1

这是我第一次同时使用 perl 和数据库进行编程,我在确定如何准确编写将 html 表单的结果输入 mysql 数据库的 perl 脚本时遇到了一些问题。

这个特定的片段是导致我问题的原因:

    # CONFIG VARIABLES
    $platform = "mysql";
    $database = "*****";
    $host = "localhost";
    $port = "3306";
    $user = "*****";
    $pw = "*****";

    # DATA SOURCE NAME
    $dsn = "dbi:$platform:$database:$host:$port";

    # PERL DBI CONNECT
    $connect = DBI->connect($dsn, $user, $pw);

    # PREPARE THE QUERY
    $query = "INSERT INTO result (name, console, character, series, bday, steam) VALUES (fname, favConsole, fCharacter, favSeries, birthday, steamAcc)";
    $query_handle = $connect->prepare($query);

    # EXECUTE THE QUERY
    #$query_handle->execute();

我用星号替换了数据库名称、用户名和密码,但真实代码具有真实值。

我不确定为什么连接和执行线会给我带来问题。

另外,一旦用户点击提交按钮,我将把提示放在哪里以便写入信息?我尝试将执行添加为表单操作,但这不起作用。

这是我到目前为止的工作:

    #!/usr/bin/perl

    use CGI qw( :standard );
    use DBI;
    use DBD::mysql;

    # CONFIG VARIABLES
    $platform = "mysql";
    $database = "*****";
    $host = "localhost";
    $port = "3306";
    $user = "*****";
    $pw = "*****";

    # DATA SOURCE NAME
    $dsn = "dbi:$platform:$database:$host:$port";

    # PERL DBI CONNECT
    $connect = DBI->connect($dsn, $user, $pw);

    # PREPARE THE QUERY
    $query = "INSERT INTO result (name, console, character, series, bday, steam) VALUES (fname, favConsole, fCharacter, favSeries, birthday, steamAcc)";
    $query_handle = $connect->prepare($query);

    # EXECUTE THE QUERY
    #$query_handle->execute();

    $dtd =
    "-//W3C//DTD XHTML 1.0 Transitional//EN\"
       \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";

    print( header() );

    print( start_html( { dtd => $dtd,
      title => "~Video Game Survey~" } 
      #style=>{"background-image:url(/images/blue_line_background.jpg) ";
      #}
      ) );
    #print( " <body style="background-image:url(/images/blue_line_background.jpg)">\n " );


    print( "<body>\n" );
    print(     "<div style = \"font-size: 14pt; font-weight: bold\">\n" );
    print(      "Please let us know a bit more about yourself.\n" );
    print(     "</div>\n" );
    print( "</body>\n" );

    print( "<br />\n " );

    #Start of the form.
    print( "<form method = \"post\" > \n" );

    #First question, asking the visitor's name.  Name will be stored in the database         but not displayed on the
    #survey results.
    print( "<p>\n" );
    print(      "First of all, what is your name?\n" );
    print(      "<input type = \"text\" name = \"fname\" placeholder = \"John Doe\" required />\n" );
    print( "</p>\n" );

    print( "<br /><br />\n" );

    #Second question, type dropdown list.
    print( "<img src = \"/images/favConsole.png\" />\n");
    print( "<p>\n" );
    print(      "Gaming comes in all sorts of shapes and sizes.  What is your favorite console?\n" );
    print( "</p>\n" );
    print( "<dd>\n" );
    print(      "<input type = \"text\" name = \"favConsole\" placeholder = \"Select a console\"
                   list = \"consoles\" required/>\n" );
    print(              "<datalist id = \"consoles\">\n" );
    print(                  "<option value= \"PC\">\n" );
    print(                  "<option value= \"Playstation 3\">\n" );
    print(                  "<option value= \"Xbox 360\">\n" );
    print(                  "<option value= \"Wii\">\n" );
    print(              "</datalist>\n" );
    print( "</dd>\n");

    print( "<br /><br />\n" );

    #Third question, type radio.  Default value: Mario
    print( "<img src = \"/images/favCharacter.png\" />\n" );
    print( "<p>\n" );
    print(      "Out of the following list, who is your favorite video game character?\n" );
    print( "</p>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Mario\" checked><label>Mario</label></dd>\n" ); 
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Sephiroth\" ><label>Sephiroth</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Sonic\" ><label>Sonic</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Thrall\" ><label>Thrall</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Pacman\" ><label>Pacman</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Cloud\" ><label>Cloud</label></dd>\n" );
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Sylvanas\" ><label>Sylvanas</label></dd>\n ");
    print(      "<dd><input name = \"fCharacter\" type = \"radio\" value = \"Kerrigan\" ><label>Kerrigan</label></dd>\n ");
    print( "</dd>\n" );

    print( "<br /><br />\n" );

    #Fourth question, type dropdown.  Required.
    #Dropdown options will not appear unless the window is maximized in terms of height.
    print( "<img src = \"/images/favSeries.png\" />\n" );
    print( "<p>\n" );
    print(      "Which of the following series is your favorite?\n" );
    print( "</p>\n" );
    print(      "<input type = \"text\" name = \"favSeries\" placeholder = \"Select a series\"
                   list = \"series\" required/>\n" );
    print(              "<datalist id = \"series\">\n" );
    print(                  "<option value= \"Legend of Zelda\">\n" );
    print(                  "<option value= \"Halo\">\n" );
    print(                  "<option value= \"Bioshock\">\n" );
    print(                  "<option value= \"Resident Evil\">\n" );
    print(                  "<option value= \"Mario Party\">\n" );
    print(                  "<option value= \"Angry Birds\">\n" );
    print(                  "<option value= \"The Sims\">\n" );
    print(                  "<option value= \"Mass Effect\">\n" );
    print(                  "<option value= \"Half-Life\">\n" );
    print(                  "<option value= \"Warcraft\">\n" );
    print(                  "<option value= \"Starcraft\">\n" );
    print(                  "<option value= \"Borderlands\">\n" );
    print(              "</datalist>\n" );

    print( "<br /><br />\n" );

    #Fifth question, type date.  No default value, but still required.
    print( "<img src = \"/images/bday.png\" />\n" );
    print( "<p>\n" );
    print(      "What is your cake day?\n" );
    print( "</p>\n" );
    print(      "<input type = \"date\" name = \"birthday\" required />(yyyy-mm-dd)\n" );

    print( "<br /><br />\n" );

    #Sixth question, type radio.  Default value: no.
    print( "<p>\n" );
    print(      "Last but not least, do you have a Steam account?\n" );
    print(      "<input name = \"steamAcc\" type = \"radio\" value = \"Y\" >        <label>Yes</label>\n" );
    print(      "<input name = \"steamAcc\" type = \"radio\" value = \"N\" checked>        <label>No</label>\n" );
    print( "</p>\n" );

    print( "<p>\n" );
    print(      "<input type = \"submit\" value = \"Submit\" />\n" );
    print(      "<input type = \"reset\" value = \"Clear\" /></p>\n" );
    print( "</p>\n" );

    #End of the form
    print( "</form>\n" );

    print( end_html() );
4

2 回答 2

1

从以下几点开始:

  1. 将这些行添加到脚本的顶部以确保代码安全。

    use strict;
    use warnings;
    
  2. 上述步骤意味着您需要使用 声明所有变量my,例如

    my $dsn = ...
    
  3. 如果连接或执行有任何问题,告诉 DBI 抛出一个错误(默认情况下它不会这样做)。从错误消息中,您可以获得更多线索来弄清楚发生了什么。

    my $dbh = DBI->connect($dsn, $user, $pw, {RaiseError => 1});
    
  4. 为您的 SQL 使用占位符(这可以防止 SQL 注入,并自动在 SQL 中添加您的插入值)

    my $query = 'insert into (name, console) values (?, ?)';
    my $sth = $connect->prepare($query);
    $sth->execute('fname', 'favConsole');
    # this is equivalent to:
    # "insert into (name, console) values ('fname', 'favConsole')"
    
  5. 您的值需要从 CGI 参数中提取(我猜您还没有达到那个阶段)。

于 2012-12-18T03:49:45.800 回答
0
$query_handle = $connect->prepare($query)

应该

$query_handle = $dbh->prepare($query)

$something是变量的名称。你没有一个名为 的变量$connect,所以这显然是不对的。该行接受数据库连接和查询字符串,并返回一个查询句柄,一个包含运行查询所需的所有信息的对象。

于 2012-12-18T00:26:15.497 回答