Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

I'm a newbie to SQL. When I tried to run a CGI with this: 
my $sth = $dbh->prepare(<<SQL) or die $dbh->errstr;
select count(*) from userlist
where colemail = \'$FORM{'email'}\';
SQL

$sth->execute;

[download]
I get a 500 error. The error log says there was an error on the "execute" line. Does anyone see what (probably obvious) mistake I've made?

Edit kudra, 2002-10-05 Changed title

Replies are listed 'Best First'.
Re: What's Wrong With This?
by cLive ;-) (Prior) on Oct 05, 2002 at 06:33 UTC
    Try running from shell if you can. Try query in mysql if you can. Try adding: 
    use CGI:Carp 'fatalsToBrowser';

    [download]
    to beginning of script while debugging.

    Also, add: 

    use CGI;

    [download]
    and use the damn CGI module - if you can :)

    .02

    cLive ;-)

    --
    seek(JOB,$$LA,0);

[reply]
[d/l]
[select]
Re: What's Wrong With This?
by larsen (Parson) on Oct 05, 2002 at 12:07 UTC
    I can't help you with your problem directly (what's the error message? What's in $FORM{'email'} ?). But one of the most common advices about DBI stuff is to use placeholders. I'd write that piece code in this way: 
    my $sth = $dbh->prepare( qq|
  select count( * ) 
  from 
    userlist
  where
    colemail = ?
|) || die $dbh->errstr;

$sth->execute( $FORM{'email'} );

    [download]
    Michael G. Schwern has several good points here: http://magnonel.guild.net/~schwern/talks/Refactoring_DBI_Example/
[reply]
[d/l]
[select]
Re: SQL causing 500 error (was: What's Wrong With This?)
by bart (Canon) on Oct 05, 2002 at 20:30 UTC
    I'm a newbie to SQL. When I tried to run a CGI with this: 
    my $sth = $dbh->prepare(<<SQL) or die $dbh->errstr;
select count(*) from userlist
where colemail = \'$FORM{'email'}\';
SQL

$sth->execute;

    [download]
    I get a 500 error.

    Drop the semicolon. A lot of SQL engines trip over them.

    Taint error. Why aren't you using placeholders? Even if this could work for well-behaved user data entries, it can still easily fail for others. Using a placeholder would prevent that.

    And if you've connected to the database with the raiseError attribute set to true, there's no need for the or die... part. 

    my $sth = $dbh->prepare(<<SQL);
select count(*) from userlist
where colemail = ?
SQL

$sth->execute($FORM{email});

    [download]
[reply]
[d/l]
[select]
Re: What's Wrong With This?
by nutshell (Beadle) on Oct 05, 2002 at 04:06 UTC
    Try:
    my $sth = $dbh->prepare(<<SQL) or die $dbh->errstr;
select count(*) from userlist
where colemail = '$FORM{'email'}';
SQL

$sth->execute;

    [download]

    --nutshell

[reply]
[d/l]
      you need to use: $sth->do( SQL STATEMENT HERE ); for one liners and $SQL = " SQL STATEMENT HERE "; $sth->prepare($SQL); for statements you want to prepare and execute over and over again.
[reply]
Re: What's Wrong With This?
by sauoq (Abbot) on Oct 05, 2002 at 07:25 UTC

    Have you looked at your server logs? It will likely help you locate the problem. For instance, if $FORM{'email'} contains something you don't expect and your prepare fails, the error log should contain $dbh->errstr as that's what you die with.

    -sauoq
"My two cents aren't worth a dime.";
[reply]
[d/l]
[select]
Re: What's Wrong With This?
by robartes (Priest) on Oct 05, 2002 at 08:51 UTC
    I don't have a database handy, so I can't check, but I have a sneaking suspicion you're actually passing two lines as the SQL query instead of one. You're passing: 
    select count(*) from userlist

    [download]
    and: 
    where colemail = \'$FORM{'email'}\';

    [download]

    instead of the whole in one go. Try putting both on one line, or putting in a line continuation character. Your DB documentation should tell you what that character should be (often a backslash \ ).

    CU
    Robartes-

[reply]
[d/l]
[select]

      I've never seen a database that sensitive to newlines. Which have you used that might be a problem?

[reply]
Re: SQL causing 500 error (was: What's Wrong With This?)
by DapperDan (Pilgrim) on Oct 06, 2002 at 16:41 UTC
    apart from the other useful suggestions (particularly CGI::Carp's fatalsToBrowser, which is indispensable for CGI debugging IMHO), i would suggest enabling DBI's trace mode.

    perldoc DBI for details, but in a nutshell you just say DBI->trace(2), changing the level (2) to taste.

    at level 2 you can see how your statement was prepared, how the variables were bind-ed (bound), and what the resultant string used was. i have found this to be more than adequate debugging information for almost all DBI-related bugs i've written thus far.

    HTH.

[reply]
Re: SQL causing 500 error (was: What's Wrong With This?)
by Anonymous Monk on Oct 07, 2002 at 06:05 UTC
    you need to use: 
    
$sth->do( SQL STATEMENT HERE );

    [download]
    for one liners and 
    
$SQL = " SQL STATEMENT HERE ";
$sth->prepare($SQL);

    [download]
    for statements you want to prepare and execute over and over again.
[reply]
[d/l]
[select]
      Sorry, forgot a line. you need to use: 
      

$dbh->do( SQL STATEMENT HERE );

      [download]
      for one liners and 
      

$SQL = " SQL STATEMENT HERE ";
$sth->prepare($SQL); 
$sth->execute;

      [download]
      for statements you want to prepare and execute over and over again.
[reply]
[d/l]
[select]
Re: SQL causing 500 error (was: What's Wrong With This?)
by smitz (Chaplain) on Oct 07, 2002 at 07:54 UTC
    Try removing the semicolon.
    This caused me some problems under AS Perl 633, MySQL and Win2000.

    HTH
    SMiTZ
[reply]

Back to Seekers of Perl Wisdom