mysql - 在 perl 中处理表单并将结果写入数据库

Question

这是我第一次同时使用 perl 和数据库进行编程，我在确定如何准确编写将 html 表单的结果输入 mysql 数据库的 perl 脚本时遇到了一些问题。

这个特定的片段是导致我问题的原因：

    # CONFIG VARIABLES
    $platform = "mysql";
    $database = "*****";
    $host = "localhost";
    $port = "3306";
    $user = "*****";
    $pw = "*****";

    # DATA SOURCE NAME
    $dsn = "dbi:$platform:$database:$host:$port";

    # PERL DBI CONNECT
    $connect = DBI->connect($dsn, $user, $pw);

    # PREPARE THE QUERY
    $query = "INSERT INTO result (name, console, character, series, bday, steam) VALUES (fname, favConsole, fCharacter, favSeries, birthday, steamAcc)";
    $query_handle = $connect->prepare($query);

    # EXECUTE THE QUERY
    #$query_handle->execute();

我用星号替换了数据库名称、用户名和密码，但真实代码具有真实值。

我不确定为什么连接和执行线会给我带来问题。

另外，一旦用户点击提交按钮，我将把提示放在哪里以便写入信息？我尝试将执行添加为表单操作，但这不起作用。

这是我到目前为止的工作：

    #!/usr/bin/perl

    use CGI qw( :standard );
    use DBI;
    use DBD::mysql;

    # CONFIG VARIABLES
    $platform = "mysql";
    $database = "*****";
    $host = "localhost";
    $port = "3306";
    $user = "*****";
    $pw = "*****";

    # DATA SOURCE NAME
    $dsn = "dbi:$platform:$database:$host:$port";

    # PERL DBI CONNECT
    $connect = DBI->connect($dsn, $user, $pw);

    # PREPARE THE QUERY
    $query = "INSERT INTO result (name, console, character, series, bday, steam) VALUES (fname, favConsole, fCharacter, favSeries, birthday, steamAcc)";
    $query_handle = $connect->prepare($query);

    # EXECUTE THE QUERY
    #$query_handle->execute();

    $dtd =
    "-//W3C//DTD XHTML 1.0 Transitional//EN\"
       \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";

    print( header() );

    print( start_html( { dtd => $dtd,
      title => "~Video Game Survey~" } 
      #style=>{"background-image:url(/images/blue_line_background.jpg) ";
      #}
      ) );
    #print( " <body style="background-image:url(/images/blue_line_background.jpg)">\n " );


    print( "<body>\n" );
    print(     "<div style = \"font-size: 14pt; font-weight: bold\">\n" );
    print(      "Please let us know a bit more about yourself.\n" );
    print(     "</div>\n" );
    print( "</body>\n" );

    print( "<br />\n " );

    #Start of the form.
    print( "<form method = \"post\" > \n" );

    #First question, asking the visitor's name.  Name will be stored in the database         but not displayed on the
    #survey results.
    print( "<p>\n" );
    print(      "First of all, what is your name?\n" );
    print(      "<input type = \"text\" name = \"fname\" placeholder = \"John Doe\" required />\n" );
    print( "</p>\n" );

    print( "<br /><br />\n" );

    #Second question, type dropdown list.
    print( "<img src = \"/images/favConsole.png\" />\n");
    print( "<p>\n" );
    print(      "Gaming comes in all sorts of shapes and sizes.  What is your favorite console?\n" );
    print( "</p>\n" );
    print( "<dd>\n" );
    print(      "<input type = \"text\" name = \"favConsole\" placeholder = \"Select a console\"
                   list = \"consoles\" required/>\n" );
    print(              "<datalist id = \"consoles\">\n" );
    print(                  "<option value= \"PC\">\n" );
    print(                  "<option value= \"Playstation 3\">\n" );
    print(                  "<option value= \"Xbox 360\">\n" );
    print(                  "<option value= \"Wii\">\n" );
    print(              "</datalist>\n" );
    print( "</dd>\n");

    print( "<br /><br />\n" );

    #Third question, type radio.  Default value: Mario
    print( "<img src = \"/images/favCharacter.png\" />\n" );
    print( "<p>\n" );
    print(      "Out of the following list, who is your favorite video game character?\n" );
    print( "</p>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Mario\" checked><label>Mario</label></dd>\n" ); 
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Sephiroth\" ><label>Sephiroth</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Sonic\" ><label>Sonic</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Thrall\" ><label>Thrall</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Pacman\" ><label>Pacman</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Cloud\" ><label>Cloud</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Sylvanas\" ><label>Sylvanas</label></dd>\n ");
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Kerrigan\" ><label>Kerrigan</label></dd>\n ");
    print( "</dd>\n" );

    print( "<br /><br />\n" );

    #Fourth question, type dropdown.  Required.
    #Dropdown options will not appear unless the window is maximized in terms of height.
    print( "<img src = \"/images/favSeries.png\" />\n" );
    print( "<p>\n" );
    print(      "Which of the following series is your favorite?\n" );
    print( "</p>\n" );
    print(      "<input type = \"text\" name = \"favSeries\" placeholder = \"Select a series\"
                   list = \"series\" required/>\n" );
    print(              "<datalist id = \"series\">\n" );
    print(                  "<option value= \"Legend of Zelda\">\n" );
    print(                  "<option value= \"Halo\">\n" );
    print(                  "<option value= \"Bioshock\">\n" );
    print(                  "<option value= \"Resident Evil\">\n" );
    print(                  "<option value= \"Mario Party\">\n" );
    print(                  "<option value= \"Angry Birds\">\n" );
    print(                  "<option value= \"The Sims\">\n" );
    print(                  "<option value= \"Mass Effect\">\n" );
    print(                  "<option value= \"Half-Life\">\n" );
    print(                  "<option value= \"Warcraft\">\n" );
    print(                  "<option value= \"Starcraft\">\n" );
    print(                  "<option value= \"Borderlands\">\n" );
    print(              "</datalist>\n" );

    print( "<br /><br />\n" );

    #Fifth question, type date.  No default value, but still required.
    print( "<img src = \"/images/bday.png\" />\n" );
    print( "<p>\n" );
    print(      "What is your cake day?\n" );
    print( "</p>\n" );
    print(      "<input type = \"date\" name = \"birthday\" required />(yyyy-mm-dd)\n" );

    print( "<br /><br />\n" );

    #Sixth question, type radio.  Default value: no.
    print( "<p>\n" );
    print(      "Last but not least, do you have a Steam account?\n" );
    print(      "<input name = \"steamAcc\" type = \"radio\" value = \"Y\" >        <label>Yes</label>\n" );
    print(      "<input name = \"steamAcc\" type = \"radio\" value = \"N\" checked>        <label>No</label>\n" );
    print( "</p>\n" );

    print( "<p>\n" );
    print(      "<input type = \"submit\" value = \"Submit\" />\n" );
    print(      "<input type = \"reset\" value = \"Clear\" /></p>\n" );
    print( "</p>\n" );

    #End of the form
    print( "</form>\n" );

    print( end_html() );

Answer 1

从以下几点开始：

1. 将这些行添加到脚本的顶部以确保代码安全。

   use strict;
   use warnings;
   

2. 上述步骤意味着您需要使用 声明所有变量my，例如

   my $dsn = ...
   

3. 如果连接或执行有任何问题，告诉 DBI 抛出一个错误（默认情况下它不会这样做）。从错误消息中，您可以获得更多线索来弄清楚发生了什么。

   my $dbh = DBI->connect($dsn, $user, $pw, {RaiseError => 1});
   

4. 为您的 SQL 使用占位符（这可以防止 SQL 注入，并自动在 SQL 中添加您的插入值）

   my $query = 'insert into (name, console) values (?, ?)';
   my $sth = $connect->prepare($query);
   $sth->execute('fname', 'favConsole');
   # this is equivalent to:
   # "insert into (name, console) values ('fname', 'favConsole')"
   

5. 您的值需要从 CGI 参数中提取（我猜您还没有达到那个阶段）。

Answer 2

$query_handle = $connect->prepare($query)

应该

$query_handle = $dbh->prepare($query)

$something是变量的名称。你没有一个名为 的变量$connect，所以这显然是不对的。该行接受数据库连接和查询字符串，并返回一个查询句柄，一个包含运行查询所需的所有信息的对象。