Beefy Boxes and Bandwidth Generously Provided by pair Networks
XP is just a number
 
PerlMonks  

Need help with syntax error in CGI script

by apariah2 (Initiate)
on Aug 02, 2004 at 00:38 UTC ( [id://379155]=perlquestion: print w/replies, xml ) Need Help??

apariah2 has asked for the wisdom of the Perl Monks concerning the following question:

I'm having a problem, my friends site has had this error for months, I have no idea what is causing the problem, I know nothing about perl but I am ready to learn can anyone help me fix this problem, and another friend built this site, but he has not been able to help fix it any help would be greatly appreciated, he also refered me to this site. ----------------------------------------------------------- This is the error:
Software error: syntax error at addpic.pl line 13, near ") {" syntax error at addpic.pl line 42, near "}" Execution of addpic.pl aborted due to compilation errors.
And this is the page where the error is suppose to be occuring:
----------------------------------------------------------- #!/usr/bin/perl -w use lib './'; use CGI; use File::Basename; use CGI::Carp qw(fatalsToBrowser); use DBI; require './config.pl'; my $query=new CGI; print $query->header(); print $css_style; If $query->upload('fullimage_file') || $query->upload('thumbnail_file' +) { my $img_name = $query->param('item'); my $full_pic = $query->upload('fullimage_file'); my $thumb_pic = $query->upload('thumbnail_file'); my $fullname = basename($full_pic); my $thumbname = basename($thumb_pic); my ($F_name, $f_ext) = split /\./, $fullname,2; my ($T_name, $t_ext) = split /\./, $thumbname,2; my $short_name="$img_name\.$f_ext"; my $short_tname="$img_name\_t\.$t_ext"; my $new_name = "$doc_root$img_folder/$short_name"; my $new_tname = "$doc_root$img_folder/$short_tname"; if ($full_pic ne ''){ open (OUTFILE,">$new_name"); binmode OUTFILE; while ($bytesread=read($full_pic,$buffer,1024)) { print OUTFILE $buffer; } } if ($thumb_pic ne ''){ open (FILE,">$new_tname"); binmode FILE; while ($bytesread=read($thumb_pic,$buffer,1024)) { print FILE $buffer; } } } my $dbh = DBI->connect('DBI:mysql:*********', '*****', '*****' , { +RaiseError => 1 , AutoCommit => 1}) || die "Can't Connect: $!"; my $sth = $dbh->prepare("UPDATE inventory SET img=\"$short_name\", thu +mb=\"$short_tname\" WHERE partno=\"$img_name\";" ); $sth->execute; print "<body onload=\"document.all.Tip7.style.display=''\" bgcolor='#3 +33366' text='#D5D5D5' leftmargin='0' topmargin='0'><table width='755' + border='0' cellpadding='0' cellspacing='4' bgcolor='#000000' align=' +center'><tr><td><table bgcolor='#575d92' cellspacing='0' border='0'>< +tr><td colspan='2' bgcolor='#000000'><img src='/img/top1.jpg'><br>$me +nu_code</td></tr><tr><td bgcolor=$page_color >"; print '<table width="95%" align="center" valign="top"><tr><td align=ce +nter bgcolor="#5F6490"><div ID="Tip1" Style="display:none;">Go to our + home page.</div><div ID="Tip2" Style="display:none;">View our Online + Catalog.</div><div ID="Tip3" Style="display:none;">Learn more about +the services we provide.</div><div ID="Tip4" Style="display:none;">Ou +r Research and Development page.</div><div ID="Tip5" Style="display:n +one;">Learn more about turbos.</div><div ID="Tip6" Style="display:non +e;">All about Turbo Boss.</div><div ID="Tip7" Style="display:none;">W +elcome to Turbo Boss.</div></td></tr><tr><td>'; print $query->start_multipart_form(); print $query->hidden(-name=>"item", -value=>"$img_name"); print 'This will replace any existing images for this product.<p>'; print '<p>Full Sized Image:<br>'; print $query->filefield('fullimage_file','',50,80); print '<p>Thumbnail Image:<br>'; print $query->filefield('thumbnail_file','',50,80); print '<p><center>', $query->submit(-name=>'', -value=>'Add Pics') . ' +</center>'; print '<p><center><a href="/additem.pl">Back to add parts</a></td></tr +></table>'; print "<br><br></td></tr><tr bgcolor='#5F6490'><td><center><b>$admin_l +inks</b></center></td></tr></table><tr><td><img src='/img/bottom.jpg' + border='0'></td></tr></table>"; print $query->end_html;
Edited 2004-08-01 by Ovid

20040802 Edit by davido: Changed title from '379155 : What Is causing This'

Replies are listed 'Best First'.
Re: Need help with syntax error in CGI script (security hole)
by Ovid (Cardinal) on Aug 02, 2004 at 01:47 UTC

    In addition to what the others have said, I'd like to point out a huge security hole. I've reformatted the code for clarity, but the following is logically equivalent to what you have:

    my $dbh = DBI->connect( 'DBI:mysql:*********', '*****', '*****', {RaiseError => 1 , AutoCommit => 1} ) || die "Can't Connect: $!"; my $sth = $dbh->prepare(<<END_SQL); UPDATE inventory SET img="$short_name", thumb="$short_tname" WHERE partno="$img_name"; ENDSQL $sth->execute;

    Never allow user to be able to send data directly to the database like this. If you do, you open yourself up to SQL injection attacks where the attacker can insert their own SQL and run it arbitrarily against the server. You can protect against this by using the $dbh->quote method on the variables before you insert them. However, a cleaner strategy is to always use placeholders:

    my $sth = $dbh->prepare(<<END_SQL); UPDATE inventory SET img = ?, thumb = ? WHERE partno = ?; ENDSQL $sth->execute($short_name, $short_tname, $img_name);

    Read "Placeholders and Bind Values" in the DBI documentation for more information.

    Cheers,
    Ovid

    New address of my CGI Course.

Re: Need help with syntax error in CGI script
by beable (Friar) on Aug 02, 2004 at 01:01 UTC
    The error on line 13 is caused by using If instead of if. If is a syntax error, because keywords are normally in lowercase, so change it to if.

    Also, we'd need to see what's in config.pl, because I suspect there are variables in there such as $doc_root which are necessary for the script to run.

Re: Need help with syntax error in CGI script
by edoc (Chaplain) on Aug 02, 2004 at 01:08 UTC
    - If $query->upload('fullimage_file') || $query->upload('thumbnail_f +ile') { + if ( $query->upload('fullimage_file') || $query->upload('thumbnail +_file') ){

    cheers,

    J

Re: Need help with syntax error in CGI script
by superfrink (Curate) on Aug 02, 2004 at 01:04 UTC
    On line 13 try changing "If" to "if".
    [frink@truth ~]$perl if(1) { print "yeah\n"; } yeah [frink@truth ~]$perl If(1) { print "no\n"; } syntax error at - line 1, near ") {" Execution of - aborted due to compilation errors.
Re: Need help with syntax error in CGI script
by davidj (Priest) on Aug 02, 2004 at 01:11 UTC
    If $query->upload('fullimage_file') || $query->upload('thumbnail_file' +) {
    should be
    if( $query->upload('fullimage_file') || $query->upload('thumbnail_file +') ) {
    (The if is lowercase and parens were added)

    Also the } on line 43 should be moved to line 27.

    That is, instead of

    if( $query->upload('fullimage_file') || $query->upload('thumbnail_file +') ) { my $img_name = $query->param('item'); my $full_pic = $query->upload('fullimage_file'); my $thumb_pic = $query->upload('thumbnail_file'); my $fullname = basename($full_pic); my $thumbname = basename($thumb_pic); my ($F_name, $f_ext) = split /\./, $fullname,2; my ($T_name, $t_ext) = split /\./, $thumbname,2; my $short_name="$img_name\.$f_ext"; my $short_tname="$img_name\_t\.$t_ext"; my $new_name = "$doc_root$img_folder/$short_name"; my $new_tname = "$doc_root$img_folder/$short_tname"; if ($full_pic ne ''){ open (OUTFILE,">$new_name"); binmode OUTFILE; while ($bytesread=read($full_pic,$buffer,1024)) { print OUTFILE $buffer; } } if ($thumb_pic ne ''){ open (FILE,">$new_tname"); binmode FILE; while ($bytesread=read($thumb_pic,$buffer,1024)) { print FILE $buffer; } } }
    you should have
    if( $query->upload('fullimage_file') || $query->upload('thumbnail_file +') ) { my $img_name = $query->param('item'); my $full_pic = $query->upload('fullimage_file'); my $thumb_pic = $query->upload('thumbnail_file'); my $fullname = basename($full_pic); my $thumbname = basename($thumb_pic); my ($F_name, $f_ext) = split /\./, $fullname,2; my ($T_name, $t_ext) = split /\./, $thumbname,2; my $short_name="$img_name\.$f_ext"; my $short_tname="$img_name\_t\.$t_ext"; my $new_name = "$doc_root$img_folder/$short_name"; my $new_tname = "$doc_root$img_folder/$short_tname"; } if ($full_pic ne ''){ open (OUTFILE,">$new_name"); binmode OUTFILE; while ($bytesread=read($full_pic,$buffer,1024)) { print OUTFILE $buffer; } } if ($thumb_pic ne ''){ open (FILE,">$new_tname"); binmode FILE; while ($bytesread=read($thumb_pic,$buffer,1024)) { print FILE $buffer; } }
    making those changes will at least get it to compile (with some warning). Whether it runs correctly or not is another matter.

    davidj

      Moving the line 42 } is not a good idea; then the scope of all those lexicals doesn't extend to where they are actually used.
        Maybe his code that I downloaded was corrupted, because moving the } is the only way I got it to compile.

        davidj

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: perlquestion [id://379155]
Approved by graff
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others admiring the Monastery: (4)
As of 2024-05-30 15:26 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found