Programming Like It’s 1999

Programming,

This article was published yesterday. It shows a way to extract data about a film from IMDB and put it into a local database. Actually, it doesn’t even do that. It produces SQL that you can then run to insert the data.

It’s all rather nasty stuff and indicative of the fact that most people using Perl are still using idioms that would have made us shudder ten years ago.

There were a few things that I didn’t like about the code. The use of curl to grab data from the web site, the indirect object syntax when creating the XML::Simple object and, in particular, the huge amount of repetitive code used to create the SQL statements.

So I did what anyone would do in my situation. I rewrote it. Here’s my version.

#!/usr/bin/perl

use strict; 
use warnings;

use XML::Simple;
use LWP::Simple;

@ARGV or die "Please provide movie title in quotes\n";

my $movie = shift;
$movie =~ s/\s/+/g;

my $movieData = get "http://www.imdbapi.com/?r=XML&t=$movie";
my $data = XMLin( $movieData );

my @fields = qw[released rating director genre writer runtime plot id
                title votes poster year rated actors];

my %film = %{$data->{movie}};

foreach (@fields) {
  $film{$_} =~ s/'/\\'/g;
}

my $tstamp = time();

my $sql = 'INSERT INTO movie_collection (';
$sql .= join ', ', @fields;
$sql .= ') VALUES (';
$sql .= join ', ', map { qq['$film{$_}'] } @fields;
$sql .= ",'" . time . "');\n";

print $sql;

I haven’t actually changed that much. I’ve tidied up a bit. Switched to using LWP::Simple, removed some unnecessary escaping, things like that. I have made two pretty big changes. I’ve got rid of all of the nasty variables containing data about a film. A film is a single object and therefore should be stored in a single variable. And, happily enough, the $data you get back from XMLin contains a hash that does the trick perfectly.

The second change I made was to rejig the way that the SQL is created. By using an array that contains the names of all of the columns in the table, I can generate the SQL programmatically without all of that repetitive code. I’ve even made the SQL a little safer by explicitly listing the columns that we are inserting data into (this has the side effect of no longer needing to insert a NULL into the id column).

Of course, this would just be a first step. The whole idea of generating SQL to run against the database is ugly. You’d really want to use DBIx::Class (or, at the very least, DBI) to insert the data directly into the database. And why mess around with raw XML when you can us something like IMDB::Film to do it?

At that point in my thought process I had an epiphany. You don’t need the database at all. The IMDB data changes all the time. Why take a local copy? Why not just use the web service directly with IMDB::Film (or perhaps WebService::IMDB – I haven’t used either of them so I have no strong opinions on this).

In general, I think that the original code was too complicated. Which made it hard to maintain. My version is better (but I am, of course, biased) but it can be made even better by using more from CPAN.

CPAN is Perl’s killer app. If you’re not using CPAN then you’re not using half the power of Perl.

What do you think? How would you write this program?

Update: A few people have mentioned the fact that I’m directly interpolating random data into my SQL statements – which is generally seen as a bad thing as it opens the door to SQL injection attacks. In my defence, I’d like to make a couple of points.

Firstly, the data I’m using isn’t just any old data. It’s data that is returned from the IMDB API. So it would be hard to use this for a malicious attack on the system (at least until Hollywood makes a film about the life of Bobby Tables).

Secondly, I am cleaning the data before using it. I’m escaping any single quotes in the input data. I think that removes the possibility of attack. I could be wrong though, if that’s the case, please let me know what I’m missing.

But, in general, I agree that this approach is dangerous. This is one of the major advantages of using DBI. By using bound parameters in your SQL statements you can remove possibility of SQL injection attacks.

Update 2: You can, of course, rely on Zefram to point out the issues here. His comment is well worth reading.

Other people (on IRC) raised the potential of other Unicode characters that databases treat as quote characters but that aren’t covered by my substitution.

Update 3: Here’s a local copy of the original code.

Saint Pierre and Miquelon

Community, , , , ,

Does Saint Pierre and Miquelon mean anything to you? It’s a small French-owned territory just off the coast of Newfoundland.

Why would this be of any interest on a Perl blog? Well, it’s a French territory with it’s own ccTLD. And that ccTLD is .pm.

Ever since Perl Mongers started we’ve looked longingly at that TLD, thinking how cool it would be to own a .pm domain. But domain registration in .pm is run by the French registry, AFNIC and for at least the last thirteen years they have refused all registrations under that domain. This made many Perl Mongers very sad.

But that is about to change. It appears that from 6th December, AFNIC are going to open registrations under a number of their previously suspended domains – including .pm. I think you’ll need to be in the EU in order to register a .pm domain, but I don’t think that will be a huge problem.

And it’s not just for Perl Monger groups. You’ll also be able to have domains for your favourite Perl modules too (or, at least, the ones without ‘::’ in their names).

Which .pm domains do you have your eye on? And what are you going to do with it.

Maybe one year we should have YAPC::NA in Saint Pierre and Miquelon and YAPC::EU in Poland.

A Brief History of the LPW

Conferences, ,

In his opening remarks on Saturday, Mark Keating suggested that we might be at the tenth London Perl Workshop. That seemed unlikely to me, so I’ve done a little research.

And it seems that I was right. The first LPW was in 2004, which makes this year’s the eighth. In a way, I’m happy that it wasn’t the tenth, as we now have two years to ensure that the tenth LPW is celebrated appropriately.

Here’s a list of the LPWs so far. I’ve also included details of the talks I gave at each workshop – mainly so that I can disprove Mark when he claims that I always show up and run training.

It seems that the web sites for some of the earlier workshops have fallen off the internet. This makes me a little sad. If I’m wrong and it’s just that Google can’t find them, then please let me know.

1st LPW – 11 Dec 2004
Lanyrd link
At Imperial College. I gave a 20 minute talk about OO Perl.

2nd LPW – 26 Nov 2005
Lanyrd link
At City University. I gave a 20 minute talk on Databases and Perl.

3rd LPW – 9 Dec 2006
Lanyrd link
I think this was the first LPW at its current home of the University of Westminster. I can’t be sure as I wasn’t there. I have a good excuse though – I was on holiday celebrating my tenth wedding anniversary.

4th LPW – 1 Dec 2007
Lanyrd link
At the University of Westminster. I gave a training course on Beginning Perl.

5th LPW – 29 Nov 2008
Lanyrd link
At the University of Westminster. I gave the keynote (a history of london.pm as it was our tenth anniversary) and a training course on Web Programming.

6th LPW – 5 Dec 2009
Lanyrd link
At the University of Westminster. I gave the keynote (about marketing Perl) and a training course called “The Professional Programmer“.

7th LPW – 4th Dec 2010
Lanyrd link
At the University of Westminster (although not in the usual building). I gave a training course on Modern Web programming (i.e. Plack) and a talk on Roles and Traits in Moose.

8th LPW – 12 Nov 2011
Lanyrd link
At the University of Westminster. I gave a training course on Modern Core Perl.

Modern Core Perl

Training, , ,

The London Perl Workshop is in two weeks time. Have you registered yet? There are apparently 200 people signed up already.

I’m going to be there giving a training course in the morning. It’s called Modern Core Perl and it will introduce many of the new features that have been added to the Perl core since version 5.10.

The course is ninety minutes long and attendance is completely free (as it is for all of the workshop). I was planning to write a post encouraging people to sign-up for the course, but it seems that will be unnecessary. I already have twenty people signed up and until I know for sure how big the room is I’ve had to declare the class full as I don’t want to run the risk of people signing up and not being able to fit into the room.

Unfortunately, though, the workshop web site doesn’t really have the concept of signing up for courses. So it’s impossible to actually stop more people signing up for the course. In fact, two more people have signed up since I edited the description to say the course was full.

I hope that the room will be large enough to allow us to let a few more people in on the day, but we will be strict on not overcrowding the room.

I apologise in advance if you want to come to the course but can’t get in. Perhaps you’ll consider Ian’s course instead. Or there will be three or four tracks of other talks going on at the same time.

Perl Tutorial

Community, ,

Google Reader just showed me Mithaldu’s blog post about the falling level of Google searches for the term “perl tutorial“. The fall is, of course, more than a little worrying and we should do what we can to get more people searching for Perl. But I wondered what results Google is currently returning for this search. It’s not a pretty sight.

  • The first two results are for Nik Silver’s Perl tutorial from about twenty years ago. I know Nik and I know that he would be horrified to think that people were trying to learn Perl from this site. Nik has been responsible and left a clear notice at the top of the page stating how out of date it is and I understand him wanting to leave the page there for historical interest. But I still see questions on places like Stack Overflow from people who are obviously using this tutorial.
  • The next link is to a site at perltutorial.org. That sounds encouraging, but it’s a rather pedestrian affair teaching dated and simplistic Perl and written by someone whose first language clearly isn’t English.
  • The next result is to tiztag.com. It’s about as good as you’d expect from a site that insists on calling the language “PERL”.
  • Next, we finally get to something worth using. It’s a link to the free online version of Simon Cozens’ book Beginning Perl. That’s good – but it’s still a little dated.
  • Next we get to Robert’s Perl Tutorial. Which proudly boasts it was last updated on 20th April 1999. That’ll be up to date then.
  • The next result is BradleyKuhn’s book Picking Up Perl. This was an attempt to produce an open source Perl tutorial book. It was a worthwhile project, but it was last updated in 2002.
  • The next result is one that finally links to perl.com. It’s an article by Doug Sheppard called Beginner’s Introduction to Perl. I bet it was great when it was first published in October 2000.
  • Towards the bottom of the list there are two links to Gabor’s recent (current?) Perl tutorial series. These are probably the only links on the list that we should be sharing with people wanting to learn Perl.
  • Finally, there’s the NCSA Perl Tutorial. At least this page has realised that it is out of date and has closed down. Unfortunately the alternative sites that it suggests are of variable quality.

So there it is. The first page of results is of rather variable quality. There’s some great stuff there, some good but dated stuff and some dreadful stuff. But I’m sure there are better Perl tutorials out there. It would be great if the first link returned by Google was to learn.perl.org. But what other sites should be on the list? What good Perl tutorial resources do you know of?

Have I just given all those dreadful sites a healthy boost of Googlejuice by linking to them?

Perl Search Engine

Programming, ,

Often on sites like StackOverflow you’ll see questions that people could have answered for themselves if they had just searched the right web sites (usually perldoc or CPAN). But instead, they just went straight for Google and ended up with some dodgy, out of date information that just left them confused.

In order to get round that, I’ve created a Google Custom Search Engine which searches known Perl web sites. You can try it out here.

If you want to use this search engine on your site, the code is below.

<div id="cse" style="width: 100%;">Loading</div>
 <script src="//www.google.co.uk/jsapi" type="text/javascript"></script>
 <script type="text/javascript">
 google.load('search', '1', {language : 'en'});
 google.setOnLoadCallback(function() {
 var customSearchControl = new google.search.CustomSearchControl('008350714774536055976:a2zesuxuecs');
 customSearchControl.setResultSetSize(google.search.Search.FILTERED_CSE_RESULTSET);
 customSearchControl.draw('cse');
 }, true);
 </script>
 <link rel="stylesheet" href="//www.google.com/cse/style/look/default.css" type="text/css" />

Modern Perl in Linux Format

Articles, , , , ,

A couple of times, I’ve complained here about the standard of Perl articles in the British magazine Linux Format.

Following the second of those articles I got into a discussion with Graham Morrison, the editor of the magazine and he offered me the opportunity to improve matters by writing my own short series of tutorials for them.

The first of those tutorials appears in issue 151 of the magazine which will be appearing in UK newsagents about now.

The series is called “Modern Perl” (in an attempt to distance it from their earlier tutorials) and the first article is about how easy it is to write a database application using DBIx::Class. The second article will take the same database and build it into a simple web application using Dancer. That will hopefully be in issue 153 (skipping an issue). There will probably be a third article in the series which will add features to the web application.

I’ll find out what my rights are to the articles and hopefully I’ll be able to put them on the web at some point in the future.

If you see a copy in your newsagents then please consider picking it up. And if you enjoy the article, then please let the magazine know.

YAPC::Europe Report

Conferences, , , , ,

It’s nearly three weeks since I got back from Riga. I should probably tell you a bit about what I did.

I flew over on Saturday and on Sunday I gave my “Introduction to Modern Perl” talk. There were nine people on the course and they all seemed to find it useful.

The conference itself started on Monday with a welcome from Andrew Shitov followed by the announcement that next year’s YAPC will be in Frankfurt. Then Larry gave his keynote where he compared Perl to musical styles (and architecture). He was followed by Matt Trout talking about the various philosophical styles required in good documentation. I then stayed in the main hall to see Mallory van Achterberg describing HTML5 and Zefram talking about his latest experiments in bending Perl syntax using some of the new features in Perl 5.14.

I think I spent the first session after lunch talking to various people in hallways and then I went back to the main hall to see Chisel Wright talking about mostly lazy DBIx::Class testing followed by Zefram describing (in great detail) why time is so hard. After a coffee break Book introduced his modules for controlling git from Perl.

Then we had the lightning talks (including my talk which suggested that the Perl community should become a secret society) and the auction – unusually on the first day rather than the last one.

The second day started with Damian Conway explaining how he has converted some of his CPAN modules to Perl 6 and how much simpler a lot of the code got in the process. I then watched Aaron Crane explain why monkey-patching is a problem and how subclassing is often no better. I then saw Max Maischein introducing Flottr and Andrew Solomon running a beginners tutorial about Dancer.

After lunch I went to see Peter Rabbitson talking about DBIx::Class internals followed by Karen Pauley talking about The Perl Foundation. I was happy to she that she took my lightning talk’s “going underground” theme and used it as an excuse to include a picture of the wombles.

One of the highlights of the conference for me was Tara Andrews talking about how she uses Perl in her work on Medieval manuscripts. That was followed by Mark Keating talking about marketing (Mark Keating/marketing – geddit?). Then there was the second lot of lightning talks followed by the attendees dinner where we all ate too much from the buffet and drank too much beer.

Wednesday began with Jesse Vincent’s vision of what Perl might be like moving forward from 5.16. He’s got some great ideas. And somehow he and Leon Brocard persuaded me to volunteer to put out a Perl release next April. That’ll be interesting. Following that I went briefly into Ingy’s talk on post-modern packaging but I wasn’t wasn’t really concentrating as I was getting ready for my talk on Perl Training which was next. I talked about my experiences of ten years running Perl training courses. After that I relaxed by listening to Matt Trout talking about Data::Query.

After lunch I saw Mark Keating talking about the Perl community (and why he loves it so much). I followed that by sitting in Patrick Michaud and Leon Timmermann’s talks, but I confess I was really catching up on email and not really concentrating. Then there was Matt Trout’s State of the Velociraptor, the final set of lightning talks and the Frankfurt.pm team talking about their plans for next year.

And then it was over. Another great YAPC::Europe conference which seemed far too short. Many thanks to all of the organisers for doing such a great .job.