0

Perl has beaten me down good today and I have a question. I'm accessing a perl script via a link from another perl script. agent.pl?agentid=40

In the agent.pl script I'm using the displaying the query string without issues in two different ways: 

my $thatagent = $q->param('agentid');
$form{agentid}

I set the lexical variable at the beginning of my script of outside of all subroutine. I then use $thatagent to display the agent id number in the "default" subroutine which displays HTML when the script runs. I don't have any issues here.

$dbh->{AutoCommit} = 0;

my $q = CGI->new;

my $thatagent = $q->param('agentid');

my %form = $q->Vars;



if (! $q->param("savebtn")) {
&ViewAgent();
exit;
}

&UpdateAgent();

I call two subroutines from the viewagent subroutine and use $form{agentid} in select statements also without issue.

my $sth = $dbh->prepare("select a.name, a.paidcommission, a.paidreferral, paddy.address1, paddy.address2, paddy.city, paddy.state, paddy.zipcode, maddy.address1, maddy.address2, maddy.city, maddy.state, maddy.zipcode, bc.name, bc.phonenumber, bc.phoneext, bc.phonenumber2, bc.phoneext2, bc.fax, bc.email, sc.name, sc.phonenumber, sc.phoneext, sc.phonenumber2, sc.phoneext2, sc.fax, sc.email from agent a inner join entity e on entityid = agentid inner join address paddy on paddy.addressid = physicaladdressid inner join address maddy on maddy.addressid = mailingaddressid inner join contact bc on bc.contactid = billingcontactid inner join contact sc on sc.contactid = salescontactid where a.agentid = $form{agentid};") or die "prepare statement failed: $DBI::errstr\n";

and 

my $sth = $dbh->prepare("select agentid, note, createdt, createuser from agentnote where agentid = $form{agentid};") or die "prepare statement failed: $DBI::errstr\n";

Then comes the problem, I call another subroutine (&updateagent listed above) globally and attempt to use $thatagent but it fails. If I hard code a number, it works just fine.

sub UpdateAgent {


my $sth = $dbh->prepare("UPDATE agent SET name=?, paidcommission=?, paidreferral=?    WHERE agentid=?;") or die "prepare statement failed: $DBI::errstr\n";

$sth->execute($form{'name'}, $form{'paidcommission'}, $form{'paidreferral'}, $thatagent) or die "prepare statement failed: $DBI::errstr\n";

$sth->finish;

}

I feel I must have some sort of disconnect with my subroutine "seeing" the rest of my script but am unsure. Please help!

Thanks in advance :)

Improve this question
6
  • Is the subroutine defined after the declaration of the variable? Commented Mar 6, 2013 at 23:34
  • Is mod_perl involved? Commented Mar 6, 2013 at 23:42
  • Please reduce the code to the minimum necessary to reproduce the error and post that. Commented Mar 6, 2013 at 23:44
  • 3
    PS - Your code suffers from SQL injection vulnerabilities. Commented Mar 6, 2013 at 23:45
  • It is not no. I'm not even sure what mod_perl is hehe. Commented Mar 6, 2013 at 23:45

2 Answers 2

Reset to default
2

I'm guessing you are running this script under some kind of system such as mod_perl, where the .pl file gets compiled into a subroutine that is called as needed. The actual code ends up looking like this:

sub invoke_agent_pl {
    ...
    my $thatagent = ...;
    ...

    sub updateagent {
        ...
        # do something with $thatagent
        ...
    }
}

What happens here is that the $thatagent variable used by updateagent isn't always the same as the $thatagent variable set by the automatically created wrapper invoke_agent_pl.

The easiest fix is to say our $thatagent, not my. Better is to not use what are essentially global variables in your script.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I'm just running it locally with apache, perl and mysql. I tried using our already :-(
then: show your apache configuration that tells it how to run .pl files; show a stripped down runnable example that demonstrates the problem.
0

OK, so I added

my @thatagent = split(/=/,$ENV{'QUERY_STRING'});

my $thatagent = $thatagent[1];

and it kept the variable throughout the script.

I don't know a whole lot about Perl, but man that seems weird. Like I said, in the initial subroutine displaying the HTML (and the two subroutines called from the HTML subroutine) I was able to use 

$form{agentid}

from where I read my cgi parameters into a hash without issue.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.