Unable to pass email address to Perl script using command line

Question

I am trying to pass two email addresses to MySQL to find their accounts. I call my script like this:

./message-2.pl  user1@s  'rech user2@s 22'

Here is my script:

#!/usr/bin/perl

use warnings;
use strict;
use DBI;
use IO::Handle;

our $calerid = "'$ARGV[0]'";
our $message = "$ARGV[1]";
our $msg_arg1 = qx(echo $message | awk '{print \$1}');
our $msg_arg2 = qx(echo $message | awk '{print \$2}');
my $share_reciver =  "'$msg_arg2'";

my $database = "mya2billing";
my $host = "localhost";
my $port = "3306";
my $user = "root";
my $pass = "xxxxxx";
my $dsn = "DBI:mysql:database=$database;host=$host;port=$port";
my $sth;

# find card id
my $query1 = "SELECT  id_cc_card FROM cc_callerid WHERE cid = $calerid ;";
my $dbh = DBI->connect($dsn, $user, $pass) || die "Could not connect to database:$DBI::errstr";
our $card;
print " query=$query1\n";

if (!($sth = $dbh->prepare($query1))) {
    die ("Failed to prepare statement: " . DBI->errstr);
}                           
$sth->execute() or die $DBI::errstr;
my @result;  
while (@result = $sth->fetchrow_array) { # retrieve one row
    ($card) = @result;
    print "card id found: $card \n";
}   

if ($msg_arg1 =~ "rech" or $msg_arg1 =~ "Rech"  or $msg_arg1 =~ "bal" or $msg_arg1 =~ "Bal") {
    recharge();
}   

sub recharge {
    print " we are in rech section\n";
    our $msg_arg2 = qx(echo $message | awk '{print \$2}');
    our $share_reciver="$msg_arg2";


    my $query2 = "SELECT id_cc_card FROM cc_callerid WHERE cid = '$share_reciver' ";
    my $dbh = DBI->connect($dsn, $user, $pass);
    $sth = $dbh->prepare($query2);
    $sth->execute() or die $DBI::errstr;

    print " query=$query2\n";
    my $receiver_id;

    while (my @row = $sth->fetchrow_array) {
        ($receiver_id) = @row;
        print " we are in query section\n";
        print "receiver_cardid:$receiver_id \n";
    }

    exit 1;
}

Here is the output:

[root@laptop Desktop]# ./message-2.pl  user1@s  'rech user2@s 22'
query=SELECT  id_cc_card FROM cc_callerid WHERE cid = 'user1@s' ;
card id found: 10 
we are in rech section
query=SELECT id_cc_card FROM cc_callerid WHERE cid = 'user2@s
' 

There is no error. query1 is working fine but query2 is not working. I tried to use placeholders instead of $share_reciver but it is not working. I also tried with single quotes and without quotes. If I use $calerid instead of $share_reciver then it works fine. Can anyone tell me what I am missing?

Answer 1

Use placeholders and bound variables for your sql queries. Never just put raw variables in your sql string:

my $sth = $dbh->prepare(q{SELECT id_cc_card FROM cc_callerid WHERE cid=?})
$sth->execute($calerid) or die $dbh->errstr;

You'll have to adjust your initialization of $calerid to not have single quotes around it, as using placeholders takes care of that:

our $calerid = $ARGV[0];

Also, it should be sufficient to only connect to your database once. You don't have to do it for each query. Therefore, just put your connect statement at the beginning of the script. You can even isolate all the constants the db connect relies on so that they aren't available later in your script:

our $dbh = do {
    my $database = "mya2billing";
    my $host = "localhost";
    my $port = "3306";
    my $user = "root";
    my $pass = "xxxxxx";
    my $dsn = "DBI:mysql:database=$database;host=$host;port=$port";

    DBI->connect($dsn, $user, $pass) or die "DB connect failed: $DBI::errstr";
};

To reiterate, your second query should also use placeholders, like so:

my $sth = $dbh->prepare('SELECT id_cc_card FROM cc_callerid WHERE cid=?');
$sth->execute($share_reciver) or die $dbh->errstr;

Finally, it doesn't appear you're validating the returned content from external resources qx{} . At the very least, I suspect that returned content might contain return characters you aren't expecting. Therefore just whip out the chomp :

our $msg_arg2 = qx(echo $message | awk '{print \$2}');
chomp $msg_arg2;