having trouble incorporating css into perl cgi
Question
the code below is a cgi file and I am having problems displaying the image and style from an external css file. The code is in lines 18-28 and I'm not sure what I am doing wrong. I would appreciate any help.
#!/usr/bin/perl -w
use strict;
use DBI;
use CGI;
use CGI::Carp('fatalsToBrowser');
my $query = new CGI;
print $query->header();
my $my_database = "TrypSnoDB";
my $localhost = "localhost";
my $dsn = "DBI:mysql:$my_database:$localhost";
my $db_user_name = "adrian";
my $db_password = "temp_pass";
my $dbh = DBI->connect("DBI:mysql:database=TrypSnoDB;host=localhost;mysql_socket=/private/software/mysql/mysql.sock","adrian","temp_pass", {'RaiseError' => 1});
print "<html>\n";
print "<head>\n";
print "<title>Welcome to the T. Brucei snoRNA Database</title>\n";
print "<link type='text/css' rel='stylesheet' href='/public_html/style.css'>\n";
print "</head>\n";
print "<body>\n";
print "<h1>Trypanosomatid snoRNA Database</h1>\n";
print "<img class='my_images' src='/public_html/tb_pic1.png'>\n";
print "</body>\n";
print "</html>\n";
if ($query->param('submit1')){
my $orig_sno = $query->param('snorna1');
my $family = $query->param('family1');
my $query_type = $query->param('target_option1');
my $target = $query->param('target_name1');
if ($orig_sno eq "Trypanosoma brucei") {
$orig_sno = 1;
}
elsif ($orig_sno eq "Leishmania major") {
$orig_sno = 7;
}
elsif ($orig_sno eq "ALL") {
$orig_sno = "1 or ST.org_id=7";
}
if ($family eq "ALL") {
$family = "'C/D' or ST.family='H/ACA'";
}
else {
$family = "'$family'";
}
if ($target ne "ALL") {
$family = "$family and T.target_name='$target'";
}
my($db_query,$common_tar,$exp_ver_sno,$exp_ver_tar,$total);
$db_query = "SELECT ST.sno_name,T.target_name,T.location,T.base_pair,SM.annotated_seq FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and SM.mod_id=T.target_id and (ST.org_id=$orig_sno) and (ST.family=$family)";
$common_tar="and T.target_id in(SELECT T.target_id FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and SM.mod_id=T.target_id group by T.target_id having count(*)=2) order by T.location desc";
$exp_ver_sno="and ST.exper_ver='Y'";
$exp_ver_tar = "and T.exp_ver='Y'";
if ($query_type eq "snoRNAs with common targets") {
$db_query=$db_query.$common_tar;
}
elsif ($query_type eq "Experimentally verified snoRNAs") {
$db_query=$db_query.$exp_ver_sno;
}
elsif ($query_type eq "snoRNAs with experimentally verified targets") {
$db_query=$db_query.$exp_ver_tar;
}
elsif ($query_type eq "ALL"){
$db_query=$db_query;
}
my $sth = $dbh->prepare($db_query);
$sth->execute();
my$total = $sth->rows;
print "<table border=1>\n
<tr>
<th>snoRNA</th>\n
<th>Target Name</th>\n
<th>Target Location</th>\n
<th>Target Base Pair</th>\n
<th>Annotated Sequence</th>\n
</tr>\n";
while (my@row = $sth->fetchrow_array()){
my$sno_name = $row[0];
my$tar_name = $row[1];
my$tar_loc = $row[2];
my$tar_bp = $row[3];
my$annotated_seq = $row[4];
print "<tr>\n<td>$sno_name</td><td>$tar_name</td><td>$tar_loc</td><td>$tar_bp</td><td>$annotated_seq</td></tr>\n";
}
print "<tr>
<th>TOTAL</th>\n
<th>$total</th>\n
</tr>\n";
print "</table>";
}
2 answers
solution1
2 2014-03-04 15:29:58
Your problem is almost certainly that you have the wrong URL for the CSS file. You can confirm that by looking in the web server error log and seeing if there is a 404 record for the CSS request.
Unfortunately I can't tell you what the correct URL is as I have no idea how your web server is configured.
There are a couple of other issues that you might want to address though:
- The HTML that you generate is invalid. You print the tags outside of the and tags. Printing raw HTML within your Perl program is a terrible idea - it's far too easy to make the kinds of errors that you have here. You would be far better advised to use a templating engine (I recommend the Template Toolkit ).
- Your database queries are prone to SQL injection attacks . Please switch to using bind variables before someone trashes your server.
solution2
2 2014-03-04 16:54:19
this is in response to Dave Cross comment regarding the SQL statement building. To convert the statement build to use bindings appears to be fairly straightforward in order to prevent an SQL injection.
To use placeholder bindings I think the OP only needs to replace the variables $orig_sno and $family in the $db_query variable with the ? character. like so:
$db_query = "SELECT ST.sno_name,T.target_name,T.location,T.base_pair,SM.annotated_seq
FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and
SM.mod_id=T.target_id and (ST.org_id=?) and (ST.family=?)"; # one line
...
my $sth = $dbh->prepare($db_query);
$sth->execute($orig_sno, $family);
However as the $family variable is built possibly out of a previous conditional, a further variable $target is also in play.
if ($family eq "ALL") {
$family = "'C/D' or ST.family='H/ACA'";
}
else {
$family = "'$family'";
}
if ($target ne "ALL") {
$family = "$family and T.target_name='$target'";
}
Will the placeholder handle this interpolated variable? Or would the $target variable also require its own placeholder?
And is this all that would be required to do to deter would be SQL injection attacks in this case?
solved. If the $target variable did require its own place holder, a few adjustments to the conditionals would do the trick.
else {
$family = "'$family'";
}
# removed - if $target ne ALL conditonal
my($db_query,$common_tar,$exp_ver_sno,$exp_ver_tar,$total);
$db_query = "SELECT ... and (ST.org_id=?) and (ST.family=?)";
if ($target ne "ALL") {
$db_query =~ s/\)$//;
$db_query .= ' and T.target_name=?)';
}
$common_tar="and T.target_id ... ";
...
my $sth = $dbh->prepare($db_query);
if ($target ne 'ALL'){
$sth->execute($orig_sno, $family, $target);
else{
$sth->execute($orig_sno, $family);
}
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.