ruby mysql errors -where am I going wrong here?

M

Mer Gilmartin

Here is my test code. I am wondering where I am going wrong.
I get no errors but the [temp] section in the db is still NULL.

@mytext = 'hi this is a test'
userentry = TkEntry.new(Frameone)
userentry.value = @mytext
ev = TkVirtualEvent.new('Button-1', 'Return')
userentry.bind(ev){@mytext = userentry.value; puts @mytext}

swopframebutton.bind('ButtonRelease-1'){@mytext = userentry.value; puts
@mytext}

begin
# connect to the MySQL server
dbh = Mysql.real_connect("localhost", "testuser", "testpass",
"test")

#res = dbh.query("INSERT INTO password (user, upassword, temp)
VALUES('check', 'check', #{@mytext})")
"INSERT INTO password (user, upassword, temp) VALUES('check',
'check', '#{@mytext}')"
 
M

Mer Gilmartin

would more comments help? I think i know whats happening which makes it
more confusing that its not working.
 
H

Hidetoshi NAGAI

From: Mer Gilmartin <[email protected]>
Subject: ruby mysql errors -where am I going wrong here?
Date: Wed, 25 Oct 2006 23:34:54 +0900
Message-ID: said:
Here is my test code. I am wondering where I am going wrong.
I get no errors but the [temp] section in the db is still NULL.
(snip your code)

Hmmm.... Maybe, what you want to do is something like the following.
-------------------------------------------------------------
require 'tk'

def update_db
# DB query
# dbh.query("INSERT INTO password (user, upassword, temp) VALUES('check', 'check', #{@mytext})")
puts "update DB : @mytext = '#{@mytext}'"
end

frame = Tk.root

@mytext = 'this is a test'

userentry = TkEntry.new(frame).pack
userentry.value = @mytext

ev = TkVirtualEvent.new('Button-1', 'Return')
userentry.bind(ev){
if Tk.focus == userentry && @mytext != userentry.value ##???
@mytext = userentry.value
update_db
end
}

Tk.mainloop
 
M

Mer Gilmartin

Hidetoshi said:
Hmmm.... Maybe, what you want to do is something like the following.

I cut it from a bigger program which had a lot of that code. But ill
check the code you gave me in case my understanding is lacking.
 
M

Mer Gilmartin

Mer said:
I cut it from a bigger program which had a lot of that code. But ill
check the code you gave me in case my understanding is lacking.

Sorry far. I can get the sample code to run, and Im finding it hard to
understand the very different way of doing it.

If anyone can help more I would be very grateful.
 
M

Mer Gilmartin

I meant "sorry so far I cant get the sample code to run".
This problem is really begining to bother me.
 
H

Hidetoshi NAGAI

From: Mer Gilmartin <[email protected]>
Subject: Re: ruby mysql errors -where am I going wrong here?
Date: Thu, 26 Oct 2006 00:52:00 +0900
Message-ID: said:
I meant "sorry so far I cant get the sample code to run".

Does it cause errors?
It will call the method to update the database, only if
the text in the entry is changed when the event 'ev' occurs.

# As you know, the DB-update method is a dummy.
 
M

Mer Gilmartin

# As you know, the DB-update method is a dummy.

ah I didnt. Im trying to get my db update method to work.
I the first section of code I thought I had the mysql to update a db.

Eh Ill look at it again tomorrow.
 
H

Hugh Sasse

Here is my test code. I am wondering where I am going wrong.
I get no errors but the [temp] section in the db is still NULL.

@mytext = 'hi this is a test'

I think you'll want :

@mytext = '`hi this is a test`'

in order that...
#res = dbh.query("INSERT INTO password (user, upassword, temp)
VALUES('check', 'check', #{@mytext})")

... that line becomes correct SQL syntax.
"INSERT INTO password (user, upassword, temp) VALUES('check',
'check', '#{@mytext}')"
MySQL needs backticks `` for strings. Coming from Unix this was something
I didn't expect.Hugh
 
D

David Vallner

--------------enig8694973BB4CFDCC937FE681D
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

Hugh said:
MySQL needs backticks `` for strings. Coming from Unix this was someth= ing
I didn't expect.

Since it works for the strings 'check', that's obviously not the problem.=


Also, I'd use a database API that supports parameter placeholders and
does query escaping for you.

Interpolating a string to get a SQL query is Bad (tm). Google around for
"sql injection", "pain", "anguish", "death" (right, some of those aren't
really related).

If anything, use Mysql.escape on strings first at the very least.

David Vallner


--------------enig8694973BB4CFDCC937FE681D
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFP+THy6MhrS8astoRAqpqAJ9Se7RfsVaNF5/NFogqrJdK2LqXOwCbBNXq
C0896bAlzWjr7llqyfBS2Go=
=o+Ty
-----END PGP SIGNATURE-----

--------------enig8694973BB4CFDCC937FE681D--
 
M

Mer Gilmartin

David said:
Since it works for the strings 'check', that's obviously not the
problem.

tested it to see if it changed anything. it doesnt. so you are right.
Also, I'd use a database API that supports parameter placeholders and
does query escaping for you.

Interpolating a string to get a SQL query is Bad (tm). Google around for
"sql injection", "pain", "anguish", "death" (right, some of those aren't
really related).

If anything, use Mysql.escape on strings first at the very least.

David Vallner

I know about sql injection. I just want to get a working way of taking
in data to my db first. Since Im having problems with even that, im not
too worried about anything else. Plus this is going to be attached to
the net. Its going to be on a stand alone.

Does anyone see anything I might be forgetting or doing wrong in the
sample code. Where am i dropping the data? Am I getting the data right?
Am i doing anything else wrong?
 
D

David Vallner

--------------enigAD972CA7F86DC3CFEF74296A
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Mer said:
I know about sql injection. I just want to get a working way of taking =
in data to my db first. Since Im having problems with even that, im not= =20
too worried about anything else. Plus this is going to be attached to=20
the net. Its going to be on a stand alone.
=20

Fair enough. Still, try using placeholder parameters instead of string
interpolation to see if that's indeed the problem?

http://www.tmtm.org/en/mysql/ruby/ - under the documentation for the
Mysql::Stmt class shows how. Mysql::query doesn't seem to support them.
Does anyone see anything I might be forgetting or doing wrong in the=20
sample code. Where am i dropping the data? Am I getting the data right?= =20
Am i doing anything else wrong?
=20

Litter some debugging output around? In particular, print @mytext at
various points, and the query string to a console to see if you're
trying to put anything into the DB in the first place - the problem
might be in the Tk interaction code for what it's worth. (I remain
blisfully ignorant on Tk by intention and GUI religious beliefs, so I
can't ascertain anything about it from the code snippet.)

David Vallner


--------------enigAD972CA7F86DC3CFEF74296A
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (MingW32)

iD8DBQFFQnAAy6MhrS8astoRAuIlAJ9QUoWPoSWUrPTXAutAJv4YPzf6/QCcCvvM
0ico5KDvqUuKt1yYy5MKwcQ=
=PNn9
-----END PGP SIGNATURE-----

--------------enigAD972CA7F86DC3CFEF74296A--
 
M

Mer Gilmartin

I suppose out of this I have these questions.
Knowing the right questions you want to ask is half the work right?

Is it possible to use a ruby variable to pass information to a mysql
query?
If it is not possible what is the work around?
Is it Bindtag.rb?

How do you test for data captured at a button event?
When do you place a tocommand line output?
In the button event? At the button binding.
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Members online

Forum statistics

Threads
473,744
Messages
2,569,484
Members
44,906
Latest member
SkinfixSkintag

Latest Threads

Top