Perl CGI backticks output assigned to array not present in generated HTML. Possible evaluation order issue

Question

I have created this CGI perl script which calls a shell script (lookup.sh) to query an Oracle database using the first arg passed to the shell script as the user name to cross reference against group membership.

The shell script returns all of the groups delimited by new lines. I have this Perl script as the CGI action to a very simple html form which passes the USER parameter to the perl script, then the perl script runs the shell script and passes the username from the original html form as the first arg and should then store the returned values in an array called @outp.

My testing shows everything to be working but when I run it from a browser the @outp array comes out blank every time. All other tests have the array containing the correct data, the only assumption I can make is that the HTML is generated before the array is populated with data from the backticks command. Can someone chime in?

HTML:

<FORM action="/cgi-bin/test.cgi" method="POST">
USER: <input type="text" name="USER">  <br>
<input type="submit" value="Submit">
</FORM>

Shell:

      #!/bin/bash

sqlplus -s DB_USER/DB_PASS@//DB_HOST:1521/JIRA_RW <<< "SELECT GROUP_NAME from    jira_db.membershipbase where USER_NAME='$1';"

Perl:

#!/usr/bin/perl
use CGI qw(:standard);


$data = param('USER') || '<i>(No input)</i>';

@outp = `/bin/lookup.sh $data`;
print <<END;
Content-Type: text/html; charset=iso-8859-1

 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<title>Jira User Query</title>
<h1>Group Membership for $data @outp</h1>
<p>print @outp</p>
END

and yes, I know this is a TOTAL hack job.

Answer 1

First it would be much better to query the database from Perl.

Good readings: How can I troubleshoot my Perl CGI script?, http://www.cs.cf.ac.uk/Dave/PERL/node1.html

Until that you could do something like this:

#!/usr/bin/perl
use CGI qw(:standard);

print "Content-Type: text/html; charset=iso-8859-1\n\n";

use strict;
use warnings;
use CGI::Carp 'fatalsToBrowser';

my $data = param('USER') || '<i>(No input)</i>';

my $outp = `/bin/lookup.sh '$data' 2>&1`;chomp($outp);
if ($?){
  $outp = "Execution error! error coode: $?";
}

print <<END;
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">
<html><header></header><body>
<title>Jira User Query</title>
<h1>Group Membership for $data $outp</h1>
END

print "\n<p>print $outp</p>\n</body></html>\n";

With DBI it would be (it is still is XX. centrury style, for new development you could try Dancer, Mojo or other something new thing):

#!/usr/bin/perl
use CGI qw(:standard);

print "Content-Type: text/html; charset=iso-8859-1\n\n";

use strict;
use warnings;
use CGI::Carp 'fatalsToBrowser';
use DBI;

my $q = new CGI;
print $q->header;
print $q->start_html;
print $q->h1("Hello, it is working!!!");


my $sql = "SELECT GROUP_NAME from jira_db.membershipbase where USER_NAME=?";
if (defined param('USER')){
  print $q->p("param user: ".param('USER'));
  my $dbh = DBI->connect('dbi:mysql:perltest','root','password') or die "Connection Error: $DBI::errstr\n";
  my $sth = $dbh->prepare($sql);
  $sth->execute(param('USER'));
  while ( my @row = $sth->fetchrow_array() ){
    print $q->p($row[0]);
  }
}

print $q->end_html;