By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
438,710 Members | 1,970 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 438,710 IT Pros & Developers. It's quick & easy.

how to use if condition in perl

P: 3
i have written program to check whether the username and password entered are members of a company or not.... Im totally new to perl language... so please help me what is wrong with the following program..
thanx in advance...

Expand|Select|Wrap|Line Numbers
  1. #!/usr/bin/perl - w
  2.  
  3. use DBI;
  4. use strict;
  5. use CGI ':standard';
  6.  
  7. my $name = param('name');
  8. my $password = param('password');
  9. my $dbh = DBI->connect('DBI:mysql:test','root','') or die "Can't connect:" . DBI->errstr();
  10. my $sth = $dbh -> prepare('select password from user where name = "$name"') or die "Can't prepare SQL: " . $dbh->errstr();
  11. $sth -> execute() or die "Can't execute SQL: " . $sth -> errstr();
  12.  
  13. my($name1, $password1);
  14. my $flag = 0;
  15.  
  16. while(($password1) = $sth->fetchrow()) 
  17. {
  18. if($password1)    
  19.     print "$password1";
  20. else {
  21.     print "not member\n";
  22.     break;
  23. }
  24. }
  25.  
  26. #if($password1)
  27. #    print "microsoft member";
  28. #else
  29. #    print "not a microsoft member";
  30.  
  31. $sth->finish();
  32. $dbh->disconnect();
Oct 1 '08 #1
Share this Question
Share on Google+
10 Replies


KevinADC
Expert 2.5K+
P: 4,059
one thing is if you use a scalar in a single-quoted string it will not be expanded but treated literally:

Expand|Select|Wrap|Line Numbers
  1. my $sth = $dbh -> prepare('select password from user where name = "$name"')
$name is the above line is literally $name and not whatever value the scalar $name has stored. Try this:

Expand|Select|Wrap|Line Numbers
  1. my $sth = $dbh -> prepare(qq{select password from user where name = "$name"})
There could be other problems with your code, but I did not check it all.
Oct 1 '08 #2

Icecrack
Expert 100+
P: 174
Please Post in Code Tags,

Also Use for more debug.

Expand|Select|Wrap|Line Numbers
  1. use CGI qw(:standard -debug);
  2. use CGI::Carp qw(fatalsToBrowser);
take out:

Expand|Select|Wrap|Line Numbers
  1. use CGI ':standard';

also i would use the package (Module) Mysql
eg.
Expand|Select|Wrap|Line Numbers
  1. use Mysql;
i may have downloaded this but it makes life easy.

eg.

Expand|Select|Wrap|Line Numbers
  1. use Mysql;
  2.  
  3. $host = "127.0.0.1";
  4. $database = "users_l";
  5. $tablename = "users";
  6. $user = " ";
  7. $pw = " ";
  8.  
  9. $connect = Mysql->connect($host, $database, $user, $pw);
  10. $connect->selectdb($database);
  11. $myquery = "SELECT * FROM users WHERE init='$initc'";
  12. $execute = $connect->query($myquery);
  13.  
  14.  
  15. while (($id, $usern, $cleare, $init) = $execute->fetchrow_array())
  16.     {
  17. #check for user name and password match
  18. #pass a flag 
  19. }
  20.  
  21.  
Oct 1 '08 #3

P: 3
Please Post in Code Tags,

Also Use for more debug.

Expand|Select|Wrap|Line Numbers
  1. use CGI qw(:standard -debug);
  2. use CGI::Carp qw(fatalsToBrowser);
take out:

Expand|Select|Wrap|Line Numbers
  1. use CGI ':standard';

also i would use the package (Module) Mysql
eg.
Expand|Select|Wrap|Line Numbers
  1. use Mysql;
i may have downloaded this but it makes life easy.

eg.

Expand|Select|Wrap|Line Numbers
  1. use Mysql;
  2.  
  3. $host = "127.0.0.1";
  4. $database = "users_l";
  5. $tablename = "users";
  6. $user = " ";
  7. $pw = " ";
  8.  
  9. $connect = Mysql->connect($host, $database, $user, $pw);
  10. $connect->selectdb($database);
  11. $myquery = "SELECT * FROM users WHERE init='$initc'";
  12. $execute = $connect->query($myquery);
  13.  
  14.  
  15. while (($id, $usern, $cleare, $init) = $execute->fetchrow_array())
  16.     {
  17. #check for user name and password match
  18. #pass a flag 
  19. }
  20.  
  21.  
where you have declared $initc?? what values it contains????
Oct 1 '08 #4

Icecrack
Expert 100+
P: 174
where you have declared $initc?? what values it contains????
$initc would be a param from form input


Expand|Select|Wrap|Line Numbers
  1. $initc=param('user');


another example:

Expand|Select|Wrap|Line Numbers
  1.  
  2.  
  3. use CGI qw(:standard -debug);
  4. use CGI::Carp qw(fatalsToBrowser);
  5. use Mysql;
  6.  
  7.  
  8. $name=param('name');
  9. $password=param('password');
  10.  
  11.  $host = "127.0.0.1";
  12.  $database = "users_l";
  13.  $tablename = "users";
  14.  $user = " ";
  15.  $pw = " ";
  16.  
  17.  $connect = Mysql->connect($host, $database, $user, $pw);
  18.  $connect->selectdb($database);
  19.  $myquery = "SELECT password FROM user WHERE name='$name'";
  20.  $execute = $connect->query($myquery);
  21.  
  22.  
  23.  while (($sqlpassword) = $execute->fetchrow_array())
  24.      {
  25.  
  26. if ($password eq "$sqlpassword")
  27. {
  28. print "Login Accepted.";
  29. }
  30. elsif ($password ne "$sqlpassword")
  31. {
  32. print "Error Password Incorrect";
  33. }
  34. elsif ($sqlpassword eq undef)
  35. {
  36. print "User Not Found Please Try Again.";
  37. }
  38. }
  39.  

Note: i would also check for perl and SQL cancel characters in the password and user param (never trust your users), as this could lead to unsecure program,

the use of ',;:/.%*)(^%$#@!`~+= try to cancel those characters. (also this will prevent future errors with SQL)
Oct 1 '08 #5

KevinADC
Expert 2.5K+
P: 4,059
also i would use the package (Module) Mysql
I am pretty sure that module is considered obsolete, I don't even see it listed on CPAN anymore.

Edit:

I found it:

http://search.cpan.org/~rudy/DBD-mys...OLETE_SOFTWARE
Oct 1 '08 #6

Icecrack
Expert 100+
P: 174
I am pretty sure that module is considered obsolete, I don't even see it listed on CPAN anymore.

Edit:

I found it:

http://search.cpan.org/~rudy/DBD-mys...OLETE_SOFTWARE
My Bad i didn't read down a little more :P

They must of merged them MS SQL AND MY SQL

yes it's obsolete but still i think its a lot easier and cleaner.
Oct 1 '08 #7

eWish
Expert 100+
P: 971
People are also using Rose which is gaining popularity.


--Kevin
Oct 2 '08 #8

eWish
Expert 100+
P: 971
the use of ',;:/.%*)(^%$#@!`~+= try to cancel those characters. (also this will prevent future errors with SQL)
When making use of the DBI to connect to your database, you can use placeholders and bind values. Using this method will escape special characters for you. Thus your SQL won't complain.

--Kevin
Oct 2 '08 #9

Icecrack
Expert 100+
P: 174
When making use of the DBI to connect to your database, you can use placeholders and bind values. Using this method will escape special characters for you. Thus your SQL won't complain.

--Kevin
thanks for the update :)
Oct 2 '08 #10

KevinADC
Expert 2.5K+
P: 4,059
People are also using Rose which is gaining popularity.


--Kevin
Wow, that started 3 or 4 years ago. Seems to be getting developed at a snails (a very slow snail) pace. I have never come across anyone that is actually using Rose.
Oct 2 '08 #11

Post your reply

Sign in to post your reply or Sign up for a free account.