 = qq(INSERT INTO import (month,day,time,PM,hrs,mins,sec,call
+ingparty,leaddigit,calledno,speeddialind,calledparty,transferext,acco
+untcode,sysid,year) VALUES('$mon','$day','$stime','$pm','$hrs','$mins
+','$sec','$callp','$leaddigit','$callno','$speed','$callp2','$transf'
+,'$acccode','$sysid','$tester');") or die $DBI::errstr;
# Send the statement to the server
my $rv1 = $dbh->do($stmt1) or die $DBI::errstr;
# Close the database connection
$dbh->disconnect or die $DBI::errstr;
} #Close DBconnect subroutine

#close the socket
close $sock or die "close: $!";
print "socket closed";
print "<br />";
}

[download]

Replies are listed 'Best First'.
Re: "Include" parameters from website
by 1nickt (Canon) on Mar 15, 2021 at 18:19 UTC

    Hi,

    I need to get similar info but from a secure area in a website that I will login to

    Use an HTTP client to make the request and gather the config, then use it in the connection.

    See the core module HTTP::Tiny, or for more complex use cases, LWP::UserAgent.

    Hope this helps!


    The way forward always starts with a minimal test.
[reply]

      Perhaps you have something else in mind and/or I'm misunderstanding here, but if you are accessing "secure" information via plain HTTP, isn't that about the equivalent of an API that would render the whole security assumption moot?

      Blessings,

      ~Polyglot~

[reply]
        You are correct of course Polyglot, which is why I am looking at using WWW::Mechanize now to login to the website and execute the webpages as if I was connected to the site from a browser instead. I am struggling with the process of using session IDs to identify the user login that is required to access the pages though but I will figure it out. Thanks, Gerry
[reply]
      Hi 1nickt, That is interesting, that is a different way to solving the problem than I was thinking about, using this method I assume I can actually use Perl to open a webpage that has the code to update the mysql database within the page and simply pass the data string to the webpage as opposed to having Perl access the database directly. I will give this a try, thanks!
[reply]

Back to Seekers of Perl Wisdom