First, debug from the command line, not through the CGI interface.

Second, stick in some warnings before doing any string concatenations or interpolations, i.e. something like:

if (not $variable) { warn "\$variable is uninitialized\n"; }
[download]

Why are they empty? One common reason is that you have forgotten about empty lines in the input data. I like next if /^\s+$/; to deal with those common cases.

Also, I think you should leave strictures, warnings and taint checking ON even in production code. If it is properly written, it should not generate warnings.

--
Regards,
Helgi Briem
helgi AT decode DOT is

You'll want to say unless (defined $variable) { warn "\$variable is uninitialized\n"; } because there are false values that are still defined.

---

Seeking Green geeks in Minnesota

Using if (defined($something)) statements is trying to get rid of the symptoms. Instead, make sure that each variable you use is properly initialized. This will make your code much more robust and resilient against probable attacks. For Web-stuff, I think it's wise to not only use strict and warnings, but also the -T (taint checking) command-line option.

I understand that the warnings can be useful to have for debugging reasons if (when) things go wrong, especially to pick up run-time errors. I do think, though, that that small(ish) bonus is soon cancelled out when you consider the chore of digging through logs, especially with a large, oft-used application (like a website).

As long as you're aware of why the warning is appearing at design-time, it seems fairly pointless to keep having that warning appear, and get logged, in production.

I see warnings as a very useful debugging tool, rather than something to directly test the correctness of my code - after all, that's what use strict and the compiler are for *grins*. Warnings at best, in my mind, drop hints as to why things are going wrong, not what is wrong.

-- Foxcub
A friend is someone who can see straight through you, yet still enjoy the view. (Anon)

Testing with defined is much the same as deleting the -w. The var is still not defined; you are just living with it. Is it possible that a cgi using the -w and working fine may fall over at a later date if prel or a module that is used is upgraded or altered in some way?

It is also handy to specifically handle the undef cases as you may turn up bugs in your application, you didnt realise were there...

Update: you should _always_ be using your -T switch also and throwing away naughty chars (including but not limited to); ' " | when appropriate.

use warnings;
no warnings 'uninitialized';
[download]

MJD says you can't just make shit up and expect the computer to know what you mean, retardo! ** The Third rule of perl club is a statement of fact: pod is sexy.

and if you have older perl...

#!/usr/bin/perl -w

$SIG{__WARN__} = sub { 
        local $_ = shift;
        print STDERR unless /Use of uninitialized value/;
};

my $f;

print "no warning here -->$f<--",$/;

warn "woot! other warnings here...";
[download]

And of course if your scripts are running under Apache mod_perl, if you are not careful in initializing your variables (or using my whenever possible) you may "carry over" values from a previous run of your script as mod_perl does not recompile your scripts for every request.

CountZero

"If you have four groups working on a compiler, you'll get a 4-pass compiler." - Conway's Law

-----------------------------------
--the good, the bad and the physi--
-----------------------------------
[download]

Below I posted two pieces of the code. The first one is checking for defines, the second - doesn't. The second one is more nicer, because if we don't check for undef values, we can delegate function calls to each other without having intermediate variables. If I start checking for defines, my code becomes full of if and unless sentences.

The code is creating a menu object and setting the active menu for it, which it has to display say in a different color. Of course, the checking for the active menu could be done inside the Menu object, but in my design it's outside. So, my code has to check for the undef value from the CGI param() function and from my get_active_menu_id() functions as well, because they don't always return a defined value.

I lose the flexibility of perl and I worry pretty much about it. What should you do in such a situation?

The checks for defined version:

my $main_menu = new Menu("main");
my $menu_item = param('menu_item');
 
if(defined($menu_item))
{
  my $active_menu_id = get_active_menu($menu_item);

  $main_menu->active_menu_id($active_menu_id) unless !$active_menu_id;
}
    
$main_menu->output;
[download]

No checks for defined version:

my $main_menu = new Menu("main");
  
$main_menu->active_menu_id(get_active_menu(param('menu_item')));
    
$main_menu->output;
[download]

So what do you think, is it worth checking for defines on such a code or not?

Depends on which of these is realistically going to make a difference. I'd write something like this:

my $main_menu = Menu->new("main");
my $active_menu_id = get_active_menu(param('menu_item')||'');
 
$main_menu->active_menu_id($active_menu_id)
    if defined $active_menu_id;
    
$main_menu->output;
[download]

The distinction between the user selecting no menu item or submitting an invalid selection is not likely to matter, so I just default that case to a defined but invalid value. Whether or not he has select a valid menu item however definitely is important, so I check that case appropriately.

Btw, indirect object syntax looks neat but has a bunch of caveats. Use the arrow notation instead.

Makeshifts last the longest.

And this is part of where perl6 will be very nice. It is an important thing though to provide default values especially for web programming since if you port to mod_perl then you are required to provide default values regardless.

 # Provide an empty string as  the default value if the
 # menu item value isn't provided.
 my $menu_item =  param('menu_item')
               // '';
[download]

In perl5 I write this as:

 # Provide an empty string as  the default value if the
 # menu item value isn't provided.
 my $menu_item = param('menu_item');
    $menu_item = '' unless defined $menu_item;

 # OR to be brief
 local $_; # As you enter the block

 $_ = param('menu_item');
 my $menu_item = defined() ? $_ : '';
[download]

Or if you feel like being cute (and slightly obfuscatory)

 $menu_item = defined() ? $_ : '' for (param('menu_item');
[download]

I think you also meant to write unless ! as if but that's separate.

---

Seeking Green geeks in Minnesota

Test, test, test. Yes the second snippet is straight forward, but im sure there would be all sorts of ways to mess with it. How about something like the following..

#
# I split the code, but I dont think it would need to be on 
# a new line in an 80 char window
#
my $main_menu = new Menu("main") 
   || &some_error_routine("Failed to create menu obj! $main_menu->err\
+n");

my $menu_item = param('menu_item')
   || &some_error_routine("No menu_item passed to cgi!");

my $active_menu_id = get_active_menu($menu_item) 
   || &some_error_routine("Cant collect menu_id!!\n");
#
# There should probably be a test here as well
#
$main_menu->active_menu_id($active_menu_id);
$main_menu->output;
[download]

If the sub routines return 0, nothing, or undef the second half of a line will be executed. Also when attempting to debug later, you can do a couple of things. Within the some_error_routine, you can watch for say a global $DEBUG, and depending on what the value of it is, you can determine what types of messages to send out to the log file, if debug isnt defined and you receive messages to be logged, you can still trim down your output, but you dont need to spend X amount of time adding debug statements to the rest of your code. You simply go to main, define 1 scalar, and then run the code again. Once your done with testing, you whack the scalar and everything goes back to normal.

I find it best for myself, that once a app reaches a certain point in either complexity or frequence of run time, I add a simple error logging sub. But hey its just works for me :)

Edit: Post morning coffee, I realize I didn't really stress what I wanted to. Basically you can control the behaviour of your code in terms of logging and dieing from a single sub. Also with logging this way, and parsing the error log, you should be able to quickly figure out where in the code you failed and for what reason. You could get this done via croak/warn/die, but if the app is getting as big as you say, its easier for me to control it all from a single point, as opposed to multiple source files and libs.

/* And the Creator, against his better judgement, wrote man.c */

I put them on for coding on intranet, but off when uploading to a 'real' webserver. It's indeed quite annoying having your logs filled with things like 'undefined variable' (e.g. from templates). I sync my real webserver with the intranet webserver tree (ssh dsa key), rewriting some files to get rid of debugging parameters automatically.

You could do fake initialisations to fool perl, too.

Either way, don't let it stop you from using things like 'strict' and 'tainted data' when coding.

  print "The string is $foo\n";
[download]

  my $foo;
  # some code
  print "The string is $foo\n";
[download]

I think you're slightly confused about what these error messages mean. If you don't declare a variable, you'll get the "requires explicit package name" error. This is triggered by use strict, not by -w.

$ perl -Mstrict -le 'print $x'
Global symbol "$x" requires explicit package name at -e line 1.
Execution of -e aborted due to compilation errors.
[download]

The error we're dicsussing here is seen whenever you try to print a variable that contains "undef" (even if it's previously been declared). This is triggered by -w (or use warnings).

$ perl -Mstrict -w -le 'print my $x'
Use of uninitialized value in print at -e line 1.
[download]

--
<http://www.dave.org.uk>

"The first rule of Perl club is you do not talk about Perl club."
-- Chip Salzenberg