Can I use Perl for database queries?

I want to know if Perl can be used to develop a script
that will create queries for a database system. The query
will determined by user input on a online website
written in HTML and Javascript. The objective is that
the Javascript will que the Perl script to create
the query for the database, which will be excuted to fetch
the information which will be sent back to the website to
be interpreted back into information for the user to see. The
Perl Script and the Database will operate on a Linux based
network, but the website queing the database will operate on a
remote server on a Unix based system. I have never heard of
Perl being used for automating database queries since I've been studying the langauge.

Three questions come to mind:
1.Can Perl do what I have described above?
2.Is there a database system that will understand queries
written as scripts by Perl to let me do this?
3.Is there a better way? I am still understanding the
uses of Perl.

Thank you






Comments

  • : I want to know if Perl can be used to develop a script
    : that will create queries for a database system. The query
    : will determined by user input on a online website
    : written in HTML and Javascript. The objective is that
    : the Javascript will que the Perl script to create
    : the query for the database, which will be excuted to fetch
    : the information which will be sent back to the website to
    : be interpreted back into information for the user to see. The
    : Perl Script and the Database will operate on a Linux based
    : network, but the website queing the database will operate on a
    : remote server on a Unix based system. I have never heard of
    : Perl being used for automating database queries since I've been
    : studying the langauge.
    :
    : Three questions come to mind:
    : 1.Can Perl do what I have described above?
    I would imagine so, yes. I use Perl to do database queries (and construct them), fetch the results and so on, in web development stuff. For database things, you need to be looking at the DBI module. There is a good page about it on the CodePedia here:-
    http://www.codepedia.com/1/PerlDBITutorial

    : 2.Is there a database system that will understand queries
    : written as scripts by Perl to let me do this?
    I use MySQL with Perl and it works just great.
    http://www.mysql.com/

    : 3.Is there a better way? I am still understanding the
    : uses of Perl.
    Perl works on the server side, and it needs to run on the server hosting the web site. You can connect to a database on a remote server (well, you can with MySQL anyway). So the Perl scripts need to be on the box hosting the web site, and connect to the database on the db server.

    Hope this helps,

    Jonathan

    ###
    for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

  • : : I want to know if Perl can be used to develop a script
    : : that will create queries for a database system. The query
    : : will determined by user input on a online website
    : : written in HTML and Javascript. The objective is that
    : : the Javascript will que the Perl script to create
    : : the query for the database, which will be excuted to fetch
    : : the information which will be sent back to the website to
    : : be interpreted back into information for the user to see. The
    : : Perl Script and the Database will operate on a Linux based
    : : network, but the website queing the database will operate on a
    : : remote server on a Unix based system. I have never heard of
    : : Perl being used for automating database queries since I've been
    : : studying the langauge.
    : :
    : : Three questions come to mind:
    : : 1.Can Perl do what I have described above?
    : I would imagine so, yes. I use Perl to do database queries (and construct them), fetch the results and so on, in web development stuff. For database things, you need to be looking at the DBI module. There is a good page about it on the CodePedia here:-
    : http://www.codepedia.com/1/PerlDBITutorial
    :
    : : 2.Is there a database system that will understand queries
    : : written as scripts by Perl to let me do this?
    : I use MySQL with Perl and it works just great.
    : http://www.mysql.com/
    :
    : : 3.Is there a better way? I am still understanding the
    : : uses of Perl.
    : Perl works on the server side, and it needs to run on the server hosting the web site. You can connect to a database on a remote server (well, you can with MySQL anyway). So the Perl scripts need to be on the box hosting the web site, and connect to the database on the db server.
    :
    : Hope this helps,
    :
    : Jonathan
    :
    : ###
    : for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    : (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    : /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");
    :
    [blue]Do you use alot of work arounds when you're using the tainted data mode for the CGI scripting?[/blue]

  • : [blue]Do you use alot of work arounds when you're using the tainted
    : data mode for the CGI scripting?[/blue]
    Here's a shocker - I don't actually use taint mode! I do have my own library of security checking things that I'm sure are pretty solid and protect against things taint mode probably doesn't (they help work against cross client scripting, SQL injection, multi-user system data integrity issues...). Using taint mode IS a good idea though and I probably should use it. I'm a bad example here and should turn it on.

    As for workarounds, what do you mean? The idea is that you have to do a check on a variable before you can use it anywhere that Perl believes could be dangerous. That check should assess the security of the variable, and make sure it doesn't contain anything dangerous. If you're working around taint mode so you can just put data somewhere no matter if it could be dangerous, then you may be missing the point...

    Jonathan

    ###
    for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

  • : : [blue]Do you use alot of work arounds when you're using the tainted
    : : data mode for the CGI scripting?[/blue]
    : Here's a shocker - I don't actually use taint mode! I do have my own library of security checking things that I'm sure are pretty solid and protect against things taint mode probably doesn't (they help work against cross client scripting, SQL injection, multi-user system data integrity issues...). Using taint mode IS a good idea though and I probably should use it. I'm a bad example here and should turn it on.
    :
    : As for workarounds, what do you mean? The idea is that you have to do a check on a variable before you can use it anywhere that Perl believes could be dangerous. That check should assess the security of the variable, and make sure it doesn't contain anything dangerous. If you're working around taint mode so you can just put data somewhere no matter if it could be dangerous, then you may be missing the point...
    :
    : Jonathan
    :
    : ###
    : for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    : (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    : /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");
    :

    [blue] I thought Perl cant move data parent directories (can it?) because of the attributes of each directory for each user, group, author. Unless the administor foolishly lets someone seize the system by root access. [/blue]
  • : : : [blue]Do you use alot of work arounds when you're using the tainted
    : : : data mode for the CGI scripting?[/blue]
    : : Here's a shocker - I don't actually use taint mode! I do have my own library of security checking things that I'm sure are pretty solid and protect against things taint mode probably doesn't (they help work against cross client scripting, SQL injection, multi-user system data integrity issues...). Using taint mode IS a good idea though and I probably should use it. I'm a bad example here and should turn it on.
    : :
    : : As for workarounds, what do you mean? The idea is that you have to do a check on a variable before you can use it anywhere that Perl believes could be dangerous. That check should assess the security of the variable, and make sure it doesn't contain anything dangerous. If you're working around taint mode so you can just put data somewhere no matter if it could be dangerous, then you may be missing the point...
    : :
    : : Jonathan
    : :
    : : ###
    : : for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    : : (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    : : /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");
    : :
    :
    : [blue] I thought Perl cant move data parent directories (can it?)
    : because of the attributes of each directory for each user, group,
    : author. Unless the administor foolishly lets someone seize the system
    : by root access. [/blue]
    Depends what user Perl runs as and what permissions they have. When executed by the web server they are often run as the user nobody, which means they can access anything with "global" privileges set. That's what I've found anyway. Baiscally - Perl can do whatever the user it is running as can do. Now somebody will say stuff about setuids and setgids and confuse me. :-)

    Jonathan

    ###
    for(74,117,115,116){$::a.=chr};(($_.='qwertyui')&&
    (tr/yuiqwert/her anot/))for($::b);for($::c){$_.=$^X;
    /(p.{2}l)/;$_=$1}$::b=~/(..)$/;print("$::a$::b $::c hack$1.");

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Categories