RE: Can"t call method "prepare" on an undefined value

------_=_NextPart_001_01C7448A.47D650F1
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Chong,

=20

I am not a web programmer, but I see some things I would definitely fix
in your program:

=20

1. You should always 'use strict;' and 'use warnings;' - it will
help you find things like this.
2. You should always check your statement handles after all calls
(ora_open()).
3. You should always use bind variables to avoid SQL injection.
4. Line #92 looks suspicious to me - shouldn't there be two "\n"
characters to avoid the "premature end of script headers" error (see
http://htmlfixit.com/cgi-tutes/tutorial_Common_Web_dev_error _messages_an
d_what_they_mean.php)?

=20

--

Ron Reidy

Lead DBA=20

Array BioPharma, Inc.

=20

=20

=20

________________________________

From: Chong, Wei-Ling [mailto:Wei-Ling.Chong@amd.com]=20
Sent: Tuesday, January 30, 2007 3:23 AM
To: dbi-users@perl.org
Subject: Can't call method "prepare" on an undefined value

=20

Hi, I have one oracle database located at server A and setup the Oracle
HTTP Server at Server B. Both server are Solaris server. I have
installed DBI and DBD into Server B and setup the oraperl in my perl
script.

When I run the perl script, I am getting error:

=20

=20

Can't call method "prepare" on an undefined value at
/oracle/app/http/product/OA

S10.1.2.0.2/perl/lib/site_perl/5.6.1/sun4-solaris/Oraperl.pm line 121.

[Tue Jan 30 16:39:26 2007] [error] [client 165.204.172.185] [ecid:
1170146365:16

5.204.178.123:1213:0:7,0] Premature end of script headers:
/oracle/app/http/dl/w

eb/cgi/eppcd/ppcd_approval_ora.pl

=20

It works fine when the oraperl is located same server as the database. I
search through internet and it might due to connection string problem. I
am able to sqlplus to this database in Server B: sqlplus
ppcd@equal.dev.edms2

=20

Attached is my perl script. Is there any error on my oraperl code?

=20

Please help, very appriate.

Thanks.

=20

Best Regards,

Chong

=20


This electronic message transmission is a PRIVATE communication which =
contains
information which may be confidential or privileged. The information is =
intended=20
to be for the use of the individual or entity named above. If you are =
not the=20
intended recipient, please be aware that any disclosure, copying, =
distribution=20
or use of the contents of this information is prohibited. Please notify =
the
sender of the delivery error by replying to this message, or notify us =
by
telephone (877-633-2436, ext. 0), and then delete it from your system.


------_=_NextPart_001_01C7448A.47D650F1--

RE: Can"t call method "prepare" on an undefined value

------_=_NextPart_001_01C744EC.372C841C
Content-Type: text/plain;
charset=us-ascii
Content-Transfer-Encoding: quoted-printable

Hi,

=20

The error happen on the line to connect to that database:

$lda =3D &ora_login('','PPCD@equal.dev.edms2','dlbest')

=20

If I add "or die $ora_errstr" on the same line, it returns error below:

$lda =3D &ora_login('','PPCD@equal.dev.edms2','dlbest') or die =
$oraerrstr;

=20

(UNKNOWN OCI STATUS 1804) OCIInitialize. Check ORACLE_HOME and NLS
settings etc.

at /oracle/app/http/dl/web/cgi/eppcd/ppcd_approval_ora.pl line 33.

=20

I have set ORACLE_HOME and NLS env string on top of the perl script, but
still getting the same error.

This script is working fine I located the script in same server as the
database.

=20

Please help.

Thanks a lot.

=20

=20

=20

=20

________________________________

From: Reidy, Ron [mailto:Ron.Reidy@arraybiopharma.com]=20
Sent: Wednesday, January 31, 2007 12:19 AM
To: Chong, Wei-Ling; dbi-users@perl.org
Subject: RE: Can't call method "prepare" on an undefined value

=20

Chong,

=20

I am not a web programmer, but I see some things I would definitely fix
in your program:

=20

1. You should always 'use strict;' and 'use warnings;' - it will
help you find things like this.
2. You should always check your statement handles after all calls
(ora_open()).
3. You should always use bind variables to avoid SQL injection.
4. Line #92 looks suspicious to me - shouldn't there be two "\n"
characters to avoid the "premature end of script headers" error (see
http://htmlfixit.com/cgi-tutes/tutorial_Common_Web_dev_error _messages_an
d_what_they_mean.php)?

=20

--

Ron Reidy

Lead DBA=20

Array BioPharma, Inc.

=20

=20

=20

________________________________

From: Chong, Wei-Ling [mailto:Wei-Ling.Chong@amd.com]=20
Sent: Tuesday, January 30, 2007 3:23 AM
To: dbi-users@perl.org
Subject: Can't call method "prepare" on an undefined value

=20

Hi, I have one oracle database located at server A and setup the Oracle
HTTP Server at Server B. Both server are Solaris server. I have
installed DBI and DBD into Server B and setup the oraperl in my perl
script.

When I run the perl script, I am getting error:

=20

=20

Can't call method "prepare" on an undefined value at
/oracle/app/http/product/OA

S10.1.2.0.2/perl/lib/site_perl/5.6.1/sun4-solaris/Oraperl.pm line 121.

[Tue Jan 30 16:39:26 2007] [error] [client 165.204.172.185] [ecid:
1170146365:16

5.204.178.123:1213:0:7,0] Premature end of script headers:
/oracle/app/http/dl/w

eb/cgi/eppcd/ppcd_approval_ora.pl

=20

It works fine when the oraperl is located same server as the database. I
search through internet and it might due to connection string problem. I
am able to sqlplus to this database in Server B: sqlplus
ppcd@equal.dev.edms2

=20

Attached is my perl script. Is there any error on my oraperl code?

=20

Please help, very appriate.

Thanks.

=20

Best Regards,

Chong

=20

________________________________

This electronic message transmission is a PRIVATE communication which
contains information=20
which may be confidential or privileged. The information is intended to
be for the use of the individual=20
or entity named above. If you are not the intended recipient, please be
aware that any disclosure,=20
copying, distribution or use of the contents of this information is
prohibited. Please notify the sender=20
of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0),=20
and then delete it from your system.


------_=_NextPart_001_01C744EC.372C841C--

Re: Can"t call method "prepare" on an undefined value

Please delete that script NOW, it is EXTREMLY INSECURE. There are at
least THREE ways to compromise the database, the webserver and to send
arbitary mails. It lacks all kinds of error checks, as you have seen
yourself. The code is written in a way that makes it very hard to detect
accidentally included errors. Get rid of Oraperl, home-grown CGI code,
and Perl 4 function calls. Enable strict, warnings, and taint mode.

My offer still exists: If you need assistance in making the script work
securely, using taint mode, CGI and DBI methods, contact me via e-mail.
I don't want any money for it, I just want to get this piece of horror
out of this world. I would also do this on the dbi-users mailing list,
but it will become off-topic very soon, so let's do it via e-mail.

Nevertheless, you load the Oracle client libraries in the line "use
Oraperl;", this happens at COMPILE TIME of the script. You modify the
environment (%ENV) at RUN TIME, when the Oracle client libraries have
already been initialised without the missing environment variables.

The recommended way to set the environment variables is to make the
webserver (probably Apache, probably included with Oracle) set the
environment variables before your script is actually run. With Apache,
set the variables for the Apache run account and use the PassEnv
directive (http://httpd.apache.org/docs/1.3/mod/mod_env.html#passenv) or
set the variables inside Apache using SetEnv
(http://httpd.apache.org/docs/1.3/mod/mod_env.html#setenv). This way,
you have to change the Oracle environment variables only at one place,
httpd.conf, and not in each and every CGI.

There are ways to modify the environment at compile time, but I refuse
to tell you how it is done. Unless done right, it would cause even more
pain to you, and it would not help making that script more secure. (Not
that the Apache way would make the script secure in any way, but it
makes it a little bit more maintainable.)

Alexander

Chong, Wei-Ling wrote:
> Hi,
>
>
>
> The error happen on the line to connect to that database:
>
> $lda = &ora_login('','PPCD@equal.dev.edms2','dlbest')
>
>
>
> If I add "or die $ora_errstr" on the same line, it returns error below:
>
> $lda = &ora_login('','PPCD@equal.dev.edms2','dlbest') or die $oraerrstr;
>
>
>
> (UNKNOWN OCI STATUS 1804) OCIInitialize. Check ORACLE_HOME and NLS
> settings etc.
>
> at /oracle/app/http/dl/web/cgi/eppcd/ppcd_approval_ora.pl line 33.
>
>
>
> I have set ORACLE_HOME and NLS env string on top of the perl script, but
> still getting the same error.
>
> This script is working fine I located the script in same server as the
> database.
>
>
>
> Please help.
>
> Thanks a lot.
>
>
>
>
>
>
>
>
>
> ________________________________
>
> From: Reidy, Ron [mailto:Ron.Reidy@arraybiopharma.com]
> Sent: Wednesday, January 31, 2007 12:19 AM
> To: Chong, Wei-Ling; dbi-users@perl.org
> Subject: RE: Can't call method "prepare" on an undefined value
>
>
>
> Chong,
>
>
>
> I am not a web programmer, but I see some things I would definitely fix
> in your program:
>
>
>
> 1. You should always 'use strict;' and 'use warnings;' - it will
> help you find things like this.
> 2. You should always check your statement handles after all calls
> (ora_open()).
> 3. You should always use bind variables to avoid SQL injection.
> 4. Line #92 looks suspicious to me - shouldn't there be two "\n"
> characters to avoid the "premature end of script headers" error (see
> http://htmlfixit.com/cgi-tutes/tutorial_Common_Web_dev_error _messages_an
> d_what_they_mean.php)?
>
>
>
> --
>
> Ron Reidy
>
> Lead DBA
>
> Array BioPharma, Inc.
>
>
>
>
>
>
>
> ________________________________
>
> From: Chong, Wei-Ling [mailto:Wei-Ling.Chong@amd.com]
> Sent: Tuesday, January 30, 2007 3:23 AM
> To: dbi-users@perl.org
> Subject: Can't call method "prepare" on an undefined value
>
>
>
> Hi, I have one oracle database located at server A and setup the Oracle
> HTTP Server at Server B. Both server are Solaris server. I have
> installed DBI and DBD into Server B and setup the oraperl in my perl
> script.
>
> When I run the perl script, I am getting error:
>
>
>
>
>
> Can't call method "prepare" on an undefined value at
> /oracle/app/http/product/OA
>
> S10.1.2.0.2/perl/lib/site_perl/5.6.1/sun4-solaris/Oraperl.pm line 121.
>
> [Tue Jan 30 16:39:26 2007] [error] [client 165.204.172.185] [ecid:
> 1170146365:16
>
> 5.204.178.123:1213:0:7,0] Premature end of script headers:
> /oracle/app/http/dl/w
>
> eb/cgi/eppcd/ppcd_approval_ora.pl
>
>
>
> It works fine when the oraperl is located same server as the database. I
> search through internet and it might due to connection string problem. I
> am able to sqlplus to this database in Server B: sqlplus
> ppcd@equal.dev.edms2
>
>
>
> Attached is my perl script. Is there any error on my oraperl code?
>
>
>
> Please help, very appriate.
>
> Thanks.
>
>
>
> Best Regards,
>
> Chong
>
>
>
> ________________________________
>
> This electronic message transmission is a PRIVATE communication which
> contains information
> which may be confidential or privileged. The information is intended to
> be for the use of the individual
> or entity named above. If you are not the intended recipient, please be
> aware that any disclosure,
> copying, distribution or use of the contents of this information is
> prohibited. Please notify the sender
> of the delivery error by replying to this message, or notify us by
> telephone (877-633-2436, ext. 0),
> and then delete it from your system.
>
>
>

--
Alexander Foken
mailto:alexander@foken.de http://www.foken.de/alexander/

RE: Can"t call method "prepare" on an undefined value

------_=_NextPart_001_01C7454A.55F7A26D
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

Chong,

=20

You have not left the realm of DBI/perl issues. This is an Oracle
issue. From the error docs:

=20

$ oerr ora 1804

01804, 00000, "failure to initialize timezone information"

// *Cause: The timezone information file was not properly read.

// *Action: Please contact Oracle Customer Support.

=20

So, there you go.

=20

--

Ron Reidy

Lead DBA

Array BioPharma, Inc.

=20

________________________________

From: Chong, Wei-Ling [mailto:Wei-Ling.Chong@amd.com]=20
Sent: Tuesday, January 30, 2007 9:00 PM
To: Reidy, Ron; dbi-users@perl.org
Subject: RE: Can't call method "prepare" on an undefined value

=20

Hi,

=20

The error happen on the line to connect to that database:

$lda =3D &ora_login('','PPCD@equal.dev.edms2','dlbest')

=20

If I add "or die $ora_errstr" on the same line, it returns error below:

$lda =3D &ora_login('','PPCD@equal.dev.edms2','dlbest') or die =
$oraerrstr;

=20

(UNKNOWN OCI STATUS 1804) OCIInitialize. Check ORACLE_HOME and NLS
settings etc.

at /oracle/app/http/dl/web/cgi/eppcd/ppcd_approval_ora.pl line 33.

=20

I have set ORACLE_HOME and NLS env string on top of the perl script, but
still getting the same error.

This script is working fine I located the script in same server as the
database.

=20

Please help.

Thanks a lot.

=20

=20

=20

=20

________________________________

From: Reidy, Ron [mailto:Ron.Reidy@arraybiopharma.com]=20
Sent: Wednesday, January 31, 2007 12:19 AM
To: Chong, Wei-Ling; dbi-users@perl.org
Subject: RE: Can't call method "prepare" on an undefined value

=20

Chong,

=20

I am not a web programmer, but I see some things I would definitely fix
in your program:

=20

1. You should always 'use strict;' and 'use warnings;' - it will
help you find things like this.
2. You should always check your statement handles after all calls
(ora_open()).
3. You should always use bind variables to avoid SQL injection.
4. Line #92 looks suspicious to me - shouldn't there be two "\n"
characters to avoid the "premature end of script headers" error (see
http://htmlfixit.com/cgi-tutes/tutorial_Common_Web_dev_error _messages_an
d_what_they_mean.php)?

=20

--

Ron Reidy

Lead DBA=20

Array BioPharma, Inc.

=20

=20

=20

________________________________

From: Chong, Wei-Ling [mailto:Wei-Ling.Chong@amd.com]=20
Sent: Tuesday, January 30, 2007 3:23 AM
To: dbi-users@perl.org
Subject: Can't call method "prepare" on an undefined value

=20

Hi, I have one oracle database located at server A and setup the Oracle
HTTP Server at Server B. Both server are Solaris server. I have
installed DBI and DBD into Server B and setup the oraperl in my perl
script.

When I run the perl script, I am getting error:

=20

=20

Can't call method "prepare" on an undefined value at
/oracle/app/http/product/OA

S10.1.2.0.2/perl/lib/site_perl/5.6.1/sun4-solaris/Oraperl.pm line 121.

[Tue Jan 30 16:39:26 2007] [error] [client 165.204.172.185] [ecid:
1170146365:16

5.204.178.123:1213:0:7,0] Premature end of script headers:
/oracle/app/http/dl/w

eb/cgi/eppcd/ppcd_approval_ora.pl

=20

It works fine when the oraperl is located same server as the database. I
search through internet and it might due to connection string problem. I
am able to sqlplus to this database in Server B: sqlplus
ppcd@equal.dev.edms2

=20

Attached is my perl script. Is there any error on my oraperl code?

=20

Please help, very appriate.

Thanks.

=20

Best Regards,

Chong

=20

________________________________

This electronic message transmission is a PRIVATE communication which
contains information=20
which may be confidential or privileged. The information is intended to
be for the use of the individual=20
or entity named above. If you are not the intended recipient, please be
aware that any disclosure,=20
copying, distribution or use of the contents of this information is
prohibited. Please notify the sender=20
of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0),=20
and then delete it from your system.


------_=_NextPart_001_01C7454A.55F7A26D--