Choosing The Right Server-Side Scripting Language
By Craig McElwee
2004-01-06
Reader Rating: 
Task 2: Put Form Field Data Into Variables
Each language has its own methodology and idioms for getting the "name=value" pairs from the environment. For the most part, these basic tricks of the trade will simply be cut and pasted into each new script, and modified as necessary, which is to say, not much. When a Web server calls an external program, the data sent by the client's browser are assigned to specific variables in that program's environment. For an HTML form that used the post method, the program has to read the number of bytes in the environment's "Content Length" variable from standard in (STDIN). The program variable that holds the data from STDIN now holds a string of "name=value" pairs, and will need to separate these into chunks, URL-decode the values, and then put them into variables for processing.
Here are some examples (note there is no error checking):
Python uses a module that simplifies the task considerably, allowing almost direct access to the values for assignment into variables, here, data and data2:
form = cgi.FieldStorage()
data = form['data'].value
data2 = form['data2'].value
|
PHP and Java servlets let you skip the first step and jump right to assignment, as long as you get the variable names you expect. For more generic processing, you would iterate through the list of received variables and assign them dynamically.
$data = $HTTP_POST_VARS["data"];
$data2 = $HTTP_POST_VARS["data2"];
|
Java:
String data = request.getParameter("data");
String data2 = request.getParameter("data2");
|
Perl's standard block of code isn't hidden away in a module. Here, all the "name=value" pairs are taken out of the string and each assigned to a slot in the @pairs array.
Perl:
read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'});
@pairs = split(/&/, $buffer);
|
Then we iterate through the array, putting the name and value into variables:
foreach $pair (@pairs) {
($name, $value) = split(/=/, $pair);
|
Since the values submitted via the browser have been "URL encoded" for transmission to the server, we now must "URL-decode" the values, first by changing all the +s to spaces, then converting all the escape codes back to their original values.
$name =~ tr/+/ /;
$name =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
$value =~ tr/+/ /;
$value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg;
|
Finally we assign whatever is on the right side of the = (equal) sign as the value of a variable named whatever is on the left side of the = sign.
$Form
{$name} = $value;
}
|
The Tcl code follows this same methodology. Having to figure out this logic for every program would be tedious and error prone. Fortunately you can just cut and paste those blocks verbatim in any CGI program.
First published by IBM developerWorks
If you found this article interesting, you may want to read these as well:
» Protecting your PHP and HTML Source Code
» Publishing Newsletters Using PHP & MySQL - 4
» Publishing Newsletters Using PHP & MySQL - 3
» Publishing Newsletter Using PHP & MySQL - 2
» Publishing Newsletters Using PHP & MySQL
» Unix Webserver Crontab Basics
|
