?

Log in

No account? Create an account

Perl

« previous entry | next entry »
Jul. 31st, 2006 | 03:51 pm

I've been learning Perl lately. It's both one of the most interesting and cool computer-related things I've come across, and the most insanely fscking retarded. I guess that's what it's known for. But I have a question, because this just cannot be right (okay maybe it can). I need to remotely execute a mysql command via ssh because the computer with the mysql server only allows local mysql connections. After assembling my sql, I have to do this:
$sqlcmd = quotemeta quotemeta $sqlcmd;
$out = `ssh alex\@$wikiserver mysql -u $wikidbusr -p$wikidbpw $wikidbname -e $sqlcmd`;
Why do I have to quotemeta the sql twice? I've tried putting it in single quotes or several single quotes or escaped single quotes and the only thing that works is escaping the entire thing twice. Is this just the price you pay for running shit from perl to shell to ssh to shell?

| Leave a comment | Share

Comments {10}

DBD::Proxy?

from: yuval_kogman
date: Aug. 1st, 2006 11:46 am (UTC)

I'd suggest using DBD::Proxy, and DBI's own quoting. quotemeta is for perl's regexes and a bit more, so it's probably not very reliable for sql.

Furthermore, `` will need one level of quoting for the shell, and the shell inside ssh will need a second level of quoting, but will also need quoting for the $sqlcmnd or it'll be taken as multiple arguments.

IPC::Run can help you get rid of one level of shell escaping by making the `` thing a little more "manual".

Good luck!

Reply | Thread

Alex P.

Re: DBD::Proxy?

from: wetzel
date: Aug. 1st, 2006 05:27 pm (UTC)

DBD::Proxy looks nice, except it has to have a server running on the other end, which is just another security issue to keep track of (and open in the firewall). I was originally going to use Net::SSH, but this script needs to run on a FreeBSD 4.11 server which I'd rather not install bunches of CPAN modules on. As far as the quoting, using DBI's quoting in this context wouldn't make sense, because I want to quote for the shell, not for sql. In addition to the quoting for the shell, I know I need to quote the values I take in when I assemble the sql. I've re-thought how I'm doing it and I think it's safer to write my sql to a file, scp it to the remote machine, and have mysql read the file in. That way I'll avoid any potential shell injection (and I'd much rather have the remote machine 0wned that the machine this script is running on).

Reply | Parent | Thread

Alex P.

Re: DBD::Proxy?

from: wetzel
date: Aug. 1st, 2006 06:22 pm (UTC)

Oh did I happen to mention
$ perl -v
This is perl, version 5.005_03 built for i386-freebsd
Copyright 1987-1999, Larry Wall

And I can't do anything about that.

Reply | Parent | Thread

notorious

Re: DBD::Proxy?

from: justbarelythere
date: Aug. 1st, 2006 09:41 pm (UTC)

Why do I never have any idea what the bloody hell you are speaking of...

Reply | Parent | Thread

Alex P.

Re: DBD::Proxy?

from: wetzel
date: Aug. 1st, 2006 11:56 pm (UTC)

Because you're not a h4x0r. It's okay. Most of the people who read my LJ don't know what the bloody hell I'm talking about except for "computer stuff".

Reply | Parent | Thread

Re: DBD::Proxy?

from: yuval_kogman
date: Aug. 1st, 2006 11:13 pm (UTC)

What about an ssh tunnel?

my $pid = fork || exec qw(ssh -N -L randomport:localhost:mysqlport mysqlmachine);

DBI->connect("dbi:mysql:...."): # i don't know the DBD options for this

waitpid $pid

With appropriate error checking, of course.

Reply | Parent | Thread

Re: DBD::Proxy?

from: yuval_kogman
date: Aug. 1st, 2006 11:15 pm (UTC)

I should mention that the DBI connection should be to localhost on randomport, and that waitpid needs two arguments.

Reply | Parent | Thread

Alex P.

Re: DBD::Proxy?

from: wetzel
date: Aug. 1st, 2006 11:59 pm (UTC)

I get the idea, and it's a pretty good idea. I would use it, except I've already got the tempfile making and scp'ing thing done, and it works. I'll remember the tunnel mysql trick for the future — ssh tunnels come in handy all over the place.

May I ask, who are you and how did you find my LJ? You seem to have written a lot of perl stuff, judging by your website . . .

Reply | Parent | Thread

Re: DBD::Proxy?

from: yuval_kogman
date: Aug. 2nd, 2006 07:20 am (UTC)

I am a clickaholic.. Found you somewhere on last.fm, and then without noticing what I was doing I was in your LJ, and thought that you could use a bit of assistance ;-)

Reply | Parent | Thread

Alex P.

Re: DBD::Proxy?

from: wetzel
date: Aug. 3rd, 2006 07:31 pm (UTC)

Well, thanks for the help!

Reply | Parent | Thread