Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.python > #11667 > unrolled thread

CGI: Assign FieldStorage values to variables

Back to article view | Back to comp.lang.python

Contents

  CGI: Assign FieldStorage values to variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-17 02:06 -0700
    Re: CGI: Assign FieldStorage values to variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-17 02:19 -0700
      Re: CGI: Assign FieldStorage values to variables Chris Angelico <rosuav@gmail.com> - 2011-08-17 10:41 +0100
      Re: CGI: Assign FieldStorage values to variables Chris Rebert <clp2@rebertia.com> - 2011-08-17 09:23 -0700
    Re: CGI: Assign FieldStorage values to variables Chris Angelico <rosuav@gmail.com> - 2011-08-17 10:25 +0100
      Re: CGI: Assign FieldStorage values to variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-17 20:52 -0700
    Re: CGI: Assign FieldStorage values to variables Gnarlodious <gnarlodious@gmail.com> - 2011-08-17 02:20 -0700
    Re: CGI: Assign FieldStorage values to variables Nobody <nobody@nowhere.com> - 2011-08-17 13:45 +0100

#11667 — CGI: Assign FieldStorage values to variables

I get a construct like this:

form=FieldStorage(None, None, [MiniFieldStorage('name1', 'Val1'),
MiniFieldStorage('name2', 'Val2'), MiniFieldStorage('name3', 'Val3')])

Now how would I assign every variable name* its value?

lI did try locals().update(form) however I get
>>> name2
-> MiniFieldStorage('name2', 'Val2')

when I need to assign the variable name2 the value Val2

This is Py3

-- Gnarlie

[toc] | [next] | [standalone]

#11669

I should add that this does what I want, but something a little more
Pythonic?

import cgi, os
os.environ["QUERY_STRING"] = "name1=Val1&name2=Val2&name3=Val3"
form=cgi.FieldStorage()

form

dict = {}
for key in form.keys(): dict[ key ] = form[ key ].value

dict
locals().update(dict)
name3

-- Gnarlie

[toc] | [prev] | [next] | [standalone]

#11672

On Wed, Aug 17, 2011 at 10:19 AM, Gnarlodious <gnarlodious@gmail.com> wrote:
> import cgi, os
> os.environ["QUERY_STRING"] = "name1=Val1&name2=Val2&name3=Val3"
> form=cgi.FieldStorage()
>
> form
>
> dict = {}
> for key in form.keys(): dict[ key ] = form[ key ].value
>

You could probably use a list comp for this, but there's not a lot of
difference. (By the way, you should be aware that you're shadowing the
builtin 'dict' here. That's not a problem, but be aware.)

dict.update(((key,form[key].value) for key in form))

That's a generator that returns a (key,value) tuple for each form
element, which update() will happily use.

But the last line:
> locals().update(dict)
is, IMHO, a very bad idea. Rename your dictionary to 'request' or
'data' or 'form' or something, and then reference form['name3']
instead; or, be explicit:
name3=form['name3']

Incidentally, you seem to be working at the module level, where
locals() is globals() (and I mean that literally - 'locals() is
globals()' is True). You may not be able to do this with locals() in a
function:
http://docs.python.org/library/functions.html#locals

Chris Angelico

[toc] | [prev] | [next] | [standalone]

#11691

On Wed, Aug 17, 2011 at 2:19 AM, Gnarlodious <gnarlodious@gmail.com> wrote:
> I should add that this does what I want, but something a little more
> Pythonic?
>
> import cgi, os
> os.environ["QUERY_STRING"] = "name1=Val1&name2=Val2&name3=Val3"
> form=cgi.FieldStorage()
>
> form
>
> dict = {}
> for key in form.keys(): dict[ key ] = form[ key ].value
>
> dict
> locals().update(dict)
> name3

Try it within a function. It will fail epic-ly in CPython and most
other implementations.
Read the note in the locals() docs:
http://docs.python.org/library/functions.html#locals

Cheers,
Chris

[toc] | [prev] | [next] | [standalone]

#11670

On Wed, Aug 17, 2011 at 10:06 AM, Gnarlodious <gnarlodious@gmail.com> wrote:
> I get a construct like this:
>
> form=FieldStorage(None, None, [MiniFieldStorage('name1', 'Val1'),
> MiniFieldStorage('name2', 'Val2'), MiniFieldStorage('name3', 'Val3')])
>
> when I need to assign the variable name2 the value Val2

You can probably do this with some kind of list comprehension, but I
recommend against it, if this has come from a web form. You do NOT
want end users having the power to set variables. Keep it in a
separate object (such as 'form') such that you must always be explicit
about fetching form data. PHP has learned the risks; here's a decent
summary:

http://www.php.net/manual/en/security.globals.php

Chris Angelico

[toc] | [prev] | [next] | [standalone]

#11737

On Aug 17, 3:25 am, Chris Angelico wrote:
> You do NOT
> want end users having the power to set variables.
Thanks for the warning, I can see I will need to quarantine the form
input. And update() is out of the question.

-- Gnarlie
http://Gnarlodious.com/

[toc] | [prev] | [next] | [standalone]

#11674

I should add that this does what I want, but something a little more
Pythonic?

import cgi, os
os.environ["QUERY_STRING"] = "name1=Val1&name2=Val2&name3=Val3"
form=cgi.FieldStorage()

form

dict = {}
for key in form.keys(): dict[ key ] = form[ key ].value

dict
locals().update(dict)
name3

-- Gnarlie

[toc] | [prev] | [next] | [standalone]

#11681

On Wed, 17 Aug 2011 02:06:31 -0700, Gnarlodious wrote:

> I get a construct like this:
> 
> form=FieldStorage(None, None, [MiniFieldStorage('name1', 'Val1'),
> MiniFieldStorage('name2', 'Val2'), MiniFieldStorage('name3', 'Val3')])
> 
> Now how would I assign every variable name* its value?

Don't do this. It will allow the user to set any variable they wish,
not just the ones you want them to, which is a major security flaw. PHP
had this as a language feature (controlled by the register_globals
directive), and it was rightly decried as a major security flaw.

[toc] | [prev] | [standalone]

Back to top | Article view | comp.lang.python

csiph-web