Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number

reg access of stored session variable

by amithublikar (Initiate)
on Nov 11, 2013 at 11:03 UTC ( #1061975=perlquestion: print w/replies, xml ) Need Help??
amithublikar has asked for the wisdom of the Perl Monks concerning the following question:

hi ,

I am new to perl .I have a query regarding accessing stored session .Kindly pls help :

here is my
#!/usr/bin/perl -w use strict; use DBI; use CGI qw/:all :html3/; use CGI::Carp qw(fatalsToBrowser); my $cgi = new CGI; use CGI::Session qw(); my $session = CGI::Session->new(); print $cgi->header; print $session->header; print "<html><head>"; print "</head>"; print "<body>"; # here are the values from the HTML form my $username = param('username'); my $password = param('password'); my $groups; my $dbh=DBI->connect('DBI:mysql:database=:host=:user=root') || die "Co +uld not connect to database: ". DBI->errstr; my $query = "select user,password,groups from login_ro where user li +ke '$username' and password like '$password' "; my $sth=$dbh->prepare($query) or die "Couldnt prepare statement:" .$db +h->errstr; $sth->execute(); if(($username,$password,$groups)= $sth->fetchrow_array) { chomp($username); chomp($password); chomp($groups); print "<meta http-equiv=\"refresh\ +" content=\"0; url=./$groups\" />"; print "<input type=hidden name=\"u +sername\" value=\"$username\">"; $session->param("ro", $groups); $session->param("user", $username +); $session->param(User_id => 'U0000 +2'); my $regional_office = $session->p +aram("ro"); print "$regional_office"; my $tmp=$session->param("User_id" +); print "$tmp"; } else { print "<meta http-equiv=\"refresh\" content=\"0; url=. +/\" />"; } # print bottom of page print <<HTML; </body> </html> HTML
this is my page:
#!/usr/bin/perl -w use strict; use warnings; use DBI; use CGI qw/:all :html3/; use CGI::Carp qw(fatalsToBrowser warningsToBrowser); use CGI::Session qw(); use sub test(); my $cgi = new CGI; print "<html><head>"; my $session = CGI::Session->new((undef, $cgi, {Directory=>"/tmp"})); $session = CGI::Session->new(); print $session->header; my $dbh=DBI->connect('DBI:mysql:database=:user=root;host=') || die "Co +uld not connect to database: ". DBI->errstr; my $group = param('groups'); my $atmcount; my $regional_office = $session->param('ro'); ///here is am ac +cesing stored session my $tmp= $session->param('User_id'); print "regional--->$regional_office"; my $user = $session->param('user');
but I am not able to access the stored session .Kindly please help .

Replies are listed 'Best First'.
Re: reg access of stored session variable
by CountZero (Bishop) on Nov 11, 2013 at 11:23 UTC
    My answer has nothing to do with your session problems, but the way you construct your query string is setting you up for a Bobby Tables-attack (aka SQL injection attack).

    Have a look at SQL Injection and use placeholders rather than directly interpolating your data.


    A program should be light and agile, its subroutines connected like a string of pearls. The spirit and intent of the program should be retained throughout. There should be neither too little or too much, neither needless loops nor useless variables, neither lack of structure nor overwhelming rigidity." - The Tao of Programming, 4.1 - Geoffrey James

    My blog: Imperial Deltronics
Re: reg access of stored session variable
by hippo (Abbot) on Nov 11, 2013 at 11:29 UTC

    I've never used CGI::Session, but this looks wrong:

    my $session = CGI::Session->new((undef, $cgi, {Directory=>"/tmp"})); $session = CGI::Session->new();

    Do you mean to overwrite the $session variable here?

    Also, your DB query in the first script looks susceptible to an SQL injection.

Re: reg access of stored session variable
by Mr. Muskrat (Canon) on Nov 11, 2013 at 16:21 UTC

    I won't repeat what has already been said about your database code but read it again, it's important.

    In the first piece of code you are doing something odd:

    print $cgi->header; print $session->header;
    I don't think that it will cause a failure but you might want to examine the generated headers to be certain. You really only the second line.

    Moving on to second piece of code...

    What is use sub test(); supposed to do? I'm not familiar with the sub pragma. Is it one you wrote or should that really be use subs qw(test);?

    You cannot print anything in a CGI program before printing the headers but you've done just that. Move the print "<html><head>"; after the call to print $session->header;.

Re: reg access of stored session variable
by Anonymous Monk on Nov 11, 2013 at 23:22 UTC

    Try structuring your program like this, only print headers/content in one place , it makes debugging easier

Log In?

What's my password?
Create A New User
Node Status?
node history
Node Type: perlquestion [id://1061975]
Approved by hdb
and all is quiet...

How do I use this? | Other CB clients
Other Users?
Others rifling through the Monastery: (5)
As of 2018-03-17 23:26 GMT
Find Nodes?
    Voting Booth?
    When I think of a mole I think of:

    Results (227 votes). Check out past polls.