Hello I just started using Dancer, and I find it quite useful for mid-size webpages. I'm playing with it, but while trying out something like the blog engine in Perl Dancer Advent Calendar, I came to a problem of my own. I'm using damog's Dancer::Template::Haml wich is a wrapper for Text::Haml I will post my app.pm: --------------------------------------------------------------------------------------------------------------------------------------- package log; use Dancer ':syntax'; use DBI; our $VERSION = '0.1'; my $database = "lib/database.db"; sub connect_db { my $dbh = DBI->connect("dbi:SQLite:dbname=".$database) or die $DBI::errstr; return $dbh; } sub exec_sql { my $db = connect_db(); my $sql = "select id, url, title, text from entries where url ='".$_[0]."'"; my $sth = $db->prepare($sql) or die $db->errstr; $sth->execute or die $sth->errstr; return $sth->fetchrow_hashref(); $sth->finish(); } get '/' => sub { layout 'index'; my $entry = "hola"; my $field = exec_sql($entry); template 'index' => { 'url' => $field->{url}, 'title' => $field->{title}, 'text' => $field->{text}, }; }; get '/archive' => sub { return "This is the archive."; }; get '/:entr', sub { my $entry = params->{entr}; my $field = exec_sql($entry); template 'entries' => { title => $field->{title}, text => $field->{text}, }; }; true; --------------------------------------------------------------------------------------------------------------------------------------- The everything works correctly when you go to the root directory, everything is output as expected. But as soon as you go to http://localhost:3000/hola, the output is a run time error with a 404 Error. Please let me know if you need anymore information.
On Fri, 2011-01-14 at 16:42 -0800, Carlos Ivan Sosa wrote:
Hello I just started using Dancer, and I find it quite useful for mid-size webpages. I'm playing with it, but while trying out something like the blog engine in Perl Dancer Advent Calendar, I came to a problem of my own. I'm using damog's Dancer::Template::Haml wich is a wrapper for Text::Haml
I will post my app.pm:
---------------------------------------------------------------------------------------------------------------------------------------
package log; use Dancer ':syntax'; use DBI;
our $VERSION = '0.1';
my $database = "lib/database.db";
sub connect_db { my $dbh = DBI->connect("dbi:SQLite:dbname=".$database) or die $DBI::errstr;
return $dbh; }
You might want to consider using Dancer::Plugin::Database to handle database connections for you.
sub exec_sql { my $db = connect_db(); my $sql = "select id, url, title, text from entries where url ='".$_[0]."'"; my $sth = $db->prepare($sql) or die $db->errstr; $sth->execute or die $sth->errstr;
Dear God no! SQL injection vulnerabilities are not fun; use placeholders, never interpolate into an SQL query unless you have a very good reason to do so, and have taken measures to ensure the data is safe. For instance, my $sth = $db->prepare( "select id, url, title, text from entries where url = ?" ) or die $db->errstr; $sth->execute($url);
$sth->execute or die $sth->errstr; return $sth->fetchrow_hashref(); $sth->finish(); }
Note that you're returning before calling $sth->finish, so that won't actually get called :) [...]
The everything works correctly when you go to the root directory, everything is output as expected. But as soon as you go to http://localhost:3000/hola, the output is a run time error with a 404 Error.
Odd, it looks like it should work.
get '/:entr', sub { my $entry = params->{entr}; my $field = exec_sql($entry); template 'entries' => { title => $field->{title}, text => $field->{text}, }; };
The first thing to check is that views/entries.tt exists; I believe calling template() with a non-existent template name will raise a 404. If that's all fine, then what happens if you replace the '/:entr' route with something that doesn't use the template at all, for instance: get '/:entr' => sub { "OK, looking for " . params->{entr}; }; I've tested that here, and it works as expected; it would be useful to check that it works for you too, so we know the problem must be to do with the template usage. Cheers Dave P -- David Precious <davidp@preshweb.co.uk> ("bigpresh") http://www.preshweb.co.uk/
participants (2)
-
Carlos Ivan Sosa -
David Precious