[13071] in Perl-Users-Digest
Perl-Users Digest, Issue: 481 Volume: 9
daemon@ATHENA.MIT.EDU (Perl-Users Digest)
Thu Aug 12 12:07:14 1999
Date: Thu, 12 Aug 1999 09:05:16 -0700 (PDT)
From: Perl-Users Digest <Perl-Users-Request@ruby.OCE.ORST.EDU>
To: Perl-Users@ruby.OCE.ORST.EDU (Perl-Users Digest)
Perl-Users Digest Thu, 12 Aug 1999 Volume: 9 Number: 481
Today's topics:
Re: Anyone know how to use perl to parse data and gener (Bart Lateur)
Re: Calculation problems in Perl (John Porter)
Re: Corrupted STDOUT <jpeterson@office.colt.net>
Re: exists problem <gene@tekdata.com>
Re: Help - Split Function Blowing My Mind Away!! (Bart Lateur)
Re: is our reese the author of mysql book? (Bart Lateur)
Re: Looking for a good Perl Book <kbandes@home.com>
Re: meaning of $mode (lstat) (Anno Siegel)
Re: Multi-Page Forms (Anno Siegel)
Re: My attempt at perl poetry (Matt)
Re: New Book on Perl Tool Development (Michel Dalle)
Re: p5p flamage (was Re: reference to object method) (Larry Rosler)
Re: Perl is eating up my memory (Kevin Reid)
Re: Perl Novice needs advice (Marcel Grunauer)
Re: Perl Novice needs advice (Steve Linberg)
Re: Read/Retrieve Romote html document? <jerrad@networkengines.com>
Re: Reading from <DATA> more than once <bivey@teamdev.com>
Re: Regexp newbie (Gary O'Keefe)
Re: Reset .. ie clear out a hash array (Gary O'Keefe)
Re: s/// and interpolation <chris_conway@my-deja.com>
Re: s/// and interpolation (Steve Linberg)
Re: Sesssion ID (Benjamin Franz)
Re: Some (tricky?) regexp questions (Bart Lateur)
SQL DBMS interface <cyril@mcst.ru>
Re: SQL DBMS interface <jpeterson@office.colt.net>
Digest Administrivia (Last modified: 1 Jul 99) (Perl-Users-Digest Admin)
----------------------------------------------------------------------
Date: Thu, 12 Aug 1999 15:14:28 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: Anyone know how to use perl to parse data and generate excel reports automatically?
Message-Id: <37bcd95d.12639121@news.skynet.be>
Kurt Leucht wrote:
>I'm confused. I saw an example somewhere in a perl newsgroup of using
>the Win32::OLE Module to write data into an Excel spreadsheet. My
>question is: Was this module written strictly for perl on Windows
>machines, or can I use it to write an Excel spreadsheet from a perl
>script on my Solaris?
Win32::OLE uses the OLE machinery built into Windows. So it cannot
possibly work on Solaris. Porting the modules would not be enough.
Bart.
------------------------------
Date: Thu, 12 Aug 1999 15:24:34 GMT
From: jdporter@min.net (John Porter)
Subject: Re: Calculation problems in Perl
Message-Id: <slrn7r5ppi.ggv.jdporter@min.net>
Alex Croton wrote:
>
> print "Calc: Type=> $type\t\tOld=> $bal\t\tChange=> $change\t\tNew=>
>$newBal\n";
> return ($newBal/100);
>} # end sub calcBal
>
>Where the parameters $bal and $change are 2dp numeric values, I am getting
>(sometimes) lines on the output as follows :-
>
>"Calc: Type=> Pay Old=> 46.73 Change=> 38.87 New=> 786.000000000002"
I hate to have to say it, but: RTFM.
in perldoc perlfaq4 - Data Manipulation,
the very first question -- THE VERY FIRST! -- is:
Why am I getting long decimals (eg, 19.9499999999999)
instead of the numbers I should be getting (eg, 19.95)?
hth, hand,
John Porter
------------------------------
Date: Thu, 12 Aug 1999 15:11:24 GMT
From: Jon Peterson <jpeterson@office.colt.net>
Subject: Re: Corrupted STDOUT
Message-Id: <wuBs3.64$u07.632@news.colt.net>
Andrew Green <green@argonet.co.uk> wrote:
> Although it's a CGI script, I'm confident it's likely to be more of a
> problem with my Perl skills, which is why I've posted here. I sincerely
> apologise if anyone disagrees.
[snip]
> I also tried to run the script offline, through telnet, on exactly the
> same server. It works fine in this context, every time - but as soon as
> it's running in a CGI environment with more than a few records to
> display, the weird outputs begin. The script barely uses CGI input, FWIW.
Well, it _sounds_ from this like it is a CGI related failing not a Perl
problem. I've read through the code quickly and there are regexp substitutions
going on that could easily be catching you out. But, given the above quoted
paragraph, I would suggest you try running this under a different web server
first. Also, I would suggest testing with differnet browsers, and I would
suggest removing any javascript from the output during testing, it will only
muddle the issue.
------------------------------
Date: Thu, 12 Aug 1999 10:40:05 -0500
From: Gene LeFave <gene@tekdata.com>
Subject: Re: exists problem
Message-Id: <37B2EAD5.C2083594@tekdata.com>
To all who responded to my problem, thanks!
It was indeed the old bait and switch problem, Perl V4 was in the
/usr/bin directory used by cgi-bin. While perl v5 was in the default
path. Apparently, my customers well meaning, dp department, thought
they were doing us a favor.
Thanks again!
Gene
------------------------------
Date: Thu, 12 Aug 1999 15:14:26 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: Help - Split Function Blowing My Mind Away!!
Message-Id: <37bbd7ab.12205433@news.skynet.be>
Larry Rosler wrote:
> But I would probably write that line thus:
>
> my $y = shift;
>
>or, if I were concerned about the microscopic inefficiency of the shift,
>
> my $y = $_[0];
Actually, I'd expect the explicit indexing to cause some microscopic
inefficiency as well.
>Assigning an array @_ to a one-element array slice ($y) rubs across the
>grain, somehow.
Not to me. I expect @_ to contain just one item, but there's no harm doe
if there are more.
sub testing {
my($y) = @_;
print "Got: <$y>\n";
}
testing 1;
testing 1,2;
Plus, it requires little editing if you decide you need one more
parameter.
my($y) = @_;
becomes
my($y,$q) = @_;
Bart.
------------------------------
Date: Thu, 12 Aug 1999 15:07:53 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: is our reese the author of mysql book?
Message-Id: <37bfe2da.15067685@news.skynet.be>
Abigail wrote:
>But aren't they very similar in nature? Why does "my $foo; my $bar =
>$foo + 1" give a warning? Why doesn't the same argument hold for "my
>@foo; my @bar = (@foo, 1)"? I find that inconsistent.
Although unitialized arrays don't bite me as much as undefined scalaras,
maybe it is.
This is related to using defined() on aggregates. Try:
for (1..3) {
my @ary;
print $_, defined @ary?'T':'F';
@ary = (1);
}
Now try the same with
my @ary = ();
And you'll get the same result:
1F2T3T
You can't fix the warnings without fixing defined(), or better: the
machinery behind the scenes.
Bart.
------------------------------
Date: Thu, 12 Aug 1999 11:23:31 -0400
From: Kenneth Bandes <kbandes@home.com>
Subject: Re: Looking for a good Perl Book
Message-Id: <37B2E6F3.676F1A04@home.com>
Abigail wrote:
> '' The only thing that beats the Camel in describing
> '' the latest version of Perl is the on-line docs that come with the
> '' latest version of Perl.
>
> True. Which is worse than it sounds, as the online docs are not very
> good in crossreferencing, there isn't a extensive index, and in places
> it heavily relies on Unix and C knowledge. The on-line docs are great if
> you know your way around in them. They hardly leave a topic uncovered,
> but it takes an efford to find things. And while I can use grep almost
> as easily as Tom can, I don't think the necessity to grep through the
> pods is a feature.
>
> We all whine about the people asking question here that are found in the
> faq, or the manual. But sometimes we should realize it isn't easy to
> find things.
Yes!!! Thank you!!! All knowledge is contained in the on-line docs, but they are
not necessarily well-indexed, nor necessarily very clear when the right topic is
found. For that matter, all questions could be answered by reading the source code,
which is freely available, but we would hardly be justified in saying "go read the
source code, and if you haven't found the answer, come back and ask again."
I don't understand the sport of flaming newbies, personally. If a message says
"newbie" in the subject, filter it out, ignore it, or answer it, but why torture the
poor sucker who posted it, even if in the long run s/he could have found the answer
by plowing through the docs?
Ken Bandes
------------------------------
Date: 12 Aug 1999 15:53:21 -0000
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: meaning of $mode (lstat)
Message-Id: <7ouqlh$r64$1@lublin.zrz.tu-berlin.de>
Martien Verbruggen <mgjv@comdyn.com.au> wrote in comp.lang.perl.misc:
>Mr/Ms/Mrs QuestionExchange,
>
>Are you delibrately trying to piss us off? You have been told many
>many times now to _NOT_ quote more than the relevant parts of the post
>you reply to. You have been told to attribute the quotes. You have
>been asked to format your replies correctly. You have been informed
>that we don't like people hiding behind aliases like yours, posing as
>an expert, while you obviously are not. It has been shown repeatedly
>that many of your answers are incomplete, off the mark or plainly
>wrong. The worst thing is that people who care about correct
>information in this group can't even killfile you, because they need
>to keep correcting you.
They don't care. QE is a web based enterprise. Their mode of
operation is (their words):
For Customers
1. Submit a question, the value you
are willing to pay for an answer,
and the deadline.
2. An expert that has passed the
certification exam answers your question.
3. You review the answer and evaluate
its quality. If the answer is
unacceptable you get the money back.
For Experts
1. Take the certification exam.
2. Answer an open question.
3. Get paid 95% of the question's[1]
value.
I have no beef with that so far, but I find their usenet activity
extremely annoying. I believe they have a pool of already paid-for
answers which they slap on semi-fitting questions to advertise their
business on usenet. It's a new level of spam, IMHO, and I'm afraid
we're going to see more of that. If there's enough of it, it may be
time to revise the set of accepted posting rules.
Until then, I just hope they appall so many potential experts that
their business dies of lack of expertise.
Anno
[1] Sic. Greengrocer's apostrophe.
------------------------------
Date: 12 Aug 1999 15:20:06 -0000
From: anno4000@lublin.zrz.tu-berlin.de (Anno Siegel)
Subject: Re: Multi-Page Forms
Message-Id: <7ouon6$r3b$1@lublin.zrz.tu-berlin.de>
Alan J. Flavell <flavell@mail.cern.ch> wrote in comp.lang.perl.misc:
>On 12 Aug 1999, Sam Holden wrote:
>
>> On 12 Aug 1999 1:49:7 GMT, QuestionExchange <USENET@questionexchange.com> wrote:
>>
>> <snip 30 line quote without attribution>
>
>(and so on)
>
>> Do you really think your post was useful? Do you think it was more
>> useful than yesterdays answer by Randal L. Schwartz?
>
>The only way they seem to have found of raising the relative value of
>their for-pay service is to vandalise this group.
Not only this one. I find these guys extremely disturbing. They
must be watched closely.
Anno
------------------------------
Date: Thu, 12 Aug 1999 15:45:00 GMT
From: mck@iag.net (Matt)
Subject: Re: My attempt at perl poetry
Message-Id: <37b2ebb0.2787017@news.iag.net>
Pure...poetry.
------------------------------
Date: Thu, 12 Aug 1999 15:42:19 GMT
From: michel.dalle@usa.net (Michel Dalle)
Subject: Re: New Book on Perl Tool Development
Message-Id: <7ouq5h$cku$1@news.mch.sbs.de>
Keywords: Perl, Tools
In article <rr45e6eekrl94@corp.supernews.com>, "Edward B Toupin" <etoupin@toupin.com> wrote:
>We are considering publishing a new book about Perl tool development and are
>looking for a few people with the right qualifications to review and comment
>on the manuscript. If interested, please send an email to etoupin@toupin.com
>with a brief description of your credentials and I will send you more
>information.
>
How are we to understand "Perl Tool Development" ?
- Using tools for the development of Perl scripts
- Development of tools with Perl
- Tools for the development of Perl
- Perl tools for the development of whatever
- Development with the 'Perl tool'
- Development of the 'Perl tool'
- ...
Michel.
------------------------------
Date: Thu, 12 Aug 1999 08:48:44 -0700
From: lr@hpl.hp.com (Larry Rosler)
Subject: Re: p5p flamage (was Re: reference to object method)
Message-Id: <MPG.121c8cb2607dde2f989e49@nntp.hpl.hp.com>
In article <7oulg8$5uk$3@info2.uah.edu> on 12 Aug 1999 14:25:12 GMT,
Greg Bacon <gbacon@itsc.uah.edu> says...
...
> People whine, gripe, and complain about p5p's attitude toward changes
> to the Holiest of Holies, but I like it that way. The fact that changes
> to the core are subject to such scrutiny is a sign that people really and
> truly care about Perl and its future. Pumpkings could apply every patch
> that crosses p5p as a matter of policy, but down that path lies NT. :-)
How does this purported policy and process relate to the 5.004 'while
(defined($line = <FILE>)) {' botch that I just posted a rant about? How
much scrutiny did that change to the core receive?
At least someone was thoughtful enough to fix it in the next release.
--
(Just Another Larry) Rosler
Hewlett-Packard Laboratories
http://www.hpl.hp.com/personal/Larry_Rosler/
lr@hpl.hp.com
------------------------------
Date: Thu, 12 Aug 1999 11:26:58 -0400
From: kpreid@ibm.net (Kevin Reid)
Subject: Re: Perl is eating up my memory
Message-Id: <1dwdp2m.16p622460ujnwN@imac.loc>
Steve Linberg <linberg@literacy.upenn.edu> wrote:
> Second, I'd venture to suggest that there are better ways of holding 8M
> (meaning 8,000,000?) one-digit numbers than just pumping them into an
> array of scalars. See pack and unpack.
Maybe vec() as well?
--
Kevin Reid: | Macintosh:
"I'm me." | Think different.
------------------------------
Date: Thu, 12 Aug 1999 15:06:32 GMT
From: marcel.grunauer@lovely.net (Marcel Grunauer)
Subject: Re: Perl Novice needs advice
Message-Id: <37b2f111.25524051@news>
On Thu, 12 Aug 1999 01:52:09 GMT, slinberg@crocker.com (Steve Linberg)
wrote:
>In article <37B20C75.32F7A3A9@mail.cor.epa.gov>, David Cassell
><cassell@mail.cor.epa.gov> wrote:
>
>> Since you're on a PC already, I'll assume you have ActiveState
>> Perl.
>
>Arrgh! Why assume that PC eq "Windows"?
>
>Even if it's likely, let's not assume that. :)
From the original post:
X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Marcel
--
perl -e 'print unpack(q$u$,q$82G5S="!!;F]T:&5R(%!E<FP@2&%C:V5R$)'
------------------------------
Date: Thu, 12 Aug 1999 11:53:34 -0400
From: linberg@literacy.upenn.edu (Steve Linberg)
Subject: Re: Perl Novice needs advice
Message-Id: <linberg-1208991153340001@ltl1.literacy.upenn.edu>
In article <37b2f111.25524051@news>, marcel.grunauer@lovely.net (Marcel
Grunauer) wrote:
> On Thu, 12 Aug 1999 01:52:09 GMT, slinberg@crocker.com (Steve Linberg)
> wrote:
>
> >In article <37B20C75.32F7A3A9@mail.cor.epa.gov>, David Cassell
> ><cassell@mail.cor.epa.gov> wrote:
> >
> >> Since you're on a PC already, I'll assume you have ActiveState
> >> Perl.
> >
> >Arrgh! Why assume that PC eq "Windows"?
> >
> >Even if it's likely, let's not assume that. :)
>
> From the original post:
>
> X-Newsreader: Microsoft Outlook Express 5.00.2314.1300
> X-MimeOLE: Produced By Microsoft MimeOLE V5.00.2314.1300
Yeah, but that doesn't mean the machine posted from is the machine being
referred to. ;)
I know, I know, let's just drop it.
--
Steve Linberg, Systems Programmer &c.
National Center on Adult Literacy, University of Pennsylvania
Be kind. Remember, everyone you meet is fighting a hard battle.
print 'Just Another Perl ' . $perl_hierarchy[(USER+EXPERT)/2];
------------------------------
Date: Thu, 12 Aug 1999 11:36:44 -0400
From: jerrad pierce <jerrad@networkengines.com>
Subject: Re: Read/Retrieve Romote html document?
Message-Id: <37B2EA0C.B8E91099@networkengines.com>
This acyually might help with my post Http & Scockets on win32
EXCEPT LWP is adding \r's to the data it reads.
Any ideas why, how to fix it?
(I can't just s/// them out because I'm pulling a binary file);
Jeff Pinyan wrote:
>
> [posted & mailed]
>
> On Aug 12, Patrick Tully blah blah blah:
> > Hi, I was wondering if there was a way to read a remote html file
>
> perldoc -q fetch
> perldoc perlfaq9
>
> =head2 How do I fetch an HTML file?
>
> One approach, if you have the lynx text-based HTML browser installed
> on your system, is this:
>
> $html_code = `lynx -source $url`;
> $text_data = `lynx -dump $url`;
>
> The libwww-perl (LWP) modules from CPAN provide a more powerful way to
> do this. They work through proxies, and don't require lynx:
>
> # simplest version
> use LWP::Simple;
> $content = get($URL);
>
> --
> jeff pinyan japhy@pobox.com
> perl stuff japhy+perl@pobox.com
> CPAN ID: PINYAN http://www.perl.com/CPAN/authors/id/P/PI/PINYAN
------------------------------
Date: 12 Aug 1999 15:59:52 GMT
From: "William" <bivey@teamdev.com>
Subject: Re: Reading from <DATA> more than once
Message-Id: <01bee4db$73f10a60$583c08cf@bill.jump.net>
Jason Holland <jason.holland@dial.pipex.com> wrote in article
<37B28A67.78829549@dial.pipex.com>...
> Hello all,
>
> Just a quick one:
>
> I have a class that uses its own __DATA__ segment containing, say, a
> list of patterns. At the moment I have a clumsy routine that reads the
> data the first time an object is created, marking the class as
> initialised and storing the data in a class global array, or something.
>
> What's the easiest way of re-reading the data segment? I've tried doing
> a sysseek() back to file position 0, but that doesn't work. It actually
> reads the program text instead of the data.
You noticed that too, eh?
What I did was put this near the top of my program before
accessing any data:
$g_DATA_OFFSET = tell( DATA );
Then, if I need to reset to the beginning of the data
I use that value in a seek. -Wm
------------------------------
Date: Thu, 12 Aug 1999 15:45:52 GMT
From: gary@onegoodidea.com (Gary O'Keefe)
Subject: Re: Regexp newbie
Message-Id: <37b2eb2b.18648072@news.hydro.co.uk>
A keyboard was whacked upside Anno Siegel's head and out came:
>Gary O'Keefe <gary@onegoodidea.com> wrote in comp.lang.perl.misc:
>>
>>This is a nasty, brute force method. Can anyone think of a more
>>elegant solution?
>
>s/^( +)/$string x length $1/e;
Cheers Anno,
I tried something very similar before I posted my final answer, but at
the time I didn't realise the implications of, and necessity for, /e
in the s///.
Gary
--
Gary O'Keefe
gary@onegoodidea.com
You know the score - my current employer has nothing to do with what I post
------------------------------
Date: Thu, 12 Aug 1999 15:27:46 GMT
From: gary@onegoodidea.com (Gary O'Keefe)
Subject: Re: Reset .. ie clear out a hash array
Message-Id: <37b2d8a3.13903933@news.hydro.co.uk>
A keyboard was whacked upside Hector Gonzalez's head and out came:
>I am very sorry about the inconveniences that my stupid formatting program
>has caused. I didn't mean to disrupt your newsgroup in this way. I will stop
>sending any mail to this newsgroup. Please forgive me.
>
>Sorry
>Hector Gonzalez
>hgonzalez@questionexchange.com
>
>Larry Rosler wrote:
>
>> [ some bad words like 'gosh' and 'shucks' snipped ]
>> [ you know what you said, Mr. Rosler ;]
You made him cry, you big bully! I hope you're proud of yourself,
young man.
:-)
And he quoted Larry R's entire message in his apology. And he quoted
it after his reply. What a nimrod.
Now whilst I have very little sympathy with QuestionExchange's methods
and techniques, I do think what they were doing had some merit. Let me
explain before you killfile me...
We have the top-tier perl programmers in this group: TomC, Abigail,
Randal, Larry R etc., and they'll be the first to admit they don't
like newbie questions. Serious questions, not answered in the FAQ, or
an esoteric aspect of the language, it's modules, new operators, and
suchlike will get serious answers, but not FAQs. This leaves a real
gap of help at the bottom of the skill range. Sometimes it is
impossible to bootstrap yourself up the learning curve (said Gary,
mixing his metaphors wtih gay abandon) when you start out in a
radically new field of knowledge. Perl can be overwhelming. "Read the
documentation - perl comes with a ton of it," is the usual (polite)
answer to a FAQ. Perl distributions come with a LOT of information.
Vertigo inducing amounts of information, in fact.
Now, not to be an apologist for dumb-assed newbies (I'd rather be an
apologist for my dumb-assed self), but when faced with truly vast
amounts of information like this and no way of telling where to start,
then the natural (and - let's be honest with ourselves -
understandable) response would be to flee in terror to the experts, on
comp.lang.perl.misc. All they are looking for is a hand up, enough to
get them over the first hurdle, and 9 times out of 10 they'll either
find that real programming sucks and move into management, or they
start to get the hang of looking up their own answers to their queries
(especially when they know how to look, not just where to look). It is
this hand up that is missing from the group, and that is what
QuestionExchange was providing.
Now I don't expect the top-flight ladies and gentlemen to start
posting detailed responses to question like "How do I strip the
preceding spaces from a string?" I'll do what I can to answer the
questions I think I can answer. If I post code, then I'll make sure I
check it and do as much unit testing as time allows (I read this ng at
work). What I'm asking from the better perl programmers is to quickly
scan over the code I do produce, if they have time. If I get something
obviously wrong in response to a newbie question, then I'd beg the
better programmers that they tell me where I'm going wrong, and I'll
correct my mistake in a later post. Meanwhile, I'll be eavesdropping
on the big kids to get myself an education.
How about it?
Gary
--
Gary O'Keefe
gary@onegoodidea.com
You know the score - my current employer has nothing to do with what I post
------------------------------
Date: Thu, 12 Aug 1999 15:06:31 GMT
From: Christopher Conway <chris_conway@my-deja.com>
Subject: Re: s/// and interpolation
Message-Id: <7ountd$7lb$1@nnrp1.deja.com>
Thanks Steve (and Olek). Here's a solution that works:
$search = '(\d{3})-(\d{2})-(\d{4})' ;
$replace = 'ID#$1$2$3' ;
$regexp = "\$record =~ s/$search/$replace/" ;
eval $regexp ;
Now a safety question: given this formulation, is their
anyway to force execution of malicious code? This is more
or less an academic matter, since I'm using this script
as an internal utility for myself and other coders.
Chris
In article <linberg-1108991523490001@ltl1.literacy.upenn.edu>,
linberg@literacy.upenn.edu (Steve Linberg) wrote:
> In article <7osf28$k88$1@nnrp1.deja.com>, Christopher Conway
> <chris_conway@my-deja.com> wrote:
>
> > It seems like there ought to be a way to tell
> > Perl, "Interpolate this variable, then interpolate the string
> > it contains."
>
> Here's a brute-force method that might work for you, but I can't
advocate
> it, *especially* if you're going to run unknown data through it. It
would
> be *EXTREMELY* dangerous. In fact, it's so dangerous that it borders
on
> irresponsibility to even post it. However, information must be free,
so if
> you're generating the data yourself, and you trust it (and yourself),
you
> can do this:
>
> ------------------------------
> # Warnings below apply to anyone thinking of using this code, not to
anyone
> # in particular, and not to Christopher Conway.
>
> # ***************************************
> # * *********************************** *
> # * * DANGEROUS: DON'T USE THIS CODE! * *
> # * *********************************** *
> # ***************************************
>
> # Don't use this code.
> # Please don't use this code.
>
> die "I said don't use this code!";
> $foo = '123-45-6789';
> $search = '(\d{3})-(\d{2})-(\d{4})' ;
> $replace = 'ID# \1\2\3' ;
> my $regex = "(\$record = \$foo) =~ s/$search/$replace/";
>
> # You're not using this code, right? Because here comes the bad part:
>
> # eval $regex; # Do not execute this code. Please.
>
> print "$record\n"; # Thank you for not using this code.
> ----------------------------
>
> Obviously, if you're accepting input for $replace, and someone gives
you
>
> /; system `rm -rf /`; #
>
> Or something equally clever? You'd have to parse their input to be
sure it
> wasn't malicious, a hairy and awful task. So you should NOT use this
> method if you're going to be working with untrusted data.
>
> Like I said, any use of "eval" should throw up blasting red lights and
> sirens. I don't know enough about the real, deep-down meat of regexes
to
> know how to get the string "\1" to interpolate in a replacement
clause; it
> doesn't act like "$foo", which *will* interpolate. Pick up "Mastering
> Regular Expressions" by Jeffrey Friedll, published by O'Reilly, if you
want
> to go deep.
>
> I'm sure there are better solutions and I'd like to hear them.
>
> --
> Steve Linberg, Systems Programmer &c.
> National Center on Adult Literacy, University of Pennsylvania
> Be kind. Remember, everyone you meet is fighting a hard battle.
> print 'Just Another Perl ' . $perl_hierarchy[(USER+EXPERT)/2];
>
Sent via Deja.com http://www.deja.com/
Share what you know. Learn what you don't.
------------------------------
Date: Thu, 12 Aug 1999 11:51:06 -0400
From: linberg@literacy.upenn.edu (Steve Linberg)
Subject: Re: s/// and interpolation
Message-Id: <linberg-1208991151060001@ltl1.literacy.upenn.edu>
In article <7ountd$7lb$1@nnrp1.deja.com>, Christopher Conway
<chris_conway@my-deja.com> wrote:
> Thanks Steve (and Olek). Here's a solution that works:
>
> $search = '(\d{3})-(\d{2})-(\d{4})' ;
> $replace = 'ID#$1$2$3' ;
> $regexp = "\$record =~ s/$search/$replace/" ;
> eval $regexp ;
>
> Now a safety question: given this formulation, is their
> anyway to force execution of malicious code? This is more
> or less an academic matter, since I'm using this script
> as an internal utility for myself and other coders.
YES, it's easy. Just supply a substring that completes the regexp, and
then do anything you want. So, given the input:
/; `rm -rf /`; #
your $regexp string becomes
$record =~ s/(\d{3})-(\d{2})-(\d{4})//; `rm -rf /`; #/
And then your eval statement makes you very, very unhappy.
You should NEVER eval a string from user input. Even if you think you're
the only one using it. Or, do so at your own extreme peril. The best
case is you'll be OK, the worst case is you'll lose everything. I
wouldn't risk it, myself.
--
Steve Linberg, Systems Programmer &c.
National Center on Adult Literacy, University of Pennsylvania
Be kind. Remember, everyone you meet is fighting a hard battle.
print 'Just Another Perl ' . $perl_hierarchy[(USER+EXPERT)/2];
------------------------------
Date: Thu, 12 Aug 1999 15:58:08 GMT
From: snowhare@long-lake.nihongo.org (Benjamin Franz)
Subject: Re: Sesssion ID
Message-Id: <kaCs3.10$DI3.1923@typhoon01.swbell.net>
In article <7oulu0$5uk$4@info2.uah.edu>, Greg Bacon <gbacon@cs.uah.edu> wrote:
>In article <Pine.OSF.3.95q.990812134128.9145E-100000@cpca4.uea.ac.uk>,
> Paul Russell <x9730915@uea.ac.uk> writes:
>
>: Yeah, you could put the username in a cookie if you just want to know
>: who the person is.
>
>...or enable authentication and examine $ENV{REMOTE_USER}. Not everyone
>enables cookies.
#!/usr/bin/perl -Tw
use strict;
eval { Local::SomeCGI->do_cgi; };
if ($@) {
my $error = $@;
print STDERR $error;
$error =~ s/</\</g;
$error = "<font color=\"#ff0000\"><blink>$error</blink></font>\n";
if ($Local::SomeCGI::Headers_Sent) {
print STDOUT $error;
} else {
print STDOUT "Content-Type: text/html\012\015\012\015<html><head><title>Error</title></head><body>$error</body></html>\n";
}
}
package Local::SomeCGI;
use Digest::SHA1 qw(sha1_hex);
use vars qw($Headers_Sent);
BEGIN {
$Headers_Sent = 0;
}
sub do_cgi {
my $proto = shift;
my $class = ref ($proto) || $proto || __PACKAGE__;
my $self = bless {},$class;
$ENV{'PATH'} = '';
my $cookies = $self->_bake_cookie;
my $script_name = $self->_script_name;
$self->_clear_print_buffer;
$self->_print("${cookies}Content-Type: text/html\012\015\012\015");
$self->_print(<<"EOF");
<html><head><title>Script Example</title></head>
<body>
<a href="$script_name">Id preserving script call</a>
<form action="$script_name" method="POST">
<input type="submit" value="Also Id Preserving">
</form>
</body>
</html>
EOF
$self->_flush_print_buffer;
$Headers_Sent = 1;
}
sub _print {
my $self = shift;
$self->{-print_buffer} .= join('',@_);
}
sub _flush_print_buffer {
my $self = shift;
print $self->{-print_buffer};
$self->_clear_print_buffer;
}
sub _clear_print_buffer {
my $self = shift;
$self->{-print_buffer} = '';
}
sub _script_name {
my $self = shift;
my $script_name = $ENV{'SCRIPT_NAME'};
my (@raw_cookies);
my $cookies = {};
if (defined $ENV{"HTTP_COOKIE"}) {
(@raw_cookies) = split(/;/,$ENV{"HTTP_COOKIE"});
}
foreach (@raw_cookies) {
my ($name,$value) = split(/=/,$_,2);
$name =~ s/^\s+//o;
$name =~ s/\s+$//o;
next if ($value =~ m/_DELETED_COOKIE_/);
$cookies->{$name} = $value;
}
my $id = $cookies->{'cart'};
if (not $id) {
if (not $ENV{'PATH_INFO'}) {
$id = '/' . sha1_hex(time . "-$$");
} else {
$id = $ENV{'PATH_INFO'};
}
$script_name .= $id;
}
$script_name;
}
sub _user_cart_id {
my $self = shift;
my (@raw_cookies);
my $cookies = {};
if (defined $ENV{"HTTP_COOKIE"}) {
(@raw_cookies) = split(/;/,$ENV{"HTTP_COOKIE"});
}
foreach (@raw_cookies) {
my ($name,$value) = split(/=/,$_,2);
$name =~ s/^\s+//o;
$name =~ s/\s+$//o;
next if ($value =~ m/_DELETED_COOKIE_/);
$cookies->{$name} = $value;
}
my $id = defined($cookies->{'cart'}) ? $cookies->{'cart'} : $ENV{'PATH_INFO'};
return if (not $id);
$id =~ s#^/+##;
my ($safe_id) = $id =~ m/^([a-f0-9]{40})/;
$safe_id;
}
sub _bake_cookie {
my $self = shift;
my (@raw_cookies);
my $id = $self->_user_cart_id;
$id = defined ($id) ? $id : lc(sha1_hex(time . "-$$"));
my $cookie_date = $self->_date_cookie(time + (14*86400)); # Expire in 14 days
"Set-Cookie: cart=$id; path=/; expires=$cookie_date\015\012";
}
sub _date_cookie {
my ($self) = shift;
my ($tick) = @_;
my ($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst,
$month,$wkday);
($sec,$min,$hour,$mday,$mon,$year,$wday,$yday,$isdst)=gmtime($tick);
$wkday = ('Sun','Mon','Tue','Wed','Thu','Fri','Sat')[$wday];
$month = ('Jan','Feb','Mar','Apr','May','Jun','Jul','Aug','Sep','Oct','Nov','Dec')[$mon];
$sec = "0$sec" if (length($sec) < 2);
$min = "0$min" if (length($min) < 2);
$hour = "0$hour" if (length($hour) < 2);
$mday = "0$mday" if (length($mday) < 2);
$year += 1900;
return "$wkday, $mday-$month-$year ${hour}\:${min}\:${sec} GMT";
}
--
Benjamin Franz
------------------------------
Date: Thu, 12 Aug 1999 15:14:35 GMT
From: bart.lateur@skynet.be (Bart Lateur)
Subject: Re: Some (tricky?) regexp questions
Message-Id: <37bdda37.12857173@news.skynet.be>
marcza@my-deja.com wrote:
>X 1999 blubb...
>X 1999/2000 blubb...
>X blubb...
>
>How do I match only those lines which have a 4-digit year or a
>4-digit-year-slash-4-digit-year on second position (delimited by
>space(s)) AND put the result in a $1 variable ? The following doesn't
>work:
>
>if ($var =~ /^S ([0-9]{4}{\/[0-9]{4}}{0,1})/) {
> ... matched
That "{" is in a weird place. I think you must have wanted to achieve
if ($var =~ /^. ([0-9]{4}(?:\/[0-9]{4})?)/) {
But actually, I'd be worried about matching
X 1234/12345
X 12345
In fact, of
X 12345/6578
it will extract "1234".
You can use substr() to solve the "on second position" part, and check
for a word boundary at the end. And you may use "\d" instead of "[0-9]".
substr($_, 2) =~ /^(\d{4}(?:\/{\d{4}))\b/;
Bart.
------------------------------
Date: Thu, 12 Aug 1999 19:16:46 +0400
From: "Cyril Y. Nickonorov" <cyril@mcst.ru>
Subject: SQL DBMS interface
Message-Id: <37B2E55E.4882C926@mcst.ru>
Hello ta All!
Sorry for newbie question. Can anybody recommend me
Perl package or modules to develop fully functional
full featured Web-based interface for SQL database.
I need to select, display and modify database data via
Web interface.
Thanks in advance,
Cyril.
---------------------
E-mail: cyril@mcst.ru
------------------------------
Date: Thu, 12 Aug 1999 15:36:15 GMT
From: Jon Peterson <jpeterson@office.colt.net>
Subject: Re: SQL DBMS interface
Message-Id: <PRBs3.66$u07.632@news.colt.net>
Cyril Y. Nickonorov <cyril@mcst.ru> wrote:
> Hello ta All!
> Sorry for newbie question. Can anybody recommend me
> Perl package or modules to develop fully functional
> full featured Web-based interface for SQL database.
> I need to select, display and modify database data via
> Web interface.
The DBI module will do the perl to database half very well.
CGI.pm will do the perl to web half well, but has no very high level routines
specifically for database work.
The DBIx modules include some with high level routines for generating HTML,
and these may help you.
------------------------------
Date: 1 Jul 99 21:33:47 GMT (Last modified)
From: Perl-Users-Request@ruby.oce.orst.edu (Perl-Users-Digest Admin)
Subject: Digest Administrivia (Last modified: 1 Jul 99)
Message-Id: <null>
Administrivia:
The Perl-Users Digest is a retransmission of the USENET newsgroup
comp.lang.perl.misc. For subscription or unsubscription requests, send
the single line:
subscribe perl-users
or:
unsubscribe perl-users
to almanac@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.misc (and this Digest), send your
article to perl-users@ruby.oce.orst.edu.
To submit articles to comp.lang.perl.announce, send your article to
clpa@perl.com.
To request back copies (available for a week or so), send your request
to almanac@ruby.oce.orst.edu with the command "send perl-users x.y",
where x is the volume number and y is the issue number.
The Meta-FAQ, an article containing information about the FAQ, is
available by requesting "send perl-users meta-faq" from
almanac@ruby.oce.orst.edu. The real FAQ, as it appeared last in the
newsgroup, can be retrieved with the request "send perl-users FAQ" from
almanac@ruby.oce.orst.edu. Due to their sizes, neither the Meta-FAQ nor
the FAQ are included in the digest.
The "mini-FAQ", which is an updated version of the Meta-FAQ, is
available by requesting "send perl-users mini-faq" from
almanac@ruby.oce.orst.edu.
For other requests pertaining to the digest, send mail to
perl-users-request@ruby.oce.orst.edu. Do not waste your time or mine
sending perl questions to the -request address, I don't have time to
answer them even if I did know the answer.
------------------------------
End of Perl-Users Digest V9 Issue 481
*************************************
