code snippet

grashoper has asked for the wisdom of the Perl Monks concerning the following question:

is this missing a closing bracket? I need another pair of eyes..

  if ($Session->{'isAuthenticated'} && $Session->{'trackSession'} && !
+$Session->{'SessionTracked'})
  {    
    use OLE;
    my $Conn = CreateObject OLE "ADODB.Connection";
    
    $Conn->Open("PROVIDER=SQLOLEDB;DATA SOURCE=$Session->{'sqlServer'}
+;UID=$Session->{'sqlUser'};PWD=$Session->{'sqlPass'};DATABASE=$Sessio
+n->{'dbName'}");
    my $RS = $Server->CreateObject("ADODB.Recordset"); 
    my $RS2 = $Server->CreateObject("ADODB.Recordset");
    my $sql =  "INSERT into t_Sessions (Site, SessionDate, SessionID, 
+System, Account, UserLevel, UserType, UserID, Name, UserClass, UserIP
+, UserAgent, UserResolution, UserAcrobatVer, UserTimeSpent, Referrer)
+ values ('".
                substr($Request->ServerVariables("SERVER_NAME")->item(
+),0,50).
               "','".
                MSSQLDate($Session->{'timeStart'}).
               "','".
                $Session->{'SessionID'}.
               "','".
                substr(uc($Session->{'usrSystem'}),0,3).
               "','".
                substr(uc($Session->{'usrAccount'}),0,3).
               "','".
                substr($Session->{'usrLevel'},0,5).
               "','".
                substr($Session->{'usrType'},0,3).
               "','".
                substr($Session->{'usrID'},0,15).
               "','".
                substr($Session->{'usrName'},0,50).
               "','".
                substr($Session->{'usrClass'},0,10).
               "','".
                substr($Request->ServerVariables("REMOTE_ADDR")->item(
+),0,15).
               "','".
                substr($Request->ServerVariables("HTTP_USER_AGENT")->i
+tem(),0,255).
               "','".
                substr($Session->{'screenX'}."x".$Session->{'screenY'}
+,0,10).
               "','".
                $Session->{'acrobatVersion'}.
               "','0','".
                substr($Request->ServerVariables("HTTP_REFERER")->item
+(),0,255).
               "');";


    if ($Session->{'trackDB'}){lg("DB","$sql");}
    $RS = $Conn->Execute($sql);
    my $sqlQ = "SELECT idSession 
                     FROM t_Sessions
                     WHERE SessionID='$Session->{'SessionID'}' 
                         AND
                           SessionDate = '".MSSQLDate($Session->{'time
+Start'})."';";
    if ($Session->{'trackDB'}){lg("DB","$sqlQ");}
    $RS2->Open($sqlQ, $Conn); 
    if (!$RS2->EOF())
    {
      $Session->{'idSession'} = $RS2->Fields('idSession')->{Value};
      $RS2->Close;
      $Session->{'SessionTracked'} = 1;
    }
    $Conn->Close;
  }
[download]

Comment on code snippet Download Code

Replies are listed 'Best First'.
Re: code snippet by BrowserUk (Patriarch) on Jun 17, 2008 at 18:52 UTC
is this missing a closing bracket? No. `c:\test>perl -c junk1.pl junk1.pl syntax OK` [download] Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply] [d/l]
Re^2: code snippet by grashoper (Monk) on Jun 17, 2008 at 19:03 UTC
is this a way to test for syntax errors? I have trouble finding where things are going wrong as I am not familiar with how to run a debugger on this activestate perl, I would love to figure out how to test blocks of code for errors like misssing brackets, does use strict do that?	[reply]
Re^3: code snippet by BrowserUk (Patriarch) on Jun 17, 2008 at 19:37 UTC
is this a way to test for syntax errors? Yes. I am not familiar with how to run a debugger on this activestate perl How do you do it with a non-activestate perl? I would love to figure out how to test blocks of code for errors like misssing brackets, does use strict do that? What happens when you try that? Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error. "Science is about questioning the status quo. Questioning authority". In the absence of evidence, opinion is indistinguishable from prejudice. "Too many [] have been sedated by an oppressive environment of political correctness and risk aversion."	[reply]
Re: code snippet by Thelonius (Priest) on Jun 17, 2008 at 19:34 UTC
The quoting may confuse an editor (it does confuse the perl.vim code). First, and most important, you should use placeholders instead of inserting Perl variables directly into SQL. Your code will break, for example, if HTTP_USER_AGENT or HTTP_REFERER contain an apostrophe (both of these values are under user control). Serious security risks can occur if you ignore this issue. For info, google SQL injection. As a minor matter, you can avoid quoting literal hash keys if they are made up of all word characters (i.e. match /^\w+$/). For example, you can say <code>$Session->{idSession}. I see you did that one place.	[reply]
Re: code snippet by ikegami (Patriarch) on Jun 18, 2008 at 00:00 UTC
I particularly like how you execute code given to you by a web user.	[reply]