Subject: Re: CGI-script crashes in web browser, runs fine in shell
Cc:
At , you wrote:
>JEP wrote:
>>
>> Hello,
>> Installed software:
>> Linux 2.0.36 (SuSE 6.0)
>> running mysql 2.22.21
>> apache 1.3.4 mod_perl 1.17
>> perl 5.005
>>
>> When executing for debug purposes a CGI/DBI.pm-based perl script at bash
>> prompt, everything fine
>> using the Xbase.pm modules, the sript runs fine both at shell prompt and
>> using Netscape / IE4, but quite slow, of course
>> We migrated the data, build indexes, but the script coughs up a mysterious
>>
>> "Error DBD::mysql::st execute failed: ase Selected at <perlmodule> line
XXX"
>>
>> We haven't found any reference about this case despite using every search
>> engine even in the mailing list archive
>> Eternal grafetulness for charitable soul who can help
>> TIA
>> Jean Eric PREIS
>>
>> Jep sez:
>
>Could you provide more detail, such as table schema,
>queries, and relevalt prortions of the Perl script?
>Sasha Pachev
Sure
Here's the stuff: very basic dircetkly extracted from PerlCookbok, chap 19
#!/usr/bin/perl
use DBI;
use CGI qw(:standard :html3 :Carp);
use Mysql;
print header(), start_html("yo les cakes!");
print start_form;
print " <b> ", scalar localtime , "</b><br> \n";
print "Moien <br>\n";
#foreach $key (keys %ENV) {
#print $key,"\t",$ENV{$key},"<br>\n";
#}
#print system("whoami");
print textfield('SALUT'),"<br>\n";
print submit();
print end_form;
print hr;
# la premiere partie de la form
# Le traitement d'un clic sur le bouton
if(param()){
print "yo! tu a cherché le noms correspondant à
",param('SALUT'),"<br>\n";
# Pour le test avec Xbase
# my $dbh =DBI->connect("DBI:XBase:/home/jep/exploit/data/DBFS/") or
die("ooops\n");
# en exploit, nous sommes sur MySQL
$username="username";
$password="password"
$dbh =
DBI->connect("DBI:mysql:database=sqldatas;host=localhost;port=3306",$usernam
e,$password) or die $dbh->errstr;
my $valeur;
$valeur= param('SALUT');
$valeur =~ s/$\s+// ;
$valeur =uc($valeur);
my $sqlstring;
if($valeur =~ m/\b[0-9]+/ ){ # un chiffre determine une recherche par
l'ID...
# Digits means ID number
$sqlstring = "select id,nomprenom from tree where id like \'";
}else{ # ...un autre caractère, une recherche par le nom
# everything else means nomprenom field as criterion string..
$sqlstring = "select id,nomprenom from tree where nomprenom like \'";
}
$sqlstring .= $valeur;
$sqlstring .= "%\'";
print $sqlstring,"\n";
$sqh = $dbh->prepare($sqlstring) or die $dbh->errstr;
$sqh->execute or $dbh->errstr;
my @data;
print "<TABLE> <CAPTION> LES RESULTATS </CAPTION>";
@hederz =qw(id nom);
print Tr(th(@hederz));
print "</TABLE>*";
while(@data=$sqh->fetchrow() ) # <-- dies here
{
# tables stuf deleted
print $data[0],"\t",$data[1],"\t";
# provides some nice links
print a({HREF=> "jrfacs.pl?id_query=".$data[0]}, qw(Facture ) ),"\t";
print a({HREF=> "jrfacs.pl?id_query=".$data[0]}, qw(Identité )),"\t";
print a({HREF=> "jrfacs.pl?id_query=".$data[0]}, qw(Compte Client )),"\t";
print a({HREF=> "jrfacs.pl?id_query=".$data[0]}, qw(Arbre )),"\t";
print "<br><hr>\n";
$dbh->disconnect;
print end_html();
}
# la fin du document
# As you can see there's no join
# table tree is a basic customer description, like ID, nomprenom as
char(50) with indexes
Jep sez:
.....
