Re: Re: Re: Right answer (wrong question...)

Wow... first, a major rewrite is in order. I looked over your code from the other post and I realize most of it is from Matt's script archive but I think even you, as a beginner, can write better code than that. That said I offer the following suggestions for your existing code:

It appears you are getting the input from STDIN which doesn't make sense if it is from a form. but if it is working and all you want to do is automate putting the print statement into a database, instead of (or in addition to) all your lines that say print GUEST you would need a line that says something like $insert .= and then the rest of the line. Example:

print GUEST "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State`
+, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publi
+sh` ) VALUES (";
      }
      if ($line_breaks == 1) {
          =~ s/\cM\n/\n/g;
      }
      print GUEST "";
print GUEST ", ";
[download]

Would become:

my $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State
+`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publ
+ish` ) VALUES (";
      }
      if ($line_breaks == 1) {
          =~ s/\cM\n/\n/g;
      }
      $insert .= "";    # This can be removed as it doesn't do anythin
+g
$insert .= ", ";
[download]

As you can see, first I initialized $insert which would be done the first time you need to write it and then after that I use the concatinate operator (.=) to add text to $insert. Then when you are done, you just need to change $sth=$dbh->prepare($content); to $sth=$dbh->prepare($insert); and then it should insert your code into the database.

Some suggestions:
I suggest you pick up learning perl (and maybe a few other good books, check the book review section of this site) and rewrite your code. Use CPAN and check out some of it's modules, the documentation is usually quite good. Specifically look at CGI.pm which you can use to create all of your forms and then use the data from said forms to populate the database. (put the information in it) Writing to a file and then reading it again to enter the data into a database is VERY slow and while that may not be a big issue to you now, it might later on. Also problems can arrise if 2 people try and write to your guestbook at the same time. These issues go away when you stop writing to disc all the time.

So maybe get your current version working and then take it upon yourself to rewrite it once it's working. Trust me, it's worth it to write it yourself. With good resources like perl monks as well as the countless books and web tutorials on perl, even someone with no programming experience can learn, it just takes a little time.

Comment on Re: Re: Re: Right answer (wrong question...) Select or Download Code

Replies are listed 'Best First'.
Re: Re: Re: Re: Right answer (wrong question...) by bobafifi (Beadle) on Feb 24, 2004 at 22:15 UTC
Thanks MCS, You mean like this? (getting errors, so maybe something simple here I'm messing up?) # MySQL if ($entry_order eq '1') { } { my $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `Cit +y`, `State`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_crea +te`, `publish`, ) VALUES ("; } if ($line_breaks == 1) { $FORM{'Title'} =~ s/\cM\n/\n/g; } $insert .= "$FORM{'Title'}"; $insert .= ", "; if ( $FORM{'Email'} ){ my $email_name = $dbh->quote($FORM{'Email'}); # if ($linkmail eq '1') { $insert .= $email_name; # } # else { # $insert .= "$FORM{'Email'}"; # } $insert .= ", "; } if ( $FORM{'City'} ){ $insert .= "$FORM{'City'}"; } { $insert .= ", "; } if ( $FORM{'State'} ){ $insert .= "$FORM{'State'}"; } { $insert .= ", "; } if ( $FORM{'Country'} ){ $insert .= "$FORM{'Country'}"; } { $insert .= ", "; } if ($FORM{'URL'}) { $insert .= "$FORM{'URL'}"; } else { $insert .= "$FORM{'URL'}"; } { $insert .= ", "; } if ($separator eq '1') { $insert .= "'$date'"; } else { $insert .= "'$date'"; } { $insert .= ", "; } if ( $FORM{'Description'} ){ $insert .= "$FORM{'Description'}, '', NOW(), 0) \n\n"; } if ($entry_order eq '0') { $insert .= "<!--begin-->\n"; } } else { $insert .= $_; } } $sth=$dbh->prepare($insert); $sth->execute(); $dbh->disconnect; [download] Thanks, -Bob bobafifi.com	[reply] [d/l]
Re: Re: Re: Re: Re: Right answer (wrong question...) by jarich (Curate) on Feb 24, 2004 at 23:07 UTC
Almost right. You need to make just one or two changes.... if ($entry_order eq '1') { } { my $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publish`, ) VALUES ("; } [download] needs to become: my $insert; if ($entry_order eq '1') { } $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publish`, ) VALUES ("; [download] and you need to move the insertion into the database up into the loop too. `if ($entry_order eq '0') { $insert .= "<!--begin-->\n"; # This will cause an error } } else { $insert .= $_; } } $sth=$dbh->prepare($insert); $sth->execute(); $dbh->disconnect();` [download] Becomes: `# Removed code which would cause an error } else { $insert .= $_; } $sth=$dbh->prepare($insert); $sth->execute(); } $dbh->disconnect();` [download] You'll also need to make some beauty changes... this: `if ( $FORM{'Description'} ){ $insert .= "$FORM{'Description'}, '', NOW(), 0) \n\n"; }` [download] should become this: `if ( $FORM{'Description'} ){ $insert .= "$FORM{'Description'}, '', NOW(), 0)"; }` [download] etc. I'll leave any other of these up to you. What I've done, is remove the two newlines which were there so that the sql would be easy to read in the file. I believe that mysql would accept the newlines without a problem, but they're probably best removed. Now while this will PROBABLY solve most of your problems this will NOT make your code in the remotest bit secure. Nothing in this code appears to be able to stop me from adding something like the below into the description field. `', '', NOW(), 0); drop table mysql_db; '` [download] (quotes included). As far as I understand your code this should result in no errors, but should quietly drop your mysql_db table and lose all its records. This is why we've been recommending placeholders. You can rewrite this code to use place holders in a few ways. You can use the compact version that I suggested in my previous answer (which should work and would look a tonne nicer) or you could work them into this ugly assignment tree. Of course you could just hope that noone's going to be malicious and try to delete your data too.... but I don't recommend it. At the very least you should replace all occurances that look like: `$insert .= "$FORM{'URL'}";` [download] to look like: `$insert .= $dbh->quote($FORM{'URL'});` [download] and don't forget to quote $FORM{Description} too. Good luck with all of this. I hope you've learned something. I'm sure that with a little bit more work you could have written your own guestbook script to use the database and do almost everything else you wanted. In fact, I recommend that you give that a go sometime, because it'll probably be a great learning experience. If my suggestions here still don't solve all of your problems then stop and think hard about what the code is actually doing, before you post again. And if you still don't understand what it's doing then AT THE VERY LEAST don't just say "it gives me errors" tell us WHAT errors it gives you. If the errors are on line 8 then tell us what line is line 8. Tell us what you've tried. Tell us what you think is happening. Give us some reason to believe that you're actually investing your own time into this problem rather than just insisting that we invest our own. Hope this helps, jarich	[reply] [d/l] [select]
Re: Re: Re: Re: Re: Re: Right answer (wrong question...) by bobafifi (Beadle) on Feb 25, 2004 at 02:09 UTC
Hi Jarich, Like this?? # MySQL my $insert; if ($entry_order eq '1') { } $insert = "INSERT INTO `mysql_db` (`Title`, `Email`, `City`, `State`, `Country`, `URL`, `Date`, `Description`, `rid`, `dt_create`, `publish`, ) VALUES ("; } if ($line_breaks == 1) { $FORM{'Title'} =~ s/\cM\n/\n/g; } $insert .= "$FORM{'Title'}"; $insert .= ", "; if ( $FORM{'Email'} ){ my $email_name = $dbh->quote($FORM{'Email'}); # if ($linkmail eq '1') { $insert .= $email_name; # } # else { # $insert .= "$FORM{'Email'}"; # } $insert .= ", "; } if ( $FORM{'City'} ){ $insert .= "$FORM{'City'}"; } { $insert .= ", "; } if ( $FORM{'State'} ){ $insert .= "$FORM{'State'}"; } { $insert .= ", "; } if ( $FORM{'Country'} ){ $insert .= "$FORM{'Country'}"; } { $insert .= ", "; } if ($FORM{'URL'}) { $insert .= "$FORM{'URL'}"; } else { $insert .= "$FORM{'URL'}"; } { $insert .= ", "; } if ($separator eq '1') { $insert .= "'$date'"; } else { $insert .= "'$date'"; } { $insert .= ", "; } if ( $FORM{'Description'} ){ $insert .= "$FORM{'Description'}, '', NOW(), 0)"; } else { $insert .= $_; } $sth=$dbh->prepare($insert); $sth->execute(); } $dbh->disconnect(); [download] Thanks, -Bob bobafifi.com	[reply] [d/l]
need more info by MCS (Monk) on Feb 25, 2004 at 15:18 UTC
Re: Right answer (wrong question...) by bobafifi (Beadle) on Feb 25, 2004 at 17:23 UTC