[英]having trouble incorporating css into perl cgi
下面的代碼是一個cgi文件,我在顯示來自外部css文件的圖像和樣式時遇到問題。 代碼在第18-28行,我不確定自己在做什么錯。 我將不勝感激任何幫助。
#!/usr/bin/perl -w
use strict;
use DBI;
use CGI;
use CGI::Carp('fatalsToBrowser');
my $query = new CGI;
print $query->header();
my $my_database = "TrypSnoDB";
my $localhost = "localhost";
my $dsn = "DBI:mysql:$my_database:$localhost";
my $db_user_name = "adrian";
my $db_password = "temp_pass";
my $dbh = DBI->connect("DBI:mysql:database=TrypSnoDB;host=localhost;mysql_socket=/private/software/mysql/mysql.sock","adrian","temp_pass", {'RaiseError' => 1});
print "<html>\n";
print "<head>\n";
print "<title>Welcome to the T. Brucei snoRNA Database</title>\n";
print "<link type='text/css' rel='stylesheet' href='/public_html/style.css'>\n";
print "</head>\n";
print "<body>\n";
print "<h1>Trypanosomatid snoRNA Database</h1>\n";
print "<img class='my_images' src='/public_html/tb_pic1.png'>\n";
print "</body>\n";
print "</html>\n";
if ($query->param('submit1')){
my $orig_sno = $query->param('snorna1');
my $family = $query->param('family1');
my $query_type = $query->param('target_option1');
my $target = $query->param('target_name1');
if ($orig_sno eq "Trypanosoma brucei") {
$orig_sno = 1;
}
elsif ($orig_sno eq "Leishmania major") {
$orig_sno = 7;
}
elsif ($orig_sno eq "ALL") {
$orig_sno = "1 or ST.org_id=7";
}
if ($family eq "ALL") {
$family = "'C/D' or ST.family='H/ACA'";
}
else {
$family = "'$family'";
}
if ($target ne "ALL") {
$family = "$family and T.target_name='$target'";
}
my($db_query,$common_tar,$exp_ver_sno,$exp_ver_tar,$total);
$db_query = "SELECT ST.sno_name,T.target_name,T.location,T.base_pair,SM.annotated_seq FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and SM.mod_id=T.target_id and (ST.org_id=$orig_sno) and (ST.family=$family)";
$common_tar="and T.target_id in(SELECT T.target_id FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and SM.mod_id=T.target_id group by T.target_id having count(*)=2) order by T.location desc";
$exp_ver_sno="and ST.exper_ver='Y'";
$exp_ver_tar = "and T.exp_ver='Y'";
if ($query_type eq "snoRNAs with common targets") {
$db_query=$db_query.$common_tar;
}
elsif ($query_type eq "Experimentally verified snoRNAs") {
$db_query=$db_query.$exp_ver_sno;
}
elsif ($query_type eq "snoRNAs with experimentally verified targets") {
$db_query=$db_query.$exp_ver_tar;
}
elsif ($query_type eq "ALL"){
$db_query=$db_query;
}
my $sth = $dbh->prepare($db_query);
$sth->execute();
my$total = $sth->rows;
print "<table border=1>\n
<tr>
<th>snoRNA</th>\n
<th>Target Name</th>\n
<th>Target Location</th>\n
<th>Target Base Pair</th>\n
<th>Annotated Sequence</th>\n
</tr>\n";
while (my@row = $sth->fetchrow_array()){
my$sno_name = $row[0];
my$tar_name = $row[1];
my$tar_loc = $row[2];
my$tar_bp = $row[3];
my$annotated_seq = $row[4];
print "<tr>\n<td>$sno_name</td><td>$tar_name</td><td>$tar_loc</td><td>$tar_bp</td><td>$annotated_seq</td></tr>\n";
}
print "<tr>
<th>TOTAL</th>\n
<th>$total</th>\n
</tr>\n";
print "</table>";
}
幾乎可以肯定,您的問題是CSS文件的URL錯誤。 您可以通過查看Web服務器錯誤日志並查看CSS請求是否存在404記錄來確認這一點。
不幸的是,由於我不知道如何配置您的Web服務器,因此我無法告訴您正確的URL是什么。
您可能還需要解決其他幾個問題:
這是對Dave Cross關於SQL語句構建的評論的回應。 為了防止SQL注入,將語句構建轉換為使用綁定似乎很簡單。
要使用占位符綁定我覺得OP只需要更換變量$orig_sno
和$family
在$db_query
用變量?
字符。 像這樣:
$db_query = "SELECT ST.sno_name,T.target_name,T.location,T.base_pair,SM.annotated_seq
FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and
SM.mod_id=T.target_id and (ST.org_id=?) and (ST.family=?)"; # one line
...
my $sth = $dbh->prepare($db_query);
$sth->execute($orig_sno, $family);
但是,由於$family
變量可能是在先前條件的基礎上構建的,因此另一個變量$target
也在起作用。
if ($family eq "ALL") {
$family = "'C/D' or ST.family='H/ACA'";
}
else {
$family = "'$family'";
}
if ($target ne "ALL") {
$family = "$family and T.target_name='$target'";
}
占位符將處理此插值變量嗎? 還是$target
變量也需要它自己的占位符?
在這種情況下,是否所有要做的就是阻止SQL注入攻擊?
解決了。 如果$ target變量確實需要其自己的占位符,則對條件句進行一些調整即可解決問題。
else {
$family = "'$family'";
}
# removed - if $target ne ALL conditonal
my($db_query,$common_tar,$exp_ver_sno,$exp_ver_tar,$total);
$db_query = "SELECT ... and (ST.org_id=?) and (ST.family=?)";
if ($target ne "ALL") {
$db_query =~ s/\)$//;
$db_query .= ' and T.target_name=?)';
}
$common_tar="and T.target_id ... ";
...
my $sth = $dbh->prepare($db_query);
if ($target ne 'ALL'){
$sth->execute($orig_sno, $family, $target);
else{
$sth->execute($orig_sno, $family);
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.