0

是的,我是一名学生,是的,这是一项作业,但我只需要一些帮助来解决问题。我不打算让别人为我做作业。

所以我有一个数据库,里面有 5 本书,有 6 个不同的数据列。我正在尝试制作一个可以搜索该数据库并在表中返回结果的 perl 程序。我必须添加一种将它们添加到购物车的方法,但稍后会出现。

Perl 的问题是我不知道如何检查为什么会出现“内部服务器错误”。该应用程序进入 Perl 页面,所以我猜不是这样。

    #!/usr/bin/perl

use warnings; # allow for warnings to be sent if error's occur
use CGI qw( :standard ); # not a 100% sure what the rest of these mean but they are like #includs in C++, libraries for reference in the code
use DBI;
use DBD::mysql; #database data will come from mysql

my $dbh = DBI->connect( "DBI:mysql:DATABASE NAME", "USERNAME", "PASS REMOVED" ) or
   die( "Could not make connection to database: $DBI::errstr" );   # connect to the database with address and pass or return error

   $term = $SEARCHTERM[]; #set the search char to $term

   $term =~ tr/A-Z/a-z/;  #set all characters to lowercase for convenience of search

   $sql = "SELECT * FROM Books WHERE Title LIKE %$term% OR Description LIKE %$term% OR Author LIKE %$term%" or die ("$term may have not worked");            #set the query string to search the database

   $sth = $dbh->prepare($sql);  # prepare to connect to the database

   $sth->execute   # connect to the database
 or die "SQL Error: $DBI::errstr\n";   #or return an error
 while (@data = $sth->fetchrow_array) {   #while we are grabbing he queried data do a table setup and set variables for table

print "<table width=\"100%\" border=\"0\"> ";

    $title = $data[0];
    $desc = $data[1];
    $author = $data[2];
    $pub = $data[3];
    $isbn = $data[4];
    $photo = $data[5];

    print "<tr> <td width=50%>Title: $title</td> <td width=50% rowspan=5>$photo</td></tr><tr><td>Discreption Tags: $desc</td></tr><tr><td></td></tr><tr><td>Author: $author</td></tr><tr><td>ISBN: $isbn</td>
</tr></table> \n";



 }

请帮忙!

4

3 回答 3

4

早些时候,有人建议,

my $sql = "
   SELECT *
     FROM Books
    WHERE Title LIKE '%$term%'
       OR Description LIKE '%$term%'
       OR Author LIKE '%$term%'
";
my $sth = $dbh->prepare($sql);
$sth->execute();

假设他对您的问题是正确的,那是不正确的。考虑一下如果有人搜索标题“Foo's Bar”会发生什么......

选项1:

my $sql = '
   SELECT *
     FROM Books
    WHERE Title LIKE '.$dbh->quote("%$term%").'
       OR Description LIKE '.$dbh->quote("%$term%").'
       OR Author LIKE '.$dbh->quote("%$term%").'
';
my $sth = $dbh->prepare($sql);
$sth->execute();

选项 2:

my $sql = '
   SELECT *
     FROM Books
    WHERE Title LIKE ?
       OR Description LIKE ?
       OR Author LIKE ?
';
my $sth = $dbh->prepare($sql);
$sth->execute("%$term%", "%$term%", "%$term%");
于 2013-05-11T03:27:07.960 回答
2

首先,我是否也强烈建议添加use strict;到脚本的顶部,然后修复您将遇到的错误,主要是使用my.

我也可以建议使用现代框架,比如Mojolicious ,而不是使用非常过时的 CGI 模块。它们都可以在类似 CGI 的环境下运行,并且更易于使用!

最后,您应该避免将变量插入 SQL 字符串,因为这会带来巨大的安全风险!试试这个网站了解更多关于这个主题的信息:http: //bobby-tables.com/

于 2013-05-11T02:39:34.713 回答
1

您的选择无效。改变

$sql = "SELECT * FROM Books WHERE Title LIKE %$term% OR Description LIKE %$term% OR Author LIKE %$term%"


$sql = "SELECT * FROM Books WHERE Title LIKE '%$term%' OR Description LIKE '%$term%' OR Author LIKE '%$term%"'

LIKE应该引用模式文字。

于 2013-05-11T01:34:45.020 回答