Training, Open Source computer languages
PerlPHPPythonMySQLApache / TomcatTclRubyJavaC and C++LinuxCSS 
Search for:
Home Accessibility Courses Diary The Mouth Forum Resources Site Map About Us Contact
 
For 2023 (and 2024 ...) - we are now fully retired from IT training.
We have made many, many friends over 25 years of teaching about Python, Tcl, Perl, PHP, Lua, Java, C and C++ - and MySQL, Linux and Solaris/SunOS too. Our training notes are now very much out of date, but due to upward compatability most of our examples remain operational and even relevant ad you are welcome to make us if them "as seen" and at your own risk.

Lisa and I (Graham) now live in what was our training centre in Melksham - happy to meet with former delegates here - but do check ahead before coming round. We are far from inactive - rather, enjoying the times that we are retired but still healthy enough in mind and body to be active!

I am also active in many other area and still look after a lot of web sites - you can find an index ((here))
From MySQL to a TCL list

Posted by selfism (00oo), 19 March 2005
Is is possible to build a TCL list from a MySQL query. Let me explain:

I would like to build a web page that people can enter in servers that represent a logical grouping like DMZ. This list will be stored in the DB as type "text" I guess...

Then I would like to perform a query that automatically builds up my TCL list. Does this sound remotely possible?

I found a mysqltcl package on the internet that seems to have alot of potential but I am not sure how to convert type "text" into a TCL list.

Posted by admin (Graham Ellis), 19 March 2005
I suspect that if your try it out you'll find it very easy.  I have not used this particular package but if it works like almost every other MySQL interfacing code it will take an SQL query in as a text string and return you an iterator through the returned data - very similar to how a file open returns an iteretor through a file.

All you'll need to do then would be to find the bits of the returned row passed back at each iteration and lappend them on to the list you're building up.

Give it a go, and let us know how you get on.  If you have any specific code issues that come up, please post a snippet and I'll have a look / play ... although that may not be possible until the middle of next week.  It's "like Clapham Junction" here at the moment (and if you're not from the UK and wonder what I'm on about, Clapham Junction is the busiest railway station in the country with trains arriving and departing most minutes)

Posted by selfism (00oo), 20 March 2005
Its a deal!

I just have one more question Does anyone have a TCL CGI for text forms lying around that I could analyze? I know php is the defacto standard to perform html form submissions but I prefer to use one language for everything when possible.  

If I understand the process correctly the POST from the form I created  will:
1) Cause the client browser to transfer the form data in the http header
2) I will have to access that data from a global environment array or is it on stdin? I am a little confused on this part.

3) Most likely I will need to "split" on &= and read the key=values into an array.

Is my understanding correct?

And if it is then why couldn't I just "Expect" the data into the database rather than using a package?

Thank you master

Posted by admin (Graham Ellis), 20 March 2005
1) Yes - if you provide a <form> through to </form> tags and you include <input> type items in there with name attributes, when you submit your form the data you have entered in any input box that had a name attribute will be part of the header.

2) By default, the information entered onto your form is in the env(QUERY_STRING) variable at the start of the script on the server. This is known as the GET method.   If you add method=POST into your <form> tag, then the data will be on STDIN.  The following piece of code will check which method was used and collect from either:

Code:
if [info exists env(CONTENT_LENGTH)] {
       set forminput [read stdin $env(CONTENT_LENGTH)]
       set form(method) POST
} else {
       set forminput $env(QUERY_STRING)
       set form(method) GET
}


Use the GET method if you're likely to want to bookmark the .tcl script (especially if you're likely to want to bookmark it complete with data entered).  Use the POST method if you're likely to want to have the user enter more than 1k of data, or if you want him to enter passwords, or if you don't want his data entries to appear as "yuk" on the end of the URL for some other reason such as cleanliness.

3) Correct. Whichever method was used, the data turns up in the format name=value&name=value&.... and you need to decode that. You'll also have to consider the issue of how CGI handles user inputs of the = and & characters - they get encoded and that encoding is something you have to reverse.  There are other encodings too - even space gets encoded to +.   The following code should do all those reversals for you:

Code:
foreach {name value} [split $forminput =&] {
       regsub -all \\\+ $value " " value
       regsub -all -nocase {%([0-9a-f][0-9a-f])} $value \
               {[format %c 0x\1]} value
       set form($name) $value
}


The complete code example from which the above is taken is available on my web site

I would be very wary about using "expect" to read in CGI ... not sure how the interactive timings would work or fail, and the approach used above is tried and tested - not only by me but by many thousands of others.

Posted by selfism (00oo), 21 March 2005
This has some grisle in it... I am still chewing.


Are all special characters changed (^$*-!@, etc) by the regex? Should I be afraid for someone typing in something weird?

How does an environmental variable get sent from the webserver to our program? Are they arguments to the program? Then it would have to be built to accept them....


Thank you still researching.

Posted by admin (Graham Ellis), 21 March 2005
on 03/21/05 at 13:20:08, 00oo wrote:
Are all special characters changed (^$*-!@, etc) by the regex? Should I be afraid for someone typing in something weird?

How does an environmental variable get sent from the webserver to our program? Are they arguments to the program? Then it would have to be built to accept them....


You should be very much aware that people may type in "something wierd".  It shouldn't be a problem in the code I have shown you, but if you were to use the data entered as part of the "where" query on a database, for example, and not add back in \ protection onto " characters you could be open to an injection attack.   Similarly, if you asked your used for a server file name and didn't check for ../../../public_html/index.html you just could find your home page hacked.

The environment is set automatically fro your program by the web server ... nothing extra for you to do as it comes as a part of CGI, courtesy of your web server. Nothing to do with arguments and the program I gave you is complete.  All you need to provide extra is an HTML form that points to it!

Posted by selfism (00oo), 22 March 2005
Thank you I will be testing it shortly!



This page is a thread posted to the opentalk forum at www.opentalk.org.uk and archived here for reference. To jump to the archive index please follow this link.

You can Add a comment or ranking to this page

© WELL HOUSE CONSULTANTS LTD., 2024: Well House Manor • 48 Spa Road • Melksham, Wiltshire • United Kingdom • SN12 7NY
PH: 01144 1225 708225 • FAX: 01144 1225 793803 • EMAIL: info@wellho.net • WEB: http://www.wellho.net • SKYPE: wellho