Beefy Boxes and Bandwidth Generously Provided by pair Networks
Just another Perl shrine
 
PerlMonks  

Re^11: Recalcitrant placeholders (updated x2)

by haukex (Bishop)
on Aug 06, 2021 at 17:20 UTC ( #11135658=note: print w/replies, xml ) Need Help??


in reply to Re^10: Recalcitrant placeholders
in thread Recalcitrant placeholders

Sorry for the delay haukex

I hope we can stop apologizing to each other, sometimes good things take time ;-D

Update 2: Sorry, I should have also said: Thanks for taking the time to work out the SSCCE, I can now reproduce the issue reliably! /Update2

I've made a bit of progress: The issue exists in Perl 5.16, but not in any Perl version after that (same versions of MySQL, DBI, and DBD::mysql).

Unfortunately, DBI and DBD::mysql contain a bunch of XS code. I can only guess that there was some bug in regards to XS code and taint mode in Perl itself or in the interaction between the driver's XS and Perl - whatever it is, it appears to have been fixed in 5.18.

Perl 5.16.3 is now over 8 years old and no longer supported. You may want to ask your webhost to upgrade their Perl. Or, perhaps they already have a newer Perl installed, under a different name such as perl5.XX.

Update: I ran a bisect, and it points to 4bac9ae Magic flags harmonization. However, since this is very internals-heavy, I have no idea if this is a red herring or not. Unfortunately, this is as far as I can go at the moment - my suggestion to get a newer Perl stands.

$ ./Porting/bisect.pl --expect-fail --with-module=DBI,DBD::mysql --no- +module-tests --start=v5.16.3 --end=v5.18.4 -- ./perl -Ilib -T /tmp/te +st.pl 'foo@bar.com' # good: [fd04d42d38f4751b981eb6e9213ee1ab8ef11ea6] final changes for r +elease as 5.16.3 # bad: [51202371ba68f3f52f13124a3ea1bc3c171e0ee2] add v5.18.4 to perlh +ist # good: [559550aea97a776e8aa784032f554f5a717ac19b] include some more d +ata in new-perldelta output # bad: [624a1c42c1b67cb5d676986900a9d4acab64883c] clean up vmem.h, rem +ove unused instrumentation hooks # good: [12f98b43fb8a44e8dfde5d99489b6a599bb91908] anonsub.t: Improve +test for [perl #71154] # bad: [a3d517785b3dcac4f3f7aa5c85386a1a8074f46d] perldelta for Unicod +e property performance gains # bad: [7c70caa5333de92b09e138154bed7f78f783be3b] Forbid braces as for +mat delimiters # bad: [42409c4069deb2417b838a49810ecbce306a72b9] Stop truncate(word) +from falling back to file name # bad: [7ca04d94dfa99b3a611a70d3d9a08aa0ccc1fb04] update Module::CoreL +ist for 5.17.2 # good: [ac7af3f615eb56bda50bf123662b15779da26826] fix RT#114068 optim +izer handles MEOL in middle of pattern improperly # bad: [a3314d5f77f945cb8f418a3f4f09bf8f69bb4c3e] mark blead-only modi +fications of Compress::Raw::{Bzip2,Zlib} with version bump # good: [5d8673bca0104a9e3975238e86672281f7f71c03] pp_hot.c: Mention t +hat pp_grepstart calls pp_pushmark # good: [c55d2e076a02daf604c28e6725a61c1495171552] perly.y: Remove use + of latefree from package foo {} # good: [6e22b38560ae8c2f1293a7f9bc2709541ea4d528] dump.c: Dump op->op +_s(labbed|avefree) # bad: [4bac9ae47b5ad7845a24e26b0e95609805de688a] Magic flags harmoniz +ation. # good: [b8a55fe78ae4ecc0a81a2d98dba9fead6df06efb] perldelta updates # first bad commit: [4bac9ae47b5ad7845a24e26b0e95609805de688a] Magic f +lags harmonization.

Note: Due to the quirks of git bisect in combination with bisect.pl, the terms "good" and "bad" are actually confusing, as they mean: good=the issue is present; bad=the issue is not present. The test script was the following, with the database being set up as in my example above and the table being CREATE TABLE Person ( idPerson INT, email VARCHAR(256) ); INSERT INTO Person (idPerson, email) VALUES (42, 'foo@bar.com');:

#!/usr/bin/perl -T use warnings; use strict; use feature 'say'; use Scalar::Util qw/tainted/; use DBI; my $email = shift; my %data = ( email => $email ); die unless tainted($data{email}); my ($db_user,$db_pass) = ($ENV{USER}, 'barfoo'); my $dbh = DBI->connect( "DBI:mysql:database=testing;host=127.0.0.1", $db_user, $db_pass, { RaiseError=>1, AutoCommit=>1, TaintIn=>0 }); my ($test) = $dbh->selectrow_array( "SELECT idPerson FROM Person WHERE email = ?", undef, $data{email}); die "<$test>" unless $test==42; say "OK!";

Replies are listed 'Best First'.
Re^12: Recalcitrant placeholders (updated x2)
by Bod (Curate) on Aug 08, 2021 at 18:52 UTC
    I can now reproduce the issue reliably!

    Thank goodness!
    I was beginning to think I was going mad :)

    Thank you for investigating this with so much energy and perseverance.

    Perl 5.16.3 is now over 8 years old and no longer supported. You may want to ask your webhost to upgrade their Perl.

    I have asked before and the answer has always been no...
    If I want a later version of Perl they say, I need to change from shared hosting to either VPS or a dedicated server.

    My yearly shared webhosting contract ends at the start of November so I guess now is about the time to make the overdue switch to VPS.

    My concerns about VPS are that I don't have the time to manage it if (when) anything goes wrong plus the very real possibility that I could break something essential. With shared hosting, the inner workings of the webserver are shielded from me and I am just left to deal with my own code. With a VPS or dedicated server, much more could go wrong!

    Perhaps I should buy a cheapish refurbed PC and install some flavour of Linux on it. That way I get to find my way around a bit more before making the switch to VPS. It would also give me something to test things on before touching the live webserver...

        There are still shared webhosts out there that have better support

        I use UK2 and have done for about 25 years...(nearly) all my domains are registered through them so having hosting in the same place sort of makes sense and I hadn't even considered moving hosting company. Probably because it sounds like it could be a faff - I shall look into what is really involved, or I might just bite the bullet and get a VPS!

        choices, choices and more choices...

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://11135658]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this? | Other CB clients
Other Users?
Others studying the Monastery: (2)
As of 2021-10-24 19:07 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?
    My first memorable Perl project was:







    Results (89 votes). Check out past polls.

    Notices?