From MySQL to a TCL list
Posted by selfism (00oo), 19 March 2005Is is possible to build a TCL list from a MySQL query. Let me explain:
I would like to build a web page that people can enter in servers that represent a logical grouping like DMZ. This list will be stored in the DB as type "text" I guess...
Then I would like to perform a query that automatically builds up my TCL list. Does this sound remotely possible?
I found a mysqltcl package on the internet that seems to have alot of potential but I am not sure how to convert type "text" into a TCL list.
Posted by admin (Graham Ellis), 19 March 2005I suspect that if your try it out you'll find it very easy. I have not used this particular package but if it works like almost every other MySQL interfacing code it will take an SQL query in as a text string and return you an iterator through the returned data - very similar to how a file open returns an iteretor through a file.
All you'll need to do then would be to find the bits of the returned row passed back at each iteration and lappend them on to the list you're building up.
Give it a go, and let us know how you get on. If you have any specific code issues that come up, please post a snippet and I'll have a look / play ... although that may not be possible until the middle of next week. It's "like Clapham Junction" here at the moment (and if you're not from the UK and wonder what I'm on about, Clapham Junction is the busiest railway station in the country with trains arriving and departing most minutes)
Posted by selfism (00oo), 20 March 2005Its a deal!
I just have one more question Does anyone have a TCL CGI for text forms lying around that I could analyze? I know php is the defacto standard to perform html form submissions but I prefer to use one language for everything when possible.
If I understand the process correctly the POST from the form I created will:
1) Cause the client browser to transfer the form data in the http header
2) I will have to access that data from a global environment array or is it on stdin? I am a little confused on this part.
3) Most likely I will need to "split" on &= and read the key=values into an array.
Is my understanding correct?
And if it is then why couldn't I just "Expect" the data into the database rather than using a package?
Thank you master
Posted by admin (Graham Ellis), 20 March 20051) Yes - if you provide a <form> through to </form> tags and you include <input> type items in there with name attributes, when you submit your form the data you have entered in any input box that had a name attribute will be part of the header.
2) By default, the information entered onto your form is in the env(QUERY_STRING) variable at the start of the script on the server. This is known as the GET method. If you add method=POST into your <form> tag, then the data will be on STDIN. The following piece of code will check which method was used and collect from either:
Use the GET method if you're likely to want to bookmark the .tcl script (especially if you're likely to want to bookmark it complete with data entered). Use the POST method if you're likely to want to have the user enter more than 1k of data, or if you want him to enter passwords, or if you don't want his data entries to appear as "yuk" on the end of the URL for some other reason such as cleanliness.
3) Correct. Whichever method was used, the data turns up in the format name=value&name=value&.... and you need to decode that. You'll also have to consider the issue of how CGI handles user inputs of the = and & characters - they get encoded and that encoding is something you have to reverse. There are other encodings too - even space gets encoded to +. The following code should do all those reversals for you:
The complete code example from which the above is taken is available on my web site
I would be very wary about using "expect" to read in CGI ... not sure how the interactive timings would work or fail, and the approach used above is tried and tested - not only by me but by many thousands of others.
Posted by selfism (00oo), 21 March 2005This has some grisle in it... I am still chewing.
Are all special characters changed (^$*-!@, etc) by the regex? Should I be afraid for someone typing in something weird?
How does an environmental variable get sent from the webserver to our program? Are they arguments to the program? Then it would have to be built to accept them....
Thank you still researching.
Posted by admin (Graham Ellis), 21 March 2005on 03/21/05 at 13:20:08, 00oo wrote:
You should be very much aware that people may type in "something wierd". It shouldn't be a problem in the code I have shown you, but if you were to use the data entered as part of the "where" query on a database, for example, and not add back in \ protection onto " characters you could be open to an injection attack. Similarly, if you asked your used for a server file name and didn't check for ../../../public_html/index.html you just could find your home page hacked.
The environment is set automatically fro your program by the web server ... nothing extra for you to do as it comes as a part of CGI, courtesy of your web server. Nothing to do with arguments and the program I gave you is complete. All you need to provide extra is an HTML form that points to it!
Posted by selfism (00oo), 22 March 2005Thank you I will be testing it shortly!
PH: 01225 708225 • FAX: 01225 793803 • EMAIL: email@example.com • WEB: http://www.wellho.net • SKYPE: wellho