if statement confusion

[Lizzy]

I am developing a script that takes input from a form and outputs the results to a page, the results are based on the choices made on the form.

The form has 4 input elements, what I want to do is add some code to my script so that if no selection is made in any of the input elements the query will become:

Code:

#Prepare query prior to execution
if (!($query = $dbh->prepare("SELECT * FROM databasename ")))
{       #output error message if preparation fails
        &outputErr("couldn't prepare statement".$dbh->errstr); }

In other words should a selection not be made in any selection choice then all the table data will be output.

How would I do this, I have an idea it will be an if statement, how will this be done?

The query if all choices are selected is:

Code:

#Prepare query prior to execution
if (!($query = $dbh->prepare("SELECT * FROM databasename WHERE choice = '$choice1'
 AND Person = '$choice2'
 AND Choice   = '$choice3'
 AND Row    = '$textinput' ")))
{       #output error message if preparation fails
        &outputErr("couldn't prepare statement".$dbh->errstr); }

[Lizzy]

Like this:

Code:

if ( !($boxset=CGI::param("boxset")) )
{
        if (!($query = $dbh->prepare("SELECT * FROM databasename")))
{       #output error message if preparation fails
        &outputErr("couldn't prepare statement".$dbh->errstr); }
}

[Ron]

Can I make a suggestion in your coding style?

When creating blocks of indented code, choose one of the following styles:

Code:

if <condition> {
   ...truth statement...
   ...truth statement...
} else {
   ...false statement...
   ...false statement...
}

or

if <condition>
{
   ...true statement...
   ...true statement...
}
else
{
   ...false statement...
   ...false statement...
}

In secondary levels of indentation the braces follow the code level as well.

Code:

if <condition> {
   if <condition> {
      ...truth statement...
      ...truth statement...
   } else {
      ...false statement...
      ...false statement...
   }
   ...truth statement...
   ...truth statement...
} else {
   ...false statement...
   ...false statement...
}

or

if <condition>
{
   if <condition>
   {
      ...true statement...
      ...true statement...
   }
   else
   {
      ...false statement...
      ...false statement...
   }
   ...true statement...
   ...true statement...
}
else
{
   ...false statement...
   ...false statement...
}

Good luck

[Lizzy]

But I don't think I am that concerned with the aesthetic aspects of my code.

If it works I like it as a rule, to be honest I am not good enough to worry about how it looks, it's not something I even think about.

One day perhaps

[jason]

I think what Ron is getting at is that if you make a habbit of keeping your code clear, it becomes much easier to maintain (and get working).

For example, in your sample code you showed all of your closing }'s flush left, something like this:

Code:

if(.....) {
    if(.....) {
        ..........
}
}

The problem with this is that it is hard to tell which block that brace is closing. As you get into more and more complex code you sometimes have several nested blocks of code. If you keep all of these blocks well-alligned and you forget to close one of them it become much easier to track down because things stop lining up. Take it from an experienced programmer: you will often forget to close code blocks, which will result in cryptic, seemingly sensless errors from your compiler/interpreter. Clean code makes is much easier to debug.

Well-formatted code is also easier for others to follow, such as when you ask for help or share something with a colleague.

I don't mean to speak for Ron, but as experienced programmers I think he and I both want to help you avoid some of the pitfalls we encountered when we were starting out.

--Jason

[Lizzy]

I understand the points but as I said, I know so little about Perl, getting the code to look pretty is like having two tasks to do instead of one, which if I may be honest is a difficult enough task for me at the best of times.

I will try to do it, but as I said when I am working at coding, the way it looks seems unimportant compared to getting it to work, if I worry too much about style I may not even finish.

There should be a button I can click to beautify my code, that would be a good addition to this board.

[Spathiphyllum]

There should be a button I can click to beautify my code, that would be a good addition to this board.

A-ha, but there are!

Just to introduce you to a great set of tools to your ever-burgeoning kit:

HTML-kit

Then add the plugin:
hkPerlTidy

Run it, tweak it, edit code, release code - perfect code. Make gobs of money... well, theoretically.

There are many such tools on the web but this program (with all of its plugins) is terrific. And it's free - payment optional.

[Ron]

Jason hit both points on the nail's head.

1) I had difficulty in following your code, the same way you might have difficulty in following this sentence:

I difficulty have following in your code, this sentence the way same as you might have following.

I had to stop and really study what it was your were trying to accomplish, when it should have just jumped off the page without any effort. I couldn't find where you had closed your blocks; I didn't know at first whether your problem was related to your "if condition" or the structure of your code. The formatting of your code helps to display your intent to everyone -including yourself-, helps to spot logic bug, and may help to clarify your thinking as your work through your program flow and logic issues.

2)

the way it looks seems unimportant compared to getting it to work, if I worry too much about style I may not even finish.

It's kind of "pay me now or pay me later". You may in fact be able to code something quick-and-dirty and have it work, but, as you've found out, it's much more likely that it won't work when you're a beginner. Eventually you will need to learn to properly format your code, and then it will be second nature to you. You were already using a consistent style to format your code, it's just that style wasn't an "industry standard" and surely will lead your down a path of frustration and heartbreak.

If your project has any level of complexity, getting it to work will require debugging, and having a well formatted piece of code will be a big help. I don't know if you intend to become a professional developer, but if you do, this will be a great step towards that goal.

Either way, Good luck with your project!

PS If you are accepting input from a user and plan on using that input as the basis of a query to your database, you are going to need to do a lot of error checking and other input-field editing, which can get nested quite deeply at times...Other wise a sneaky user can use the input fields and inject incredibly damaging code into your database...

[Lizzy]

'windows cannot find Perl.exe'

[Lizzy]

I cannot see any difference though, maybe it's my eyes.

Code:

 if (!($query = $dbh->prepare("SELECT * FROM databasename ")))
{       #output error message if preparation fails
        &outputErr("couldn't prepare statement".$dbh->errstr); }
}

That look any different.

[Spathiphyllum]

'windows cannot find Perl.exe'...

Well, if you don't have Perl installed, that would be a problem.

Assuming that's not the case, try editing your OS Default path (I'm not on XP so I don't know if this sequence is exactly the same - it should get you close though.):

Start->Settings->Control Panel->System->Advanced->Environment variables->System variables->Path->Edit->

Then append the path with:

X:\Path\to\perl\bin\;


Or if in HTML-kit, set your preferences.

Edit->Preferences->Actions->Plugins Options->Perl interpreter

Then, set the path to perl.exe

[Lizzy]

PS If you are accepting input from a user and plan on using that input as the basis of a query to your database, you are going to need to do a lot of error checking and other input-field editing, which can get nested quite deeply at times...Other wise a sneaky user can use the input fields and inject incredibly damaging code into your database...

Do you mean like this:

Code:

#!/www/perl/bin/perl -T
#Shebang with the taint mode -T switch selected

#Forces declaration of variables
use strict;

#use the common gateway interface
use CGI;

#Use the database interface module
use DBI;

#Warn you against code that might be wrong
use Warnings;

#Will redirect all fatal error messages to the browser
use CGI::Carp qw(fatalsToBrowser);

#Guard against flooding and DOS attacks
$CGI::POST_MAX = 128;

#Disable uploads for security
$CGI::DISABLE_UPLOADS = 1;

[Lizzy]

Well, if you don't have Perl installed, that would be a problem

Apparently I have 3 versions installed on different drives I removed them and installed a fresh copy, ran the plugin and voila nothing happened HeHe.

[Ron]

I cannot see any difference though, maybe it's my eyes.

Code:

 if (!($query = $dbh->prepare("SELECT * FROM databasename ")))
{       #output error message if preparation fails
        &outputErr("couldn't prepare statement".$dbh->errstr); }
}

That look any different.

Actually that code does contain an error... there is an extra curly brace hiding at the end of your outputErr line..

[Ron]

Do you mean like this:

Code:

#!/www/perl/bin/perl -T
#Shebang with the taint mode -T switch selected

#Forces declaration of variables
use strict;

#use the common gateway interface
use CGI;

#Use the database interface module
use DBI;

#Warn you against code that might be wrong
use Warnings;

#Will redirect all fatal error messages to the browser
use CGI::Carp qw(fatalsToBrowser);

#Guard against flooding and DOS attacks
$CGI::POST_MAX = 128;

#Disable uploads for security
$CGI::DISABLE_UPLOADS = 1;

Not really, those are language modules and compiler directives.

You will need to do things like
Check that there are no UNION statements in the input (unless of course your are talking addresses, and someone might live on Union Street
Check for the percent sign
Check for quotes
Check for other SQL keywords and HTML special characters

I'm sure there's a tutorial on this somewhere on the web. I've not had to do that kind of manual checking, as I've tried to limit people's inputs to check boxes and drop downs, and the like. But I'm about to write (or beg, borrow/steal) a search query builder, so if you find something good, let me know!