Perl CGI sending null values to mySQL database?

Question

Scenario: I have a HTML form that sends variables to a Perl CGI which then takes them and inserts them on to a SQL DB I created earlier, but the problem is that it sends only NULL values to the DB - it does send the "correct number" of nulls though so I don't know what is going wrong. I have a feeling it is something to do with the variable passing to the Perl not Perl to DB. The Perl file:

  #! \xampp\perl\bin\perl.exe -w

require "dbfunc.pl";

use warnings;
use CGI qw/:standard/;
use CGI::Carp qw(fatalsToBrowser);


$table  = "routes";
#$spotted = "spotted";
$booked = "bookings";
$logged = "log";

$dbh = getConnection();




print header;
print start_html("Journey Details");

$name = param($name);
$email = param($email);
$price = param($price);
$date = param($date);
$departure = param($departure);
$arrival = param($arrival);
$adults = param($adults);
$children = param($children);
$totalCost = param($totalCost);
$departureTime = param($departureTime);
$arrivalTime = param($arrivalTime);
$jid = param($jid);



    $dbh->do("INSERT INTO $logged VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?)", undef,
           $date, $date, $name, $email, $departure, $arrival, $departureTime, $adults, $children, $totalCost);

    #my $sth = $dbh->prepare(qq{INSERT INTO $logged SET DateBooked=?, Journeydate=?, Name=?, Email=?, RouteFrom=?, RouteTo=? , DepartTime=?, Adults=?, Children=?, AmountPaid=?});
    #$sth->execute($date, $date, $name, $email, $departure, $arrival, $departureTime, $adults, $children, $totalCost) or die $dbh->errstr;


print end_html;

The first perl file that initially takes the vars:

#! \xampp\perl\bin\perl.exe -w

use CGI qw(:standard);
$query = new CGI;
@parameters = $query -> param;

print header, start_html("Receipt");

    print p("Your Journey Receipt");

    my $name = $query->param('name');
    print ("Name: $name");

    print br;

    my $email = $query->param('email');
    print ("Email: $email");

    print br;

    my $price = $query->param('price');
    print ("Price: &pound$price");

    print br;

    my $date = $query->param('date');
    print ("Journey date: $date");

    print br;

    my $departure = $query->param('departure');
    print ("From: $departure");

    print br;

    my $arrival = $query->param('arrival');
    print ("To: $arrival");

    print br;

    my $adults = $query->param('adults');
    print ("Adults: $adults");

    print br;

    my $children = $query->param('children');
    print ("Children: $children");

    print br;

    my $totalCost = $query->param('totalCost');
    print ("Total Cost:  &pound$totalCost");

    print br;

    my $departureTime = $query->param('departureTime');
    print ("Departure: $departureTime");

    print br;

    my $arrivalTime = $query->param('arrivalTime');
    print ("Arrival: $arrivalTime");

    print br;

    my $jid = $query->param('jid');
    print ("Journey ID: $jid");

    print br;

    print qq!<br><form><input type="Button" value="Back" onclick="history.back()"></form>!;
    print qq!<br><form method="get" action="serverside.pl">!;
    print qq!<input type="submit" value="Confirm Booking" />\n</form><br />!;

print end_html;

Answer 1

You are misunderstanding the way CGI programs work. They don't send data to one-another: they are executed as a result of an action on a web browser, and if that action was a click on a form submit button then they will receive a set of parameters according to the names and contents of that form's <input> elements.

Your scripts don't use strict as they should, and the -w on the shebang line pretty much duplicates the action of the use warnings statement. You should use just the latter.

As Quentin says, the NULL values in the database are because you are calling $name = param($name) which, because $name is undefined, is the same as $name = param('') . You need to use a fixed string, like you did in your other script $name = param('name') .

But that assumes that somewhere there is a CGI script or just an HTML file that has a <form> element with all those <input> fields. Clicking submit on such a form will execute the script specified in the action attribute and pass to it the contents of all the fields.

The first of your two scripts is expecting form input, and writes the contents of that form to the database, while the second of the two (that you say is the first perl file !) is also expecting form input but builds a web page with the information. The problem is that you don't seem to have written that form anywhere.

What I think you need is to combine the two CGI scripts, so that when submit is clicked the script both writes the information to the database and displays it on the screen. And you also need to write that form which, as I said could be just a plain HTML file.

It is also common to combine the form input and the database update in one script, which checks to see if it has been passed any parameters. If there are none then it displays the input form and waits for a response. Otherwise they are used to update the database and put up a confirmation page.

I hope this helps you.

Answer 2

You make the same mistake several times. I'll use the first instance an example:

$name = param($name);

You get the value of $name (which you haven't yet defined) and use it to get a param from the HTTP request. Since it isn't defined, you don't get the result you are looking for, so you don't get the submitted data in $name .

Presumably you intended:

$name = param('name');

---

Update now you have the form you are using:

print qq!<br><form method="get" action="serverside.pl">!;
print qq!<input type="submit" value="Confirm Booking" />\n</form><br />!;

You don't have any <input> elements except for the submit button (which doesn't have a name attribute), so there is no data to submit.