Home/ Questions/Q 8996187
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-15T23:43:15+00:00

I am new to bash /mysql however I have found tons of help reading

  • 0

I am new to bash /mysql however I have found tons of help reading threw examples and other people’s problems …but have ran into one of my own .
I am attempting to insert a row into an MySQL database table every time a file is added to a specific directory (for this i am using inotifywait ) anyways here is my bash script 

#!/bin/bash

while true; do
        filename= "false"
        filename= inotifywait --format "%f" -e create /var/www/media2net/torrent
        date_field= date +"%F":"%T"
        mysql --host=localhost --user=root --password=admin Media2net << EOF
        insert into video (title, description, url_video, upload_date)
                values('testing','default_description','$filename', '$date_feild');
        EOF
        echo $filename
done

From this I have verified with echo the variable $filename is properly held at end of bash script however when i look at entry in the table the column url_video has it’s default value and not the string represented by $filename

From what i can conclude the variable $filename does not get passed through EOF
i have tried as indicate here http://www.dba-oracle.com/t_access_mysql_with_bash_shell_script.htm

as well as this

Using shell script to insert data into remote MYSQL database

any help of where i can find how to pass variable into query would be greatly appreciated

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    In your example, filename is set to the empty string (mind the spaces after the = sign!). You need

    filename=$(inotifywait --format "%f" -e create /var/www/media2net/torrent)

    Similarly,

    date_field=$(date +"%F:%T")

    and be careful, you have a typo in your mysql command (date_field and note date_feild):

    mysql --host=localhost --user=root --password=admin Media2net <<EOF
insert into video (title, description, url_video, upload_date)
values('testing','default_description','$filename', '$date_field');
EOF

    Now I hope that you’re controlling the filenames. Imagine a filename that contains a single quote e.g., hello'howdy. You’ll have a problem in your query. Worse, an evil user who puts a file named whatever','something'); evil_mysql_command; whatever, you’ll have the evil command performed! One possibility is to sanitize the filename using printf thus:

    printf -v filename '%q' "$(inotifywait --format "%f" -e create /var/www/media2net/torrent)"

    This will at least escape the single quotes that could appear in a filename. See Gordon Davisson’s comment: the printf trick will not prevent from all the possible attacks, so I really hope you absolutely control the name of the files!

    All these suggestions yield the following script:

    #!/bin/bash

while true; do
    printf -v filename '%q' "$(inotifywait --format "%f" -e create /var/www/media2net/torrent)"
    date_field=$(date +"%F:%T")
    mysql --host=localhost --user=root --password=admin Media2net <<EOF
    insert into video (title, description, url_video, upload_date) 
    values('testing','default_description','$filename', '$date_field');
    EOF
    echo "$filename"
done

    Edit.

    To answer your question in the comment:

    why did the script properly echo $filename to my terminal but not send it properly to MySQL, does that have to do with string starting with a space? or something else completely?

    That’s because when you do something like:

    whatever= command

    then the variable whatever is set to the empty string, and the command command is executed (with the whatever variable set as environment variable). E.g.,

    $ IFS='c' read a b c <<< "AcBcC"
$ echo "$a $b $c"
A B C
$ echo $IFS

$

    In your script, the variable filename was in fact never globally set. You can check it by doing this:

    $ filename= "false"
$ echo "$filename"

$

    What happens is that the environment variable filename is set to empty string then the command false (which happens to exist) is launched using that environment variable and we’re done.

    When you do this:

    filename= inotifywait --format "%f" -e create /var/www/media2net/torrent

    the variable filename is set to the empty string, and then the command inotifywait ... is executed with filename as an environment variable (but inotifywait doesn’t really care about it). And that’s what you saw on your terminal! it was the output of this command. Then you probably saw an empty line, that was the output of

    echo $filename

    which was equivalent to

    echo

    since the variable filename expanded to an empty string.

    Hope this helps.

    • 0