Cannot fetch sorted data from mysql database by perl - mysql

I am trying to create a cgi based on perl to display my album and now I am working on the sorting function on photos. I stored the information of each photo in mysql. To display all photos, I have to fetch the information first.
Here is the problem: I am expecting the fetched data from mysql is sorted by the file size of each photos, however the result from the fetchrow_array() is the data sorting according to the time being inserted into mysql.
In mysql shell, I tested
SELECT * FROM album ORDER BY filesize;
which gives the expected result sorted by the file size. Here is part of my source code:
#!/usr/bin/perl -w
use strict;
use CGI;
my $sort = 'filesize';
# Connect the database
my $dbh = do 'db.pl';
# Prepare to print out the pictures
my $query;
$query = $dbh->prepare("SELECT * FROM album ORDER BY ?") or die $DBI::errstr;
$query->execute($sort) or die $DBI::errstr;
# Print out all pictures
while( my #data = $query->fetchrow_array() ){
# Process fetched data
(my $id, my $user, my $filepath, my $filename, my $filesize, my $uploadtime, my $description, my $tfilepath, my $sessioninfo) = #data;
print '<fieldset>';
# Display thumbnail
print '<img src="', $tfilepath, '" title="', $description, '">';
# Display filename
print '</br>';
print $filename;
print '</fieldset>';
}
# Finish printing out all fetched pictures
$query->finish;
Am I using the wrong command? Or I am using a wrong approach to do the sorting function?
Thanks for helping!

ORDER BY takes a field name, not an expression.
my $query = "SELECT * FROM album ORDER BY ".$dbh->quote_identifier($sort);
my $sth = $dbh->prepare($query);
$sth->execute();
By the way, you have have bugs on the output side too. What if $description contains """, "&" or "<"? You need some escaping.
sub text_to_html {
my ($s) = #_;
$s =~ s/&/&/g;
$s =~ s/</</g;
$s =~ s/>/>/g;
$s =~ s/"/"/g;
$s =~ s/'/&apos;/g;
return $s;
}
By the way,
(my $id, my $user, my $filepath, my $filename,
my $filesize, my $uploadtime, my $description,
my $tfilepath, my $sessioninfo) = #data;
can be written as
my ($id, $user, $filepath, $filename,
$filesize, $uploadtime, $description,
$tfilepath, $sessioninfo) = #data;

Related

Display content and its related contents in Perl/Mysql

I am trying to achieve this sample output from a small Perl project like this
content1
relatedcontent1
relatedcontent2
relatedcontent2
content2
relatedcontent1
relatedcontent2
here is my code
#!C:/Perl64/bin/perl.exe
use strict;
use warnings;
use v5.10; # for say() function
use DBI;
use HTML::Table;
# MySQL database configurations
my $dsn = "DBI:mysql:naxum";
my $username = "root";
my $password = '';
print "Content-Type:text/html\r\n\r\n";
# connect to MySQL database
my %attr = ( PrintError=>0, # turn off error reporting via warn()
RaiseError=>1 # report error via die()
);
my $dbh = DBI->connect($dsn,$username,$password,\%attr);
# query data from the sponsor table
query_sponsor($dbh);
query_person_by_target($dbh);
sub query_sponsor{
# query from the table
my ($dbh) = #_;
my $sql = "SELECT name,id FROM sponsor";
my $sth = $dbh->prepare($sql);
# execute the query
$sth->execute();
print "<table>\n";
print "<thead>\n";
print "<tr>\n";
print "<th>Id</th>\n";
print "<th>Name</th>\n";
print "</tr>\n";
print "</thead>\n";
print "<tbody>\n";
while(my #row = $sth->fetchrow_array()){
print "<tr>\n";
print "<td>\n";
print $row['1'];
sub query_person_by_target{
my ($dbhPerson) = #_;
my $sqlPerson = "SELECT username, firstname FROM person WHERE sponsor_id = ?";
my $sthPerson = $dbhPerson->prepare($sqlPerson);
$sthPerson->execute($row['1']) or die "execution failed: $dbhPerson->errstr()";
while ( my #rowPerson = $sthPerson->fetchrow_array()){
print "<p>$rowPerson['0']</p>\n";
}
$sth->finish();
}
print "</td>\n";
print "<td>$row['0']</td>\n";
print "</tr>\n";
}
$sth->finish();
print "</tbody>\n";
print "</table>\n";
}
$dbh->disconnect();
However, I can't get the output what I am trying to achieve. Here is the result
content1
content2
content3
.....
relatedcontent1
It will just print one related content outside contents. Every content and its own at least 3 relatedcontent each.
You define your subroutines in the middle of other code in your program. This makes me think you expect them to be executed as they are defined, but that's not the case - they are executed as you call them. And you call them like this:
query_sponsor($dbh);
query_person_by_target($dbh);
So it should come as no surprise that you get all of the output from query_sponsor() followed by all of the output from query_person_by_name().
A far better approach would be to call query_person_by_target() from within query_sponsor(). I'd also split this into two phases - phase one to extract the data into a data structure and phase two to display that data.
As I don't have your database, this code is untested.
#!/usr/bin/perl
use strict;
use warnings;
use feature 'state'; # for state variables
use feature 'say';
use CGI 'header';
sub get_dbh {
# MySQL database configurations
my $dsn = "DBI:mysql:naxum";
my $username = "root";
my $password = '';
# connect to MySQL database
my %attr = (
PrintError=>0, # turn off error reporting via warn()
RaiseError=>1, # report error via die()
);
return DBI->connect($dsn, $username, $password, \%attr);
}
sub query_sponsor {
state $dbh = get_dbh();
my $sql = 'select name, id from sponsor';
my $sth = $dbh->prepare($sql);
$sth->execute;
my #sponsors;
while (my #row = $dbh->fetchrow_array) {
push #sponsors, {
name => $row[0],
id => $row[1],
people => get_people_for_sponsor($row[1]),
};
}
return #sponsors;
}
sub get_people_for_sponsor {
my ($sponsor_id) = #_;
state $dbh = get_dbh;
my $sql = 'select username, firstname
from person
where sponsor_id = ?';
my $sth = $dbh->prepare;
$sth->execute($sponsor_id);
my #people;
while (my #row = $sth->fetchrow_array) {
push #people, {
username => $row[0],
firstname => $row[1],
};
}
return \#people;
}
my #sponsors = query_sponsor();
# Now you have all of your data in #sponsors. You simply need
# to walk that array and use the data to build the output you
# want. My example is plain text - it shouldn't be too hard to
# convert it to HTML.
print header('text/plain');
for my $s (#sponsors) {
say "$s->{id}: $s->{name}";
for my $p (#{$s->{people}}) {
say "* $p->{firstname} / $p->{username}";
}
}
I'd also recommend that you look at using something like the Template Toolkit to produce your output. Putting raw HTML into your Perl program is a terrible idea - it is guaranteed to turn into an unmaintainable mess :-)
You have declared the two subroutines and you are calling one after one so it is executing like that for example consider the following one
sub1();
sub2();
sub sub1()
{
for(0..5)
{
print "hello\n";
sub sub2()
{
print "hi\n";
}
}
}
#output
hello
hello
hello
hello
hello
hello
hi
So you should remove the child query_person_by_target subroutine or call the child subroutine inside the parent subroutine query_sponsor and declare the child subroutine outside of the sub and loop, like below (not tested)
query_sponsor($dbh);
sub query_sponsor
{
# query from the table
my ($dbh) = #_;
my $sql = "SELECT name,id FROM sponsor";
my $sth = $dbh->prepare($sql);
# execute the query
$sth->execute();
print "<table>\n";
print "<thead>\n";
print "<tr>\n";
print "<th>Id</th>\n";
print "<th>Name</th>\n";
print "</tr>\n";
print "</thead>\n";
print "<tbody>\n";
while(my #row = $sth->fetchrow_array())
{
print "<tr>\n";
print "<td>\n";
print $row['1'];
query_person_by_target($dbh);
print "</td>\n";
print "<td>$row['0']</td>\n";
print "</tr>\n";
}
$sth->finish();
print "</tbody>\n";
print "</table>\n";
}
sub query_person_by_target{
my ($dbhPerson) = #_;
my $sqlPerson = "SELECT username, firstname FROM person WHERE sponsor_id = ?";
my $sthPerson = $dbhPerson->prepare($sqlPerson);
$sthPerson->execute($row['1']) or die "execution failed: $dbhPerson->errstr()";
while ( my #rowPerson = $sthPerson->fetchrow_array()){
print "<p>$rowPerson['0']</p>\n";
}
$sth->finish();
}
$dbh->disconnect();

Separate query in single var and execute it using perl script

I have currently working on perl script.
Select Column1,Column2,Column3.. from table.
This query contain some part in $cmd="Select Column1 ";
and other $cmd1=",Column2,Column3 from table"; // This is dynamic part, so split query in two different variable.
After this execute whole query.
How to do this query splitting part.?
use DBI;
use strict;
use warnings;
# Your input !
my $cmd = "Select Column1 ";
my $cmd1 = ",Column2,Column3 from table";
# I am wondering why you have your query like this ...
# but anyway, lets assume there's a reason behind this!
my $dbh =
DBI->connect(
'DBI:mysql:databasename;host=db.example.com', # TODO Change this
'username', # TODO change this
'password', # TODO change this
{ RaiseError => 1 }
) or die "Could not connect to database: $DBI::errstr";
my $sth = $dbh->prepare( $cmd . $cmd1 );
$sth->execute();
my #row;
while ( #row = $sth->fetchrow_array ) {
print "#row\n";
}

Unable to insert a record into MySQL database using DBI

I am trying to insert a record into a MySQL database using Perl DBI. I am not getting any errors but the insert is not working. However, I am able to successfully fetch records from the database using DBI.
Here is the code that does the insert:
#!"C:\xampp\perl\bin\perl.exe"
use diagnostics;
use DBI;
use strict;
use warnings;
my $driver = "mysql";
my $database = "mysql";
my $dsn = "DBI:$driver:database=$database";
my $userid = "root";
my $password = "password";
my $buffer;
my #pairs;
my $pair;
my $name;
my $value;
my %FORM;
# Read in text
my $ENV;
$ENV{'REQUEST_METHOD'} =~ tr/a-z/A-Z/;
if ($ENV{'REQUEST_METHOD'} eq "GET")
{
$buffer = $ENV{'QUERY_STRING'};
}
# Split information into name/value pairs
#pairs = split(/&/, $buffer);
foreach $pair (#pairs)
{
($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%(..)/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
my $first_name= $FORM{name};
my $address = $FORM{address};
my $city = $FORM{city};
my $occupation = $FORM{occupation};
my $age = $FORM{age};
my $dbh = DBI->connect("dbi:mysql:dbname=mysql", "root", "password",{ AutoCommit => 0,RaiseError => 1}, ) or die ("Couldn't connect to database: ") , $DBI::errstr;
# my $sth = $dbh->prepare("INSERT INTO persons
# (FirstName, LastName,Address,City)
# values
# ($first_name, $last_name,$address,$city)");
my $query = "insert into userrecords(Address,Age,City,Name,Occupation)
values (?, ?, ?, ?, ?) ";
my $statement = $dbh->prepare($query) or die ("Couldn't connect to database: "), $DBI::errstr;
$statement->execute($address,$age,$city,$name,$occupation) or die ("Couldn't connect to database: "), $DBI::errstr;
$dbh->disconnect();
my $URL = "http://.....:81/cgi-bin/showdata.cgi";
print "Location: $URL\n\n";
exit(0);
When I run my code in the Padre IDE, I get the following errors:
****Error*********
Useless use of a variable in void context at InsertRecord.cgi line 50 (#1)
(W void) You did something without a side effect in a context that does
nothing with the return value, such as a statement that doesn't return a
value from a block, or the left side of a scalar comma operator. Very
often this points not to stupidity on your part, but a failure of Perl
to parse your program the way you thought it would. For example, you'd
get this if you mixed up your C precedence with Python precedence and
said
$one, $two = 1, 2;
when you meant to say
($one, $two) = (1, 2);
Another common error is to use ordinary parentheses to construct a list
reference when you should be using square or curly brackets, for
example, if you say
$array = (1,2);
when you should have said
$array = [1,2];
The square brackets explicitly turn a list value into a scalar value,
while parentheses do not. So when a parenthesized list is evaluated in
a scalar context, the comma is treated like C's comma operator, which
throws away the left argument, which is not what you want. See
perlref for more on this.
This warning will not be issued for numerical constants equal to 0 or 1
since they are often used in statements like
1 while sub_with_side_effects();
String constants that would normally evaluate to 0 or 1 are warned
about.
Useless use of a variable in void context at InsertRecord.cgi line 59 (#1)
Useless use of a variable in void context at InsertRecord.cgi line 60 (#1)
Use of uninitialized value in transliteration (tr///) at InsertRecord.cgi line
23 (#2)
(W uninitialized) An undefined value was used as if it were already
defined. It was interpreted as a "" or a 0, but maybe it was a mistake.
To suppress this warning assign a defined value to your variables.
To help you figure out what was undefined, perl will try to tell you the
name of the variable (if any) that was undefined. In some cases it cannot
do this, so it also tells you what operation you used the undefined value
in. Note, however, that perl optimizes your program and the operation
displayed in the warning may not necessarily appear literally in your
program. For example, "that $foo" is usually optimized into "that "
. $foo, and the warning will refer to the concatenation (.) operator,
even though there is no . in your program.
Use of uninitialized value $ENV{"REQUEST_METHOD"} in string eq at
InsertRecord.cgi line 24 (#2)
Use of uninitialized value $buffer in split at InsertRecord.cgi line 29 (#2)
Location: http://.......:81/cgi-bin/showdata.cgi
Press any key to continue . . .
***********END***********************
What is the issue?
When I was editing your code so that it was more readable, I stumbled upon what I assume is the solution:
You are using $name when inserting into the database, but you use $first_name when getting the value $FORM{name}. So since you used $name above, it has the value of the last name used, whatever that might be. The relevant code snippets:
($name, $value) = split(/=/, $pair);
...
$FORM{$name} = $value;
...
my $first_name = $FORM{name};
...
$statement->execute($address,$age,$city,$name,$occupation)
# ^^^^^--- should be $first_name
Your problem would have been solved if you had used proper scope on your variables, namely something like this:
foreach my $pair (#pairs) {
my ($name, $value) = split(/=/, $pair);
$value =~ tr/+/ /;
$value =~ s/%(..)/pack("C", hex($1))/eg;
$FORM{$name} = $value;
}
Then when you later would try to use $name, you would get the error
Global variable "$name" requires explicit package name ...
Which would alert you to your mistake and save you hours in debugging time. When you declare variables at the top of the script, instead of in the smallest possible scope, you effectively disable the protection that use strict 'vars' offers. So don't do that.
Also, you should probably use the CGI module instead of trying to handle it manually. It will make things easier, and safer. Don't forget to perform sanity checks on your data to prevent database injection attacks.
Your script when cleaned up and properly formatted looks like this.
What happens when you replace your code with this:
#!"C:\xampp\perl\bin\perl.exe"
use strict;
use warnings;
use diagnostics;
use DBI;
use CGI qw[param redirect];
my $driver = "mysql";
my $database = "mysql";
my $dsn = "DBI:$driver:database=$database";
my $userid = "root";
my $password = "password";
my $dbh = DBI->connect("dbi:mysql:dbname=mysql", "root", "password",
{ AutoCommit => 0,RaiseError => 1}, )
or die "Couldn't connect to database: ", $DBI::errstr;
my $query = "insert into userrecords(Address,Age,City,Name,Occupation)
values (?, ?, ?, ?, ?) ";
my $statement = $dbh->prepare($query)
or die "Couldn't connect to database: " , $DBI::errstr;
$statement->execute(param('address'), param('age'), param('city'),
param('name'), param('occupation'))
or die "Couldn't connect to database: " , $DBI::errstr;
$dbh->disconnect();
my $URL = "http://.....:81/cgi-bin/showdata.cgi";
print redirect($URL);
I've basically made two changes:
Use the CGI.pm module to handle the CGI interaction (getting the parameters and printing the redirection header).
Fixed your "void context" errors by removing the misplaced parentheses in all of your calls to die.
I'm made no substantive changes to the code, but at least we now have a clean version to go with.
Update: D'oh. It's obvious now the code is cleaned up a bit. If you have "Autocommit" turned off, then you need to commit your changes. Add $dbh->commit between the calls to execute() and disconnect().
The warning comes from this:
or die ("Couldn't connect to database: ") , $DBI::errstr;
The , $DBI::errstr is outside of the die and nothing is done with it, thus being in void context. You want something like this:
or die ("Couldn't connect to database: $DBI::errstr");
Also, your form handling code has some issues. If you're writing CGI scripts, you may as well use the CGI module. Here's a quick cleanup of your code:
#!"C:\xampp\perl\bin\perl.exe"
use diagnostics;
use CGI ':standard';
use DBI;
use strict;
use warnings;
my $driver = "mysql";
my $database = "mysql";
my $dsn = "DBI:$driver:database=$database";
my $userid = "root";
my $password = "password";
my $name = param('name');
my $address = param('address');
my $city = param('city');
my $occupation = param('occupation');
my $age = param('age');
my $dbh = DBI->connect( $dsn, $userid, $password,
{ AutoCommit => 1, RaiseError => 1 },
) or die("Couldn't connect to database: $DBI::errstr");
my $query = <<'END';
INSERT INTO userrecords(Address,Age,City,Name,Occupation)
VALUES ( ?, ?, ?, ?, ?)
END
my $statement = $dbh->prepare($query);
$statement->execute( $address, $age, $city, $name, $occupation );
$dbh->disconnect();
my $URL = "http://.....:81/cgi-bin/showdata.cgi";
print "Location: $URL\n\n";
Note that I've removed many or die statements because you already have RaiseError set to a true value.
For simplicity's sake, I've also (reluctantly) turned on AutoCommit.

Perl Import large .csv to MySQL, don't repeat data

I am trying to import several .csv files into a mysql database, the script below works except that it only imports the first row of my csv data into the database. Both my tables are populated with exactly one data entry.
Any help would be appreciated.
Thank you
#!/usr/bin/perl
use DBI;
use DBD::mysql;
use strict;
use warnings;
# MySQL CONFIG VARIABLES
my $host = "localhost";
my $user = "someuser";
my $pw = "somepassword";
my $database = "test";
my $dsn = "DBI:mysql:database=" . $database . ";host=" . $host;
my $dbh = DBI->connect($dsn, $user, $pw)
or die "Can't connect to the DB: $DBI::errstr\n";
print "Connected to DB!\n";
# enter the file name that you want import
my $filename = "/home/jonathan/dep/csv/linux_datetime_test_4.26.13_.csv";
open FILE, "<", $filename or die $!;
$_ = <FILE>;
$_ = <FILE>;
while (<FILE>) {
my #f = split(/,/,$_);
if (length($f[4]) < 10) {
print "No Weight\n";
}
else {
#insert the data into the db
print "insert into datetime_stamp\n";
}
my $sql = "INSERT INTO datetime_stamp (subject, date, time, weight)
VALUES('$f[1]', '$f[2]', '$f[3]', '$f[4]')";
print "$sql\n";
my $query = $dbh->do($sql);
my $sql = "INSERT INTO subj_weight (subject, weight) VALUES('$f[1]', '$f[2]')";
my $query = $dbh->do($sql);
close(FILE);
}
As has been commented, you close the input file after reading the first data entry, and so only populate your database with a single record.
However there are a few problems with your code you may want to consider:
You should set autoflush on the STDOUT file handle if you are printing diagnostics as the program runs. Otherwise perl won't print the output until either it has a buffer full of text to print or the file handle is closed when the program exits. That means you may not see the messages you have coded until long after the event
You should use Text::CSV to parse CSV data instead of relying on split
You can interpolate variables into a double-quoted string. That avoids the use of several concatenation operators and makes the intention clearer
Your open is near-perfect - an unusual thing - because you correctly use the three-parameter form of open as well as testing whether it succeeded and putting $! in the die string. However you should also always use a lexical file handle as well instead of the old-fashioned global ones
You don't chomp the lines you read from the input, so the last field will have a trailing newline. Using Text::CSV avoids the need for this
You use indices 1 through 4 of the data split from the input record. Perl indices start at zero, so that means you are droppping the first field. Is that correct?
Similarly you are inserting fields 1 and 2, which appear to be subject and date, into fields called subject and weight. It seems unlikely that this can be right
You should prepare your SQL statements, use placeholders, and provide the actual data in an execute call
You seem to diagnose the data read from the file ("No Weight") but insert the data into the database anyway. This may be correct but it seems unlikely
Here is a version of your program that includes these amendments. I hope it is of use to you.
#!/usr/bin/perl
use strict;
use warnings;
use DBI;
use Text::CSV;
use IO::Handle;
STDOUT->autoflush;
# MySQL config variables
my $host = "localhost";
my $user = "someuser";
my $pw = "somepassword";
my $database = "test";
my $dsn = "DBI:mysql:database=$database;host=$host";
my $dbh = DBI->connect($dsn, $user, $pw)
or die "Can't connect to the DB: $DBI::errstr\n";
print "Connected to DB!\n";
my $filename = "/home/jonathan/dep/csv/linux_datetime_test_4.26.13_.csv";
open my $fh, '<', $filename
or die qq{Unable to open "$filename" for input: $!};
my $csv = Text::CSV->new;
$csv->getline($fh) for 1, 2; # Drop header lines
my $insert_datetime_stamp = $dbh->prepare( 'INSERT INTO datetime_stamp (subject, date, time, weight) VALUES(?, ?, ?, ?)' );
my $insert_subj_weight = $dbh->prepare( 'INSERT INTO subj_weight (subject, weight) VALUES(?, ?)' );
while (my $row = $csv->getline($fh)) {
if (length($row->[4]) < 10) {
print qq{Invalid weight: "$row->[4]"\n};
}
else {
#insert the data into the db
print "insert into datetime_stamp\n";
$insert_datetime_stamp->execute(#$row[1..4]);
$insert_subj_weight->execute(#$row[1,4]);
}
}

how to bind values INSERT INTO mysql perl

I've got the code below that works but I need to know how to bind them for security. If I just replace $new_row with ? and put it in execute I get an error. Thanks for your help.
foreach my $field (#account_field_order) {
$new_row .= "'" . param($field) . "', ";
}#foreach
$new_row .= "'$status'";
my $dsn = "DBI:mysql:$database";
my $dbh = DBI->connect($dsn, $MYSQLuserid, $MYSQLpassword )
or die $DBI::errstr;
my $sth = $dbh->prepare(qq(INSERT INTO $table VALUES ($new_row) )) or die $DBI::errstr;
$sth->execute() or die $DBI::errstr;
You will want to use placeholders, and never interpolate variables in strings. You should probably use taint mode and de-taint your param values before using them, if safety is important to you. Documentation on placeholders here.
Try something like:
my #values = map param($_), #account_field_order; # add values to array
push #values, $status; # for simplicity
$new_row = join ", ", ("?") x #values; # add ? for each value
... # basically same code as before, except the execute statement:
$sth->execute(#values); # arguments given will be inserted at placeholders
If your values were in a hash, there's the insert_hash example in the docs (under prepare_cached). Adjust as appropriate if not using an array.