add demonstration of cgi.escape, fixing HTML-injection security issue in example program
change Windows CGI hashbang to use binary input (needed for POSTs) and full path (python.exe is not on PATH by default)
|Deletions are marked like this.||Additions are marked like this.|
|Line 20:||Line 20:|
|The following code attempts to combine simple output of a Web page with the processing of input from users viewing the page. You may wish to choose the actual first line of the script based on one of the first two lines provided below - the first one will probably work only on Windows, whereas the second may only work on UNIX-like systems.||The following code attempts to combine simple output of a Web page with the processing of input from users viewing the page. You may wish to choose the actual first line of the script based on one of the first two lines provided below - the first one for Windows and dependent on the Python install path, whereas the second may only work on UNIX-like systems.|
|Line 23:||Line 23:|
The cgi module is at the core of Python CGI scripts.
The simplest CGI script that can be considered interesting involves printing out an HTTP header ("Content-type: text/html") and a Web page. In addition, you might want to handle any incoming inputs from things like HTML forms or request parameters. In the earliest days of CGI, shell scripts were sometimes used to do things like this, so the principles are not particularly advanced.
It can be an annoying experience getting the permissions just right on a script so that Web servers like Apache will run it, but the following checklist may be of some use:
- Find out which user runs the Web server - it's not often the same one as your own user, and it may be one with very limited permissions.
- Check the server configuration to see if it lets you run scripts in a particular directory. Make sure that if you're using a configuration file for a particular directory, the global configuration permits you to define CGI script directories in that directory-local configuration file - some sites stop their users from altering such settings in such a way.
- Check the permissions from the top of the filesystem down to the directory where the script resides. The Web server user must be able to read and open/execute all the directories from the top right down to the script.
- Make sure your script is readable and executable by the Web server user.
Make sure that the first line of the script refers to an interpreter that the Web server user can run. Things like /usr/bin/env python might not have any meaning to the Web server user because the python program may not be on the user's PATH.
The following code attempts to combine simple output of a Web page with the processing of input from users viewing the page. You may wish to choose the actual first line of the script based on one of the first two lines provided below - the first one for Windows and dependent on the Python install path, whereas the second may only work on UNIX-like systems.
#!/usr/bin/env python import cgi import cgitb; cgitb.enable() # for troubleshooting print "Content-type: text/html" print print """ <html> <head><title>Sample CGI Script</title></head> <body> <h3> Sample CGI Script </h3> """ form = cgi.FieldStorage() message = form.getvalue("message", "(no message)") print """ <p>Previous message: %s</p> <p>form <form method="post" action="index.cgi"> <p>message: <input type="text" name="message"/></p> </form> </body> </html> """ % cgi.escape(message)
WebProgramming - the natural next step beyond simple CGI scripts.
Python CGI tutorial - setup in a shared host, forms, debug, shell commands, cookies, etc
python CGI tutorial - w/ hints about maintaining sessions either through forms or through cookies
python CGI tutorial - w/ hints about printing out tracebacks
Voidspace Python CGI collection - Working Python CGI scripts to use and/or study
- We need a good python CGI framework - Sridhar R
Nevow and Wallaby Define "framework," though. Do you mean something like a Django-type deal or something that just makes it easier to write CGI apps?
But it would be Nice if python provides native support for Session Handling, JSON - like XML-RPC Standard Environment for RPC + WSGI and future technologies.... for Easy Web Development
Many shared hosting servers do not allow persistent processes. They kill a script if it runs for more than 3 minutes. This frameworks do not explain (or make life easier) for someone who as only cgi and ftp. Do you know any way to code easier/faster in this circumstances ? Osvaldo