Anonymous Monk has asked for the wisdom of the Perl Monks concerning the following question:

Hello! I'm trying to pass parameters from one perl-script to the other. The code is as follows: 
#!c:/perl/bin/perl.exe
use DBI;
$,="\t";
use CGI qw(:all escape);
$username=param("username");
$password=param("password");
$condition;
$cond;

$db=DBI->connect("dbi:mysql:administration") or die"\n Error($DBI::err
+):$DBI::errstr\n";

$aquery="select pass from password where username='$username'";



$a=$db->prepare($aquery);
$a->execute();
while(@result=$a->fetchrow())
{foreach $result(@result)
{
if ($result eq $password) 
{$condition=1;
}


}
}





if($condition==0)
{print"content-type:text/html\n\n";
print"<html>\n";
print"<body bgcolor=\"#990000\"><font color=\"white\">";
print "Sorry but your password does not match your username. Please tr
+y again. <br><form action=\"login.pl\" method=\"post\" target=\"mainF
+rame\">Username: <input type=\"text\" name=\"username\" size=\"15\"><
+br><br><br>
Password: <input type=\"password\" name=\"password\" size=\"15\"><br><
+br><br><center>
<input type=\"submit\" value=\"Submit\"></form></center>" ;

}
else 
{
print redirect(-location=>'http://localhost/cgi-bin/de.pl?username=$us
+ername'); 
}

[download]
I want the second file "de.pl" to get this parameter and do something with it. It works fine when I put in the first script username=pat but not when I put username=$username. What am I doing wrong? Thank you

Replies are listed 'Best First'.
Re: passing parameters
by dragonchild (Archbishop) on Jul 21, 2003 at 13:32 UTC
    Single-quotes don't use the variable's value. Try using double-quotes. :-)

    ------
    We are the carpenters and bricklayers of the Information Age.

    Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

    Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

[reply]
      I feel a bit stupid now, I have been staring at this for ages! Thank you very much!!!
[reply]
        I didn't even look at this, but Corion is right to mention it - your SQL is constructed very poorly. Instead, it should be: 
        my $sql = "SELECT pass FROM password WHERE username = ?";
my $sth = $dbh->prepare_cached($sql) || die "Cannot prepare '$sql'\n";
$sth->execute($username) || die "Cannot execute '$sql' with '$username
+'\n";

        [download]
        The reason being that it will help protect versus attacks. For example, let's say $username is q{'; delete from password where username != 'NOT THERE''}. You'll lose all your password table entries.

        ------
        We are the carpenters and bricklayers of the Information Age.

        Don't go borrowing trouble. For programmers, this means Worry only about what you need to implement.

        Please remember that I'm crufty and crochety. All opinions are purely mine and all code is untested, unless otherwise specified.

[reply]
[d/l]
[select]
Re: passing parameters
by antirice (Priest) on Jul 21, 2003 at 13:32 UTC

    Look at the documentation for quote operators that interpolate variables. As a side note, single quotes (') do not interpolate whereas double quotes(") do.

    antirice    
    The first rule of Perl club is - use Perl
    The     ith rule of Perl club is - follow rule i - 1 for i > 1

[reply]

Back to Seekers of Perl Wisdom