Beefy Boxes and Bandwidth Generously Provided by pair Networks
Syntactic Confectionery Delight
 
PerlMonks  

Re: No STDERR output using mysql import via perl

by jarich (Curate)
on Apr 04, 2004 at 13:30 UTC ( [id://342466]=note: print w/replies, xml ) Need Help??


in reply to No output using mysql import via perl

Okay, the simple answer to your problem is almost certainly that the mysql error on bad SQL is printed to STDERR. What you're doing in that open statement however, only pipes STDOUT to your program (and STDERR goes to where ever STDERR has been told to go (usually to the same place as your script's STDOUT)).

You can ask for your new (open) process' STDERR to be redirected to the same place as its STDOUT by doing the following:

open(HAND,"mysql -u $user -p$pass $db < $file | 2>&1") or return "failed: $!";
the 2>&1 says "redirect fileno 2 (STDERR) (for this process) to the same place as fileno 1 (STDOUT) (for this process)". Note this won't work if you close any of STDIN, STDOUT, STDERR and then open another file. :)

When using open in the way you do above, you have to be very sure of the values in $user, $pass, $db and $file. If you read in these values from a user (whether on the commandline, through a GUI or through a webpage) you need to use taint checking and make sure that these values look right.

Consider the following example.

my $user = <STDIN>; chomp $user; open (HAND, "mysql -u $user") or die "error $!"; # if $user = "fred; rm -rf *;" then your script will # try very very hard to remove everything in its # working directory.
To avoid the problems above you need to ensure that the username looks like a real username:
#!/usr/bin/perl -wT # the -T flag turns on taint checking use strict; my $user = <STDIN>; chomp $user; # make sure that $user only contains word characters # these are a-z, A-Z, 0-9 and _ # if this is so, assign the value found to $user. # otherwise, die with an error unless(($user) = ($user =~ /^(\w+/)$)) { die "Invalid username: $user\n"; } open (HAND, "mysql -u $user") or die "error $!"; # only good values of $user get to here

If you're always hardcoding these values into a script then you should be fine. (Presumably anyone who has access to edit your script can already add lines in it to delete everything if they so desire...).

One final security warning is that doing what you're doing in your script won't hide your password from people looking at ps (the processes listing). When you open a process this way, you are creating another process and its commandline arguments are there for everyone (with access) to see. If hiding your password is essential you may need to do this another way.


The less simple answer depends on how much further this script is going to progress. If all you want is a simple wrapper around mysql so you don't have to type your username and password all the time then this is fine.

If you want to be able to do stuff with the mysql output etc, then you really ought to consider using DBI or one of the many other database modules.

I hope this helps.

jarich

Log In?
Username:
Password:

What's my password?
Create A New User
Domain Nodelet?
Node Status?
node history
Node Type: note [id://342466]
help
Chatterbox?
and the web crawler heard nothing...

How do I use this?Last hourOther CB clients
Other Users?
Others having an uproarious good time at the Monastery: (5)
As of 2024-03-29 01:15 GMT
Sections?
Information?
Find Nodes?
Leftovers?
    Voting Booth?

    No recent polls found