Coding Errror

Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hi All,

I have written a progam which parses incoming emails using Mime::Tools, it works great, but it will send an error back to the sender with the following error:

Use of uninitialized value in concatenation (.) or string at /home/scr
+ipt.pl line 48, <STDIN> line 20.
[download]

This is the section of the code that the error is referring to, it seems to be erroring when it enters it into mysql. $from, $url, $name are defined earlier in the script..

$mbody = $dbh->quote($body);
$msubject = $dbh->quote($subject);
my $rv = $dbh->do(qq{INSERT INTO table values (
    "NULL", "ME", "testing", "$from", "$url", "$name", "3", "$category
+", $msubject, $mbody)}
    );
[download]

I have used dbh-qoute with the subject/body of the email when putting it in the database, but for some reason it is returning that error..

Any ideas would be greatly appreciated
Thanks a lot

Comment on Coding Errror Select or Download Code

Replies are listed 'Best First'.
Re: Coding Errror by dragonchild (Archbishop) on Dec 01, 2001 at 01:03 UTC
Ok. First off, I'd like to congratulate you for using warnings (or -w, as you may know it). Secondly, you don't have a syntax or run-time error, you have a warning. What htat means is that some variable you're attempting to use in "" is set to undef, not '' as you might think. Doing a `my $varname;` just allocates the name ... it doesn't initialize it to a defined value. So, if nothing was assigned to $category (for instance), then that's what would cause your warning. ------ We are the carpenters and bricklayers of the Information Age. Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.	[reply] [d/l]
(jeffa) Re: Coding Errror by jeffa (Bishop) on Dec 01, 2001 at 01:30 UTC
Adding to dragonchild's excellent advice, a better way to insert values into a database table is to use bind vars. Instead of using `do()`, you first `prepare()` the statement (which uses question marks(?) instead of the values) and then you `execute()` it: `my $rv = $dbh->prepare(" insert into table foo values (?,?,?,?,?,?,?,?,?,?) "); $rv->execute( 'NULL','ME','testing',$from,$url, $name,3,$category,$subject,$body, );` [download] Now you don't have to worry about quoting the values. Much more portable among different database vendors. jeffa L-LL-L--L-LL-L--L-LL-L-- -R--R-RR-R--R-RR-R--R-RR F--F--F--F--F--F--F--F-- (the triplet paradiddle)	[reply] [d/l] [select]
Re: (jeffa) Re: Coding Errror by Fastolfe (Vicar) on Dec 01, 2001 at 03:24 UTC
In addition, `qq{"$value"}` fails in cases like: `$value = 'My "value" here';` `$value = 'Will this work?"; drop table foo;';` Definitely better off using bind variables or using DBI to escape/quote each parameter as you use it.	[reply] [d/l] [select]
Re: Coding Errror by blakem (Monsignor) on Dec 01, 2001 at 02:37 UTC
I dislike that particular warning and routinely turn it off with: `no warnings 'uninitialized';` [download] Some people claim that the warning helps them catch mistakes... with my coding style it tends to be a false warning. YMMV. Since it is lexically scoped, you can turn that warning off for a particular section of code like this: `$word = $required_prefix . $word; { no warnings 'uninitialized'; $word .= $optional_suffix; }` [download] -Blake	[reply] [d/l] [select]