how to use if condition in perl

vapanchamukhi

i have written program to check whether the username and password entered are members of a company or not.... Im totally new to perl language... so please help me what is wrong with the following program..
thanx in advance...

Expand|Select|Wrap|Line Numbers

 #!/usr/bin/perl - w
 
use DBI;

use strict;

use CGI ':standard';
 
my $name = param('name');

my $password = param('password');

my $dbh = DBI->connect('DBI:mysql:test','root','') or die "Can't connect:" . DBI->errstr();

my $sth = $dbh -> prepare('select password from user where name = "$name"') or die "Can't prepare SQL: " . $dbh->errstr();

$sth -> execute() or die "Can't execute SQL: " . $sth -> errstr();
 
my($name1, $password1);

my $flag = 0;
 
while(($password1) = $sth->fetchrow()) 

{

if($password1)    

    print "$password1";

else {

    print "not member\n";

    break;

}

}
 
#if($password1)

#    print "microsoft member";

#else

#    print "not a microsoft member";
 
$sth->finish();

$dbh->disconnect();

KevinADC

one thing is if you use a scalar in a single-quoted string it will not be expanded but treated literally:

Expand|Select|Wrap|Line Numbers

 my $sth = $dbh -> prepare('select password from user where name = "$name"')
 

$name is the above line is literally $name and not whatever value the scalar $name has stored. Try this:

Expand|Select|Wrap|Line Numbers

 my $sth = $dbh -> prepare(qq{select password from user where name = "$name"})
 

There could be other problems with your code, but I did not check it all.

Icecrack

Please Post in Code Tags,

Also Use for more debug.

Expand|Select|Wrap|Line Numbers

 use CGI qw(:standard -debug);

use CGI::Carp qw(fatalsToBrowser);

take out:

Expand|Select|Wrap|Line Numbers

use CGI ':standard';

also i would use the package (Module) Mysql
eg.

Expand|Select|Wrap|Line Numbers

use Mysql;

i may have downloaded this but it makes life easy.

eg.

Expand|Select|Wrap|Line Numbers

 use Mysql;
 
$host = "127.0.0.1";

$database = "users_l";

$tablename = "users";

$user = " ";

$pw = " ";
 
$connect = Mysql->connect($host, $database, $user, $pw);

$connect->selectdb($database);

$myquery = "SELECT * FROM users WHERE init='$initc'";

$execute = $connect->query($myquery);
 
while (($id, $usern, $cleare, $init) = $execute->fetchrow_array())

    {

#check for user name and password match

#pass a flag 

}

vapanchamukhi

Please Post in Code Tags,

Also Use for more debug.

Expand|Select|Wrap|Line Numbers

use CGI qw(:standard -debug);

use CGI::Carp qw(fatalsToBrowser);

take out:

Expand|Select|Wrap|Line Numbers

use CGI ':standard';

also i would use the package (Module) Mysql
eg.

Expand|Select|Wrap|Line Numbers

use Mysql;

i may have downloaded this but it makes life easy.

eg.

Expand|Select|Wrap|Line Numbers

use Mysql;

$host = "127.0.0.1";

$database = "users_l";

$tablename = "users";

$user = " ";

$pw = " ";

$connect = Mysql->connect($host, $database, $user, $pw);

$connect->selectdb($database);

$myquery = "SELECT * FROM users WHERE init='$initc'";

$execute = $connect->query($myquery);

while (($id, $usern, $cleare, $init) = $execute->fetchrow_array())

{

#check for user name and password match

#pass a flag

}

where you have declared $initc?? what values it contains????

Icecrack

where you have declared $initc?? what values it contains????

$initc would be a param from form input

Expand|Select|Wrap|Line Numbers

$initc=param('user');

another example:

Expand|Select|Wrap|Line Numbers

  
use CGI qw(:standard -debug);

use CGI::Carp qw(fatalsToBrowser);

use Mysql;
 
$name=param('name');

$password=param('password');
 
 $host = "127.0.0.1";

 $database = "users_l";

 $tablename = "users";

 $user = " ";

 $pw = " ";
 
 $connect = Mysql->connect($host, $database, $user, $pw);

 $connect->selectdb($database);

 $myquery = "SELECT password FROM user WHERE name='$name'";

 $execute = $connect->query($myquery);
 
 while (($sqlpassword) = $execute->fetchrow_array())

     {
 
if ($password eq "$sqlpassword")

{

print "Login Accepted.";

}

elsif ($password ne "$sqlpassword")

{

print "Error Password Incorrect";

}

elsif ($sqlpassword eq undef)

{

print "User Not Found Please Try Again.";

}

}

Note: i would also check for perl and SQL cancel characters in the password and user param (never trust your users), as this could lead to unsecure program,

the use of ',;:/.%*)(^%$#@!`~+= try to cancel those characters. (also this will prevent future errors with SQL)

KevinADC

also i would use the package (Module) Mysql

I am pretty sure that module is considered obsolete, I don't even see it listed on CPAN anymore.

Edit:

I found it:

http://search.cpan.org/~rudy/DBD-mys...OLETE_SOFTWARE

Icecrack

I am pretty sure that module is considered obsolete, I don't even see it listed on CPAN anymore.

Edit:

I found it:

http://search.cpan.org/~rudy/DBD-mys...OLETE_SOFTWARE

My Bad i didn't read down a little more :P

They must of merged them MS SQL AND MY SQL

yes it's obsolete but still i think its a lot easier and cleaner.

eWish

People are also using Rose which is gaining popularity.

--Kevin

eWish

the use of ',;:/.%*)(^%$#@!`~+= try to cancel those characters. (also this will prevent future errors with SQL)

When making use of the DBI to connect to your database, you can use placeholders and bind values. Using this method will escape special characters for you. Thus your SQL won't complain.

--Kevin

Icecrack

When making use of the DBI to connect to your database, you can use placeholders and bind values. Using this method will escape special characters for you. Thus your SQL won't complain.

--Kevin

thanks for the update :)

KevinADC

People are also using Rose which is gaining popularity.

--Kevin

Wow, that started 3 or 4 years ago. Seems to be getting developed at a snails (a very slow snail) pace. I have never come across anyone that is actually using Rose.

how to use if condition in perl

Post your reply

Similar topics

Question stats

	Ask Question
Home Questions Articles Browse Topics Latest Top Members FAQ