Beginning Web Development With Perl : From Novice to ... - Nabo

More documents

Recommendations

Info

62CHAPTER 3 ■ DATABASES AND PERLwhen input is allowed unchecked or the program executes a SQL statement without first properlysanitizing it for the database’s consumption. The DBI contains an aptly titled quote() method toproperly escape or sanitize SQL statements for you.You should use the quote() method for any statement that will use parameters or othervariables or input that could possibly be dirty. The quote() method belongs to a database handle,since nearly every database server has its own set of rules for quoting. Consider this code,assuming a database handle of $dbh has already been created:my $dirtystring = "This is some %really% \"weird\" \\* input";my $cleanstring = $dbh->quote( $dirtystring);my $sth = $dbh->prepare("SELECT * from tablename where something = $cleanstring");So, the example shown earlier in this section might look like this:my $usernamein = "suehring";my $sth = $dbh->prepare("SELECT host FROM mysql.user WHERE user = " .$dbh->quote($usernamein . " ");While it may seem like a hassle to need to clean up input and other parameters beforeusing them in a statement, the trade-off is well worth the extra typing. I could go into a storyakin to the age-old “I used to have to walk 18 miles a day to school” of how life was prior to thequote() method, but rest assured that using quote() is much easier and simpler than needingto do the same function manually against all input.Executing Other SQL StatementsNot all statements must go through the prepare() and execute() methods, or even createa statement handle prior to being run against the database server. The database handle’s do()method executes a statement immediately against the database. This is useful for performingactions like DELETE, INSERT, and UPDATE, which don’t actually retrieve any results from the database,but merely perform an action against the database.The do() method is used in the context of a database handle. Assuming a database handleof $dbh with a table called table, you might use do() like this:my $rows = $dbh->do("DELETE from table where id = '4'");The $rows variable would contain the number of rows affected by this statement. If thestatement executes successfully, regardless of the number of rows deleted, the do() methodwill return true. In other words, the rows affected could still be zero, even though the statementexecuted successfully.Binding ParametersAs you saw earlier, you can use the quote() method to create dynamic SQL statements. However,another method exists for creating such statements, namely parameters. Parameters arealso known by a few other names or concepts, such as binding or placeholders. When you hearone of these terms, it’s referring to the concepts described in this section.
CHAPTER 3 ■ DATABASES AND PERL 63You may be asking why you would use binding instead or interpolated value queries. Bindingspeeds up the execution of the same SQL statement. Therefore, if you’re going to be executing thesame statement but with different values, you can gain speed by using parameters. Whether ornot you should use parameters also depends on the database that you’re using; not all databasesimplement binding.Recall a previous example that used variable interpolation to build the statement handlefor a dynamic query:my $sth = $dbh->prepare("SELECT host FROM mysql.user WHERE user = " .$dbh->quote($usernamein . " ");Using parameters, that statement handle would look like this:my $sth = $dbh->prepare("SELECT host FROM mysql.user WHERE user = ?");$sth->bind_param(1, $username);The bind_param() method on the statement handle accepts an index value, beginningwith 1, to specify the order in which the parameters should be bound, and it then accepts thevalue itself, this time in the variable $username.Notice that the quote() method is not used here. Since bind_param() hands off the parametersto the database separate from the SQL statement, the quote() method isn’t necessary.You can (and many times will) bind multiple values. Consider this example:my $sth = $dbh->prepare("SELECT host FROM mysql.user WHERE user = ? AND host = ?");$sth->bind_param(1, $username);$sth->bind_param(2, $hostname);It’s important to understand that not all portions of a statement can be parameterized. Forexample, most databases won’t allow you to parameterize the entire WHERE clause of a SQL statement.However, binding the values used within that WHERE clause is valid on many databases.Rather than using bind_param() to bind parameters to their values, you can also send thevalues when you call execute(). You must specify the values in the same order in which theyappear in the SQL statement. So, based on the SQL statement in this example:my $sth = $dbh->prepare("SELECT host FROM mysql.user WHERE user = ? AND host = ?");username should be specified first and host second. Therefore, this would be correct:$sth->execute($username,$hostname);and this would be incorrect:$sth->execute($hostname,$username);Inserting Data into a DatabaseInserting rows into a database is largely the same syntactically as retrieving rows from it, withthe obvious changes to the SQL syntax itself. For example, you could use the do() method orthe prepare() method for inserting into a database. You create the database handle as youwould for any other database operation, create the statement handle the same way, and callexecute() if you’ve used prepare().
Page 3 and 4:
Beginning Web Development with Perl
Page 5 and 6:
PART 5 ■ ■ ■ Creating Web Tem
Page 8 and 9:
■CONTENTSvii■CHAPTER 4 System I
Page 10 and 11:
■CONTENTSixCreating a SOAP Listen
Page 12 and 13:
■CONTENTSxiTemplate Toolkit Synta
Page 14 and 15:
About the Author■STEVE SUEHRING i
Page 16 and 17:
AcknowledgmentsThanks to James Lee
Page 18 and 19:
xx■INTRODUCTIONThis book will use
Page 20 and 21:
CHAPTER 1■ ■ ■The CGI ModuleT
Page 22 and 23:
CHAPTER 1 ■ THE CGI MODULE 5for t
Page 24 and 25:
CHAPTER 1 ■ THE CGI MODULE 7Obvio
Page 26 and 27:
CHAPTER 1 ■ THE CGI MODULE 9exit;
Page 28 and 29: CHAPTER 1 ■ THE CGI MODULE 11Each
Page 30 and 31: CHAPTER 1 ■ THE CGI MODULE 13When
Page 32 and 33: CHAPTER 1 ■ THE CGI MODULE 15Upda
Page 34 and 35: CHAPTER 1 ■ THE CGI MODULE 17rese
Page 36 and 37: CHAPTER 1 ■ THE CGI MODULE 19prin
Page 38 and 39: CHAPTER 1 ■ THE CGI MODULE 21Sett
Page 40 and 41: CHAPTER 1 ■ THE CGI MODULE 23You
Page 42 and 43: CHAPTER 1 ■ THE CGI MODULE 25■C
Page 44 and 45: CHAPTER 1 ■ THE CGI MODULE 27No m
Page 46 and 47: CHAPTER 1 ■ THE CGI MODULE 29The
Page 48 and 49: CHAPTER 1 ■ THE CGI MODULE 31prin
Page 50 and 51: CHAPTER 1 ■ THE CGI MODULE 33Also
Page 52 and 53: CHAPTER 2■ ■ ■Popular CGI Mod
Page 54 and 55: CHAPTER 2 ■ POPULAR CGI MODULES 3
Page 66 and 67: 50CHAPTER 3 ■ DATABASES AND PERLT
Page 68 and 69: 52CHAPTER 3 ■ DATABASES AND PERLm
Page 70 and 71: 54CHAPTER 3 ■ DATABASES AND PERLl
Page 72 and 73: 56CHAPTER 3 ■ DATABASES AND PERLc
Page 74 and 75: 58CHAPTER 3 ■ DATABASES AND PERLR
Page 80 and 81: 64CHAPTER 3 ■ DATABASES AND PERLA
Page 90 and 91: 74CHAPTER 4 ■ SYSTEM INTERACTION
Page 92 and 93: 76CHAPTER 4 ■ SYSTEM INTERACTIONt
Page 94 and 95: 78CHAPTER 4 ■ SYSTEM INTERACTIONc
Page 96 and 97: 80CHAPTER 4 ■ SYSTEM INTERACTIONA
Page 98 and 99: 82CHAPTER 4 ■ SYSTEM INTERACTIONm
Page 100 and 101: 84CHAPTER 4 ■ SYSTEM INTERACTIONs
Page 102 and 103: 86CHAPTER 4 ■ SYSTEM INTERACTIONr
Page 104 and 105: CHAPTER 5■ ■ ■LWP ModulesLWP
Page 106 and 107: CHAPTER 5 ■ LWP MODULES 91HTTP Re
Page 108 and 109: CHAPTER 5 ■ LWP MODULES 93Get Fun
Page 110 and 111: CHAPTER 5 ■ LWP MODULES 95When ca
Page 112 and 113: CHAPTER 5 ■ LWP MODULES 97These a
Page 114 and 115: CHAPTER 5 ■ LWP MODULES 99Recall
Page 116 and 117: CHAPTER 5 ■ LWP MODULES 101which
Page 118 and 119: CHAPTER 5 ■ LWP MODULES 103For th
Page 120 and 121: CHAPTER 5 ■ LWP MODULES 105Obviou
Page 122 and 123: 108CHAPTER 6 ■ NET:: TOOLSCreatin
Page 124 and 125: 110CHAPTER 6 ■ NET:: TOOLSThe out
Page 126 and 127: 112CHAPTER 6 ■ NET:: TOOLSmy $pop
Page 128 and 129:
114CHAPTER 6 ■ NET:: TOOLSthe POP
Page 130 and 131:
116CHAPTER 6 ■ NET:: TOOLS($messa
Page 132 and 133:
118CHAPTER 6 ■ NET:: TOOLSListing
Page 134 and 135:
120CHAPTER 6 ■ NET:: TOOLSFor the
Page 136 and 137:
122CHAPTER 6 ■ NET:: TOOLSNet::SM
Page 138 and 139:
124CHAPTER 6 ■ NET:: TOOLS$smtpco
Page 140 and 141:
126CHAPTER 6 ■ NET:: TOOLSuse Net
Page 142 and 143:
128CHAPTER 6 ■ NET:: TOOLSListing
Page 144 and 145:
130CHAPTER 6 ■ NET:: TOOLSFor exa
Page 146 and 147:
132CHAPTER 6 ■ NET:: TOOLSSending
Page 148 and 149:
PART 3■ ■ ■XML and RSS
Page 150 and 151:
138CHAPTER 7 ■ SOAP-BASED WEB SER
Page 152 and 153:
Page 154 and 155:
Page 156 and 157:
Page 158 and 159:
Page 160 and 161:
Page 162 and 163:
Page 164 and 165:
Page 166 and 167:
154CHAPTER 8 ■ PERL AND RSSFigure
Page 168 and 169:
156CHAPTER 8 ■ PERL AND RSShttp:/
Page 170 and 171:
158CHAPTER 8 ■ PERL AND RSSDebugg
Page 172 and 173:
160CHAPTER 8 ■ PERL AND RSS$rsswr
Page 174 and 175:
162CHAPTER 8 ■ PERL AND RSSListin
Page 176 and 177:
CHAPTER 9■ ■ ■XML Parsing wit
Page 178 and 179:
CHAPTER 9 ■ XML PARSING WITH PERL
Page 180 and 181:
Page 182 and 183:
Page 184 and 185:
Page 186 and 187:
Page 188 and 189:
Page 190 and 191:
Page 192 and 193:
PART 4■ ■ ■PerformanceEnhance
Page 194 and 195:
184CHAPTER 10 ■ APACHE AND MOD_PE
Page 196 and 197:
Page 198 and 199:
Page 200 and 201:
Page 202 and 203:
Page 204 and 205:
Page 206 and 207:
Page 208 and 209:
Page 210 and 211:
Page 212 and 213:
202CHAPTER 11 ■ DEVELOPMENT WITH
Page 214 and 215:
Page 216 and 217:
Page 218 and 219:
Page 220 and 221:
Page 222 and 223:
Page 224 and 225:
Page 226 and 227:
Page 228 and 229:
Page 230 and 231:
Page 232 and 233:
Page 234 and 235:
Page 236 and 237:
Page 238 and 239:
Page 240 and 241:
Page 242 and 243:
CHAPTER 12■ ■ ■The Template T
Page 244 and 245:
CHAPTER 12 ■ THE TEMPLATE TOOLKIT
Page 246 and 247:
Page 248 and 249:
Page 250 and 251:
Page 252 and 253:
Page 254 and 255:
Page 256 and 257:
Page 258 and 259:
Page 260 and 261:
Page 262 and 263:
Page 264 and 265:
Page 266 and 267:
Page 268 and 269:
Page 270 and 271:
Page 272 and 273:
CHAPTER 13■ ■ ■Perl Web Sites
Page 274 and 275:
CHAPTER 13 ■ PERL WEB SITES WITH
Page 276 and 277:
Page 278 and 279:
Page 280 and 281:
Page 282 and 283:
Page 284 and 285:
Page 286 and 287:
Page 288 and 289:
Page 290 and 291:
Page 292 and 293:
284APPENDIX ■ PERL BASICSKeywords
Page 294 and 295:
286APPENDIX ■ PERL BASICS$ perl n
Page 296 and 297:
288APPENDIX ■ PERL BASICSAnd line
Page 298 and 299:
290APPENDIX ■ PERL BASICSCan you
Page 300 and 301:
292APPENDIX ■ PERL BASICSBy defau
Page 302 and 303:
294APPENDIX ■ PERL BASICS#!/usr/b
Page 304 and 305:
296APPENDIX ■ PERL BASICSThe last
Page 306 and 307:
298APPENDIX ■ PERL BASICSThe NOT
Page 308 and 309:
300APPENDIX ■ PERL BASICSprint "S
Page 310 and 311:
302APPENDIX ■ PERL BASICSthe syst
Page 312 and 313:
304APPENDIX ■ PERL BASICS$ perl s
Page 314 and 315:
306APPENDIX ■ PERL BASICSThis cod
Page 316 and 317:
308APPENDIX ■ PERL BASICS$a = 6 *
Page 318 and 319:
310APPENDIX ■ PERL BASICS$a = "A9
Page 320 and 321:
312APPENDIX ■ PERL BASICS#!/usr/b
Page 322 and 323:
314APPENDIX ■ PERL BASICSmy $name
Page 324 and 325:
316APPENDIX ■ PERL BASICSis short
Page 326 and 327:
318APPENDIX ■ PERL BASICSLet’s
Page 328 and 329:
320APPENDIX ■ PERL BASICSOther Te
Page 330 and 331:
322APPENDIX ■ PERL BASICS}}}actio
Page 332 and 333:
324APPENDIX ■ PERL BASICSNotice t
Page 334 and 335:
326APPENDIX ■ PERL BASICSLooping
Page 336 and 337:
328APPENDIX ■ PERL BASICSuse stri
Page 338 and 339:
330APPENDIX ■ PERL BASICSuntil ($
Page 340 and 341:
332APPENDIX ■ PERL BASICSuse stri
Page 342 and 343:
334APPENDIX ■ PERL BASICSdoneAll
Page 344 and 345:
336APPENDIX ■ PERL BASICS$ perl r
Page 346 and 347:
338APPENDIX ■ PERL BASICSSummaryT
Page 348 and 349:
340■INDEXmethods for retrieving r
Page 350 and 351:
342■INDEXdo() method for, 62dumpi
Page 352 and 353:
344■INDEXhello option for Net::SM
Page 354 and 355:
346■INDEXNet::DNS module, 125-128
Page 356 and 357:
348■INDEXrecord with Net::DNS mod
Page 358 and 359:
350■INDEXstoring mail server in e
Page 360 and 361:
352■INDEXlogging based on, 229pri
show all

Beginning Web Development With Perl : From Novice to ... - Nabo

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?