将css纳入perl cgi时遇到问题

时间:2014-03-04 12:24:23

标签: css perl cgi

下面的代码是一个cgi文件,我在外部css文件中显示图像和样式时遇到问题。代码在第18-28行,我不确定我做错了什么。我将不胜感激任何帮助。

 #!/usr/bin/perl -w
use strict;
use DBI;
use CGI;
use CGI::Carp('fatalsToBrowser');

my $query = new CGI;
print $query->header();
my $my_database = "TrypSnoDB";
my $localhost = "localhost";
my $dsn = "DBI:mysql:$my_database:$localhost";
my $db_user_name = "adrian";
my $db_password = "temp_pass";
my $dbh = DBI->connect("DBI:mysql:database=TrypSnoDB;host=localhost;mysql_socket=/private/software/mysql/mysql.sock","adrian","temp_pass", {'RaiseError' => 1});

print "<html>\n";
print "<head>\n";
print "<title>Welcome to the T. Brucei snoRNA Database</title>\n";
print "<link type='text/css' rel='stylesheet' href='/public_html/style.css'>\n";
print "</head>\n";
print "<body>\n";
print "<h1>Trypanosomatid snoRNA Database</h1>\n";   
print "<img class='my_images' src='/public_html/tb_pic1.png'>\n";
print "</body>\n";
print "</html>\n";


if ($query->param('submit1')){
    my $orig_sno = $query->param('snorna1');
    my $family = $query->param('family1');
    my $query_type = $query->param('target_option1');
    my $target = $query->param('target_name1');
    if ($orig_sno eq "Trypanosoma brucei") {
        $orig_sno = 1;
    }
    elsif ($orig_sno eq "Leishmania major") {
        $orig_sno = 7;
    }
    elsif ($orig_sno eq "ALL") {
        $orig_sno = "1 or ST.org_id=7";
    }
    if ($family eq "ALL") {
        $family = "'C/D' or ST.family='H/ACA'";
    }
    else {
        $family = "'$family'";
    }
    if ($target ne "ALL") {
        $family = "$family and T.target_name='$target'";
    }
    my($db_query,$common_tar,$exp_ver_sno,$exp_ver_tar,$total);
    $db_query = "SELECT ST.sno_name,T.target_name,T.location,T.base_pair,SM.annotated_seq FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and SM.mod_id=T.target_id and (ST.org_id=$orig_sno) and (ST.family=$family)";
    $common_tar="and T.target_id in(SELECT T.target_id FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and SM.mod_id=T.target_id group by T.target_id having count(*)=2) order by T.location desc";
    $exp_ver_sno="and ST.exper_ver='Y'";
    $exp_ver_tar = "and T.exp_ver='Y'";
    if ($query_type eq "snoRNAs with common targets") {
        $db_query=$db_query.$common_tar;
    }
    elsif ($query_type eq "Experimentally verified snoRNAs") {
        $db_query=$db_query.$exp_ver_sno;
    }
    elsif ($query_type eq "snoRNAs with experimentally verified targets") {
        $db_query=$db_query.$exp_ver_tar;
    }
    elsif ($query_type eq "ALL"){
        $db_query=$db_query;
    }   
    my $sth = $dbh->prepare($db_query);
    $sth->execute();
    my$total = $sth->rows; 
        print "<table border=1>\n
    <tr>
        <th>snoRNA</th>\n
        <th>Target Name</th>\n
        <th>Target Location</th>\n
        <th>Target Base Pair</th>\n
        <th>Annotated Sequence</th>\n
    </tr>\n";
    while (my@row = $sth->fetchrow_array()){
        my$sno_name = $row[0];
        my$tar_name = $row[1];
        my$tar_loc = $row[2];
        my$tar_bp = $row[3];
        my$annotated_seq = $row[4];
        print "<tr>\n<td>$sno_name</td><td>$tar_name</td><td>$tar_loc</td><td>$tar_bp</td><td>$annotated_seq</td></tr>\n";
    }
    print "<tr>
        <th>TOTAL</th>\n
        <th>$total</th>\n
    </tr>\n";
    print "</table>";
}

2 个答案:

答案 0 :(得分:2)

您的问题几乎肯定是您的CSS文件的URL错误。您可以通过查看Web服务器错误日志并查看CSS请求是否有404记录来确认。

不幸的是,我无法告诉您正确的URL是什么,因为我不知道您的Web服务器是如何配置的。

您可能希望解决以下几个问题:

  • 您生成的HTML无效。您可以在和标签之外打印标签。在Perl程序中打印原始HTML是一个糟糕的想法 - 在这里制作各种错误太容易了。建议您使用模板引擎(我推荐Template Toolkit)。
  • 您的数据库查询容易SQL injection attacks。在有人破坏您的服务器之前,请切换到使用绑定变量。

答案 1 :(得分:2)

这是对Dave Cross关于SQL语句构建的评论的回应。将语句构建转换为使用绑定似乎相当简单,以防止SQL注入。

要使用占位符绑定,我认为OP只需要用$orig_sno字符替换$family变量中的变量$db_query?。像这样:

$db_query = "SELECT ST.sno_name,T.target_name,T.location,T.base_pair,SM.annotated_seq
FROM sno_Table ST,sno_Modifications SM,Targets T WHERE ST.sno_id=SM.sno_id and
SM.mod_id=T.target_id and (ST.org_id=?) and (ST.family=?)";   # one line
...
my $sth = $dbh->prepare($db_query);
$sth->execute($orig_sno, $family);

然而,由于$family变量可能是由前一个条件构建的,因此另一个变量$target也在使用中。

    if ($family eq "ALL") {
    $family = "'C/D' or ST.family='H/ACA'";
}
else {
    $family = "'$family'";
}
if ($target ne "ALL") {
    $family = "$family and T.target_name='$target'";
}

占位符是否会处理此插值变量?或者$target变量是否也需要自己的占位符?

在这种情况下,这样做是为了阻止SQL注入攻击吗?

解决。如果$ target变量确实需要它自己的占位符,那么对条件的一些调整就可以了。

else {
    $family = "'$family'";
}
# removed - if $target ne ALL conditonal

my($db_query,$common_tar,$exp_ver_sno,$exp_ver_tar,$total);

$db_query = "SELECT  ...  and (ST.org_id=?) and (ST.family=?)";
if ($target ne "ALL") {     
    $db_query =~ s/\)$//;
    $db_query .= ' and T.target_name=?)';
}
$common_tar="and T.target_id ... ";
... 
my $sth = $dbh->prepare($db_query);

if ($target ne 'ALL'){
  $sth->execute($orig_sno, $family, $target);
else{
  $sth->execute($orig_sno, $family);
}
相关问题
最新问题