Being Helpful

I like to help people who know less Perl than I do. I like to help them to improve their standard of Perl. I particularly like to help to improve the standard of Perl that is found on random sites on the web. This is because if I find your nasty Perl code on the internet then someone trying to learn Perl might also find your nasty Perl code and not realise just how nasty it is.

I used to do a lot more of this, but I’ve really cut down. Mainly I have a lot less free time now, but also it used to sometimes get me in trouble. People aren’t always as grateful for help as you’d like to think they would be. Those of you who have known me for ten years or so might remember some amusing scrapes from the support forum for a particular beginners’ Perl/CGI book. The phrase “use strict is gay!” still brings a smile to the face of the older London Perl Mongers.

A few months ago I saw this site. The site is owned by a MySQL consultant who posts some really quite complex programs that he has written to interact with MySQL in various ways. Most of his programs are written in Perl. But it’s clear that the author is not really familiar with Perl – he makes that point explicitly in his sidebar. This means that the Perl really isn’t very good.

Now I know that we’re happy for people to use “baby-talk Perl”. And I know that a correct Perl program is one that gets the job done. But I also think that if you’re sharing code with other people then you should make a bit of an effort to make it as well-written as possible.

So soon after I found the site I dived in with some suggestions. “Try using strict and warnings”, “these days we like to recommend lexical filehandles and three-argument open”, “you know you can avoid those leaning toothpicks” – that kind of thing. I didn’t get much response and the Perl didn’t get any better so I lost interest and drifted away.

Yesterday I got an email from the site saying that someone had added a comment to one of the entries that I had commented on. Reading the new comment I saw my contributions described as “obnoxious”. Following my experiences of ten years ago I’m a little sensitive about accusations like that. I grew up on Usenet and I know that my language can sometimes come across as more robust than I intend. But reading back what I wrote, I don’t think that’s the case here. I tried to explain but was told that I was just making my critic’s point even more valid.

I don’t think I’ll be going back to that site. They don’t seem to be interested in my help. But I left them a parting gift – a link to my version of the program. I doubt they’ll say thank you.

Yet More Modern Perl in Linux Format

Over the weekend the postman bought me my subscribption copy of Linux Format issue 155. This contains the third (and final) part of my Modern Perl tutorial. In this part we’re adding features to the Dancer web application that we started in issue 153.

This series has concentrated on web applications (with Dancer) and database access (with DBIx::Class). I’ve already got provisional agreement for another short series later in the year – where I plan to cover OO programming using Moose.

The new issue will be in the shops later this week.

Free Training Competition in Linux Format

I’ve mentioned before that I’m running some public training courses in London next month. But how do you fancy coming along to those courses for free?

Those lovely people at O’Reilly have put an advert for the courses in the new issue of Linux Format which hits the shops about now. That’s issue 154 and the advert is on page 54. The advert contains details of a competition where two people can win free places on the two courses – one person on each course.

There are also four runner-up prizes which are copies of the new edition of the Camel book.

All you need to do is… well to find that out you’ll need to buy the magazine. Ok, so entry isn’t 100% free – you’ll need to pay £6.49 for the magazine.

Public Training Courses in February

I’ll be running some public training courses in London in February. There will be two two-day courses (which include practical sessions). The intermediate course will be on Feb 21/22 and the advanced course will be running on Feb 23/24. The courses will be held at the Imperial Hotel in Russell Square.

For more details (including the syllabus and prices) please see my training page.

There are plenty of unfilled Perl jobs in London currently. I’m constantly getting recruiters phoning or emailing me asking for help finding suitable candidates. If you’ve done a bit of Perl in the past, but left it for other technologies, now would be a good time to rekindle your interest and these would be good courses to take (but, of course, I would say that, wouldn’t I!)

More Modern Perl in Linux Format

Yesterday’s post bought my subscription copy of Linux Format issue 153. This issue contains the second article in my short series about Modern Perl. In this article we take the simple DBIx::Class application that we wrote last time and put a web front end on it using Dancer.

Over the next few days I’ll be writing the third (and final) article in the series. This will involve adding more features to the web app.

If the series is successful (and please let LXF know if you liked it) then perhaps I’ll be asked back to write more next year.

LXF 153 should be appearing in all good newsagents next week.

London Perl Workshop Review

Unfortunately O’Reilly’s Josette Garcia couldn’t be at the London Perl Workshop, so she asked if I could write something about it for her blog.

It took me longer than it should have done, but my post has just been published over at Josetteorama.

Hopefully Josette will be back at next year’s event. She was much missed (although, of course, Alice did a fine job of making up for Josette’s absence).

Programming Like It’s 1999

This article was published yesterday. It shows a way to extract data about a film from IMDB and put it into a local database. Actually, it doesn’t even do that. It produces SQL that you can then run to insert the data.

It’s all rather nasty stuff and indicative of the fact that most people using Perl are still using idioms that would have made us shudder ten years ago.

There were a few things that I didn’t like about the code. The use of curl to grab data from the web site, the indirect object syntax when creating the XML::Simple object and, in particular, the huge amount of repetitive code used to create the SQL statements.

So I did what anyone would do in my situation. I rewrote it. Here’s my version.

#!/usr/bin/perl

use strict; 
use warnings;

use XML::Simple;
use LWP::Simple;

@ARGV or die "Please provide movie title in quotes\n";

my $movie = shift;
$movie =~ s/\s/+/g;

my $movieData = get "http://www.imdbapi.com/?r=XML&t=$movie";
my $data = XMLin( $movieData );

my @fields = qw[released rating director genre writer runtime plot id
                title votes poster year rated actors];

my %film = %{$data->{movie}};

foreach (@fields) {
  $film{$_} =~ s/'/\\'/g;
}

my $tstamp = time();

my $sql = 'INSERT INTO movie_collection (';
$sql .= join ', ', @fields;
$sql .= ') VALUES (';
$sql .= join ', ', map { qq['$film{$_}'] } @fields;
$sql .= ",'" . time . "');\n";

print $sql;

I haven’t actually changed that much. I’ve tidied up a bit. Switched to using LWP::Simple, removed some unnecessary escaping, things like that. I have made two pretty big changes. I’ve got rid of all of the nasty variables containing data about a film. A film is a single object and therefore should be stored in a single variable. And, happily enough, the $data you get back from XMLin contains a hash that does the trick perfectly.

The second change I made was to rejig the way that the SQL is created. By using an array that contains the names of all of the columns in the table, I can generate the SQL programmatically without all of that repetitive code. I’ve even made the SQL a little safer by explicitly listing the columns that we are inserting data into (this has the side effect of no longer needing to insert a NULL into the id column).

Of course, this would just be a first step. The whole idea of generating SQL to run against the database is ugly. You’d really want to use DBIx::Class (or, at the very least, DBI) to insert the data directly into the database. And why mess around with raw XML when you can us something like IMDB::Film to do it?

At that point in my thought process I had an epiphany. You don’t need the database at all. The IMDB data changes all the time. Why take a local copy? Why not just use the web service directly with IMDB::Film (or perhaps WebService::IMDB – I haven’t used either of them so I have no strong opinions on this).

In general, I think that the original code was too complicated. Which made it hard to maintain. My version is better (but I am, of course, biased) but it can be made even better by using more from CPAN.

CPAN is Perl’s killer app. If you’re not using CPAN then you’re not using half the power of Perl.

What do you think? How would you write this program?

Update: A few people have mentioned the fact that I’m directly interpolating random data into my SQL statements – which is generally seen as a bad thing as it opens the door to SQL injection attacks. In my defence, I’d like to make a couple of points.

Firstly, the data I’m using isn’t just any old data. It’s data that is returned from the IMDB API. So it would be hard to use this for a malicious attack on the system (at least until Hollywood makes a film about the life of Bobby Tables).

Secondly, I am cleaning the data before using it. I’m escaping any single quotes in the input data. I think that removes the possibility of attack. I could be wrong though, if that’s the case, please let me know what I’m missing.

But, in general, I agree that this approach is dangerous. This is one of the major advantages of using DBI. By using bound parameters in your SQL statements you can remove possibility of SQL injection attacks.

Update 2: You can, of course, rely on Zefram to point out the issues here. His comment is well worth reading.

Other people (on IRC) raised the potential of other Unicode characters that databases treat as quote characters but that aren’t covered by my substitution.

Update 3: Here’s a local copy of the original code.

Saint Pierre and Miquelon

Does Saint Pierre and Miquelon mean anything to you? It’s a small French-owned territory just off the coast of Newfoundland.

Why would this be of any interest on a Perl blog? Well, it’s a French territory with it’s own ccTLD. And that ccTLD is .pm.

Ever since Perl Mongers started we’ve looked longingly at that TLD, thinking how cool it would be to own a .pm domain. But domain registration in .pm is run by the French registry, AFNIC and for at least the last thirteen years they have refused all registrations under that domain. This made many Perl Mongers very sad.

But that is about to change. It appears that from 6th December, AFNIC are going to open registrations under a number of their previously suspended domains – including .pm. I think you’ll need to be in the EU in order to register a .pm domain, but I don’t think that will be a huge problem.

And it’s not just for Perl Monger groups. You’ll also be able to have domains for your favourite Perl modules too (or, at least, the ones without ‘::’ in their names).

Which .pm domains do you have your eye on? And what are you going to do with it.

Maybe one year we should have YAPC::NA in Saint Pierre and Miquelon and YAPC::EU in Poland.

A Brief History of the LPW

In his opening remarks on Saturday, Mark Keating suggested that we might be at the tenth London Perl Workshop. That seemed unlikely to me, so I’ve done a little research.

And it seems that I was right. The first LPW was in 2004, which makes this year’s the eighth. In a way, I’m happy that it wasn’t the tenth, as we now have two years to ensure that the tenth LPW is celebrated appropriately.

Here’s a list of the LPWs so far. I’ve also included details of the talks I gave at each workshop – mainly so that I can disprove Mark when he claims that I always show up and run training.

It seems that the web sites for some of the earlier workshops have fallen off the internet. This makes me a little sad. If I’m wrong and it’s just that Google can’t find them, then please let me know.

1st LPW – 11 Dec 2004
Lanyrd link
At Imperial College. I gave a 20 minute talk about OO Perl.

2nd LPW – 26 Nov 2005
Lanyrd link
At City University. I gave a 20 minute talk on Databases and Perl.

3rd LPW – 9 Dec 2006
Lanyrd link
I think this was the first LPW at its current home of the University of Westminster. I can’t be sure as I wasn’t there. I have a good excuse though – I was on holiday celebrating my tenth wedding anniversary.

4th LPW – 1 Dec 2007
Lanyrd link
At the University of Westminster. I gave a training course on Beginning Perl.

5th LPW – 29 Nov 2008
Lanyrd link
At the University of Westminster. I gave the keynote (a history of london.pm as it was our tenth anniversary) and a training course on Web Programming.

6th LPW – 5 Dec 2009
Lanyrd link
At the University of Westminster. I gave the keynote (about marketing Perl) and a training course called “The Professional Programmer“.

7th LPW – 4th Dec 2010
Lanyrd link
At the University of Westminster (although not in the usual building). I gave a training course on Modern Web programming (i.e. Plack) and a talk on Roles and Traits in Moose.

8th LPW – 12 Nov 2011
Lanyrd link
At the University of Westminster. I gave a training course on Modern Core Perl.