Eagle_f91 has asked for the wisdom of the Perl Monks concerning the following question:

Update: Perl for ISAPI handels the header for me so I don't have to print it my self, I have other scripts written with out the print contect line using ISAPI working fine for displaying there data, and this script does print the line just not the query string.

I know what your thinking, getting a query string is easy. That is what I though, but it just is not working. Can someone look over this code and tell me what is wrong and why the query string is not being pulled? 
#!C:\Perl\bin\PerlEx30.dll -w
use strict;
use DBI;
use CGI q~:standard~;
use CGI::Carp qw(fatalsToBrowser);
my ($DBH, $STH, $QueryString, @SQLResults, @Listing, $i, $MaxArray, $S
+QLString);
$i = 0;
$QueryString = $ENV{'QUERY_STRING'};
print "$QueryString";
$DBH = DBI -> connect ('dbi:ODBC:SQLServer', '', '') or die "$DBI::err
+str";
$STH = $DBH -> prepare (qq~select Name, Path from dbo.NavigationCatego
+ries where Category = '$QueryString'~) or die "$DBI::errstr";
$STH -> execute or die "$DBI::errstr";
while (@SQLResults = $STH -> fetchrow_array) {
    $Listing[$i] = qq~<a href="http://www.ffinfo.com/$SQLResults[1]">$
+SQLResults[0]</a>~;
    $i++;
}
if ($i > 0) {
    $MaxArray = $i -1;
    $i = 0;
    while ($i < $MaxArray) {
        $Listing[$i] .= '<br />';
        $i++;
    }
    print "@Listing";
} else {
    print "<!---->";
}
$DBH -> disconnect;

[download]
When i go to http://www.ffinfo.com/cgi-bin/navigation.plx?Quotes it does not print the query string.

Replies are listed 'Best First'.
Re: Getting a query string.
by almut (Canon) on Oct 27, 2009 at 18:26 UTC

    A CGI script needs to output at least a Content-Type header, followed by an empty line (which indicates the end of the headers section), before the actual content begins... As you've already loaded the CGI module, this is most easily done with print header; anywhere before your print $QueryString;.

    BTW, I hope only trusted users are having access to that URI... Otherwise, directly interpolating the QUERY_STRING into an SQL query without any further checks is a very bad idea, security-wise... (better use placeholders)

[reply]
[d/l]
[select]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Getting a query string.
by marto (Cardinal) on Oct 27, 2009 at 18:29 UTC

    Hmm, I'd actually suggest re reading the CGI documentation.

    You don't print a HTTP header:

    print header;

    Here you do it "by hand", even though you are using CGI

    You are trusting user input, $QueryString could contain something nasty. See Placeholders and Bind Values from the DBI documentation.

    In addition to reading CGI and DBI I'd also suggest reading Ovid's CGI Course, as well as taking a look at some of the other topics in the CGI Programming section of tutorials.

    Martin

[reply]
[d/l]
[select]
      The perl ISAPI module prints the header fine for me, otherwise you would get an IIS error with an invalid heard error. All the scripts that I run like that one never use print header and they work. Example: 
      #!C:\Perl\bin\PerlEx30.dll -w
use strict;
use DBI;
my ($DBH, $STH, @Release);
$DBH = DBI -> connect ('dbi:ODBC:SQLServer', '', '') or die "$DBI::err
+str";
$STH = $DBH -> prepare (qq~select GameName, Console, ReleaseLocation, 
+LongDate from dbo.UpcomingReleases order by ReleaseDate asc~) or die 
+"$DBI::errstr";
$STH -> execute or die "$DBI::errstr";
while (@Release = $STH -> fetchrow_array) {
    print qq~<p>$Release[0]
<br />Media: $Release[1]
<br />Date: $Release[3]
<br />Location: $Release[2]</p>~;
}
$DBH -> disconnect;

      [download]
      Also if you go to the URL provided and look at the source code you will see it properly prints the line but never prints the query string. As for me trusting user input, I am not. This script will only be called via SSI inside html pages, I am only directly calling it to test it. As for printing the header "by hand" in that other script you link that one displayed a full page, this scipt gets data and displays it inline in an SHTML file.
[reply]
[d/l]
[reply]
Re: Getting a query string.
by Your Mother (Archbishop) on Oct 27, 2009 at 22:15 UTC

    Wait? You have this up live? If the server side user running the CGI has more than select permissions on the DB, any malicious web visitor could trash it. If that data has any importance to you (i.e., it's not a test) you should remove the CGI *immediately*. Please read up on the links for SQL injection attacks and placeholders already given by other monks.

    (Update: calling it as an SSI is no protection. If it's callable from a web address by a user it doesn't matter if there is a level of indirection.)

[reply]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Getting a query string.
by gmargo (Hermit) on Oct 27, 2009 at 18:39 UTC

    As the others have said, the header is missing.

    Here's a variant of a cgi script I use to dump out interesting things, like the environment that the web server is providing. 

    #!/usr/bin/perl -w

use strict;
use warnings;
use CGI qw(-debug escapeHTML -oldstyle_urls);

my $q = CGI->new();

print $q->header('text/html');
print "<html>\n";
print "<body>\n";
print "<p>Hello, World</p>\n";
    
print "<p>\n";
print "Environment variables:\n";
print "<br/>\n";
foreach (sort keys %ENV)
{   
    print escapeHTML($_)." => ".escapeHTML($ENV{$_})."\n";
    print "<br/>\n";
}   
print "</p>\n";
    
print "</body>\n";
print "</html>\n";

    [download]
[reply]
[d/l]
    A reply falls below the community's threshold of quality. You may see it by logging in.
Re: Getting a query string.
by Anonymous Monk on Oct 28, 2009 at 03:31 UTC
    ActiveState reccomends you use the CGI OO interface, have you tried  my $q = CGI->new; print $q->query_string? Have you looked in the server logs (or event viewer)?
[reply]
[d/l]
A reply falls below the community's threshold of quality. You may see it by logging in.

Back to Seekers of Perl Wisdom