Solved

Can SSI's see POSTed values

Posted on 2002-07-23
15
165 Views
Last Modified: 2013-11-18
If I POST a form to a HTML page that has the following server side include in it:

<!--#exec cgi="cgi_bin/include/process.pl"-->

Will process.pl be able to work with the POSTed form values?
0
Comment
Question by:dplambert
  • 6
  • 6
  • 3
15 Comments
 
LVL 12

Expert Comment

by:lexxwern
ID: 7171908
no. but you can send the values to the SSI thru query strings like this,
<!--#exec cgi="cgi_bin/include/process.pl?$VALUE"-->

in process.pl this can be fetched thru the following variable

$ENV{'QUERY_STRING'};
0
 
LVL 3

Author Comment

by:dplambert
ID: 7172158
What if the form uses the GET method? I know that SSI's can see certain environmental variables of the caller, so I would think that QUERY_STRING would be populated.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7172717
stop ! rethink what is happening:

  1. server parses html file, substitutes SSI statements
  2. server delivers result to client
  3. client (user) pushes button

when 3. happens, there is no longer any SSI available, so only what lexxwern suggest can work
0
 
LVL 3

Author Comment

by:dplambert
ID: 7177412
I'm terribly sorry, but I ran some tests and I can see POST and GET form values in a CGI #EXEC include. Perhaps this isn't the case on all servers, but the web hosting company that I'm working with company (threadnet.com) can do it.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7178408
where (physically) do you see the CGI #exec, and where the POST?
0
 
LVL 3

Author Comment

by:dplambert
ID: 7178424
I had a form POST to a HTML page that contained a CGI #EXEC include. The include Perl file could see the POSTed data.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7178482
again, **where** do you see #exec: on server or in browser?
If your CGI sees the POSTed data, where is the problem then?
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 3

Author Comment

by:dplambert
ID: 7179748
The server sees it, not the browser.
0
 
LVL 12

Expert Comment

by:lexxwern
ID: 7180056
im not able to follow this here. lets look at things again...


(1) a form is posted to a certain cgi script.
(2) the cgi script has an SSI include and some HTML.
(3) you asked if SSI could see the posted variables sent to the main script, we said no.
(4) but when you included the other script through "exec cgi" and not "include file" you say it could see the variables, which i think it shouldn't but it apperently does on your system.
(5) but then you say,
>> The server sees it, not the browser.
i interpret this as you tried to print this posted variable thru your included file, but it gave out a null.

which means that the included script cannot access the posted variables from the main script.

is this what is happening. please correctme if my interpretation is wrong.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7180059
and what has any FORM to do with the cgi processed on the server **before** the page (containing the GET FORM) is delivered to the browser?

Could you please explain what's the problem with lexxwern's suggestion?
0
 
LVL 3

Author Comment

by:dplambert
ID: 7180153
testform.html has a <FORM> element with an ACTION attribute of "testform.html" (itself). It also has the following code in it:

<!--#exec cgi="cgi_bin/include/process.pl"-->

This directive is executed server-side, so only process.pl's results get sent to the browser.

There is no Perl in testform.html - it only has HTML. The Perl code is in process.pl.

The Perl code can see the POSTed form values, which I find very interesting.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7180183
dplambert, please reread my very first comment until you're *used to the data flow* with SSI and FORMs
IMHO you're not understanding what happens, at the moment.
To get more used to it, also use the browser's "View Source" (or whatever it is called there), and compare that to your page you see on the server.
0
 
LVL 12

Accepted Solution

by:
lexxwern earned 50 total points
ID: 7180212
hmm. i agree it is very interesting the way things work. but i think your approach is not the best.

in your <form>'s action attribute if you can directly have "process.pl" and then fetch the values from there.

if you dont know how to fetch posted data then have a look at http://cgi-lib.berkeley.edu/ and you can use the cgi-lib.pl hat they give for download.

i personally find it very easy to use.
0
 
LVL 3

Author Comment

by:dplambert
ID: 7180336
ahoffmann -

<!--#exec cgi="cgi_bin/include/process.pl"--> never makes it to the browser per view source. It's substituted with the results (prints) of process.pl.

I agree that it's not the best way to do things.

Bottomline, I don't have a problem now. I posed a question and got the answer myself while testing. I didn't explain the question well enough.
0
 
LVL 51

Expert Comment

by:ahoffmann
ID: 7180395
> I agree that it's not the best way to do things.
don't agree: SSI is a good, and a portable way to do things ;-)

IMHO lexxwern answerd your question.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Union rows in array that have common elements (Part 2) 4 69
Export Variables in Perl 3 44
html form to write data to csv 24 95
.php tree directory? 5 54
Preface In the first article: A Better Website Login System (http://www.experts-exchange.com/A_2902.html) I introduced the EE Collaborative Login System and its intended purpose. In this article I will discuss some of the design consideratio…
Introduction Knockoutjs (Knockout) is a JavaScript framework (Model View ViewModel or MVVM framework).   The main ideology behind Knockout is to control from JavaScript how a page looks whilst creating an engaging user experience in the least …
HTML5 has deprecated a few of the older ways of showing media as well as offering up a new way to create games and animations. Audio, video, and canvas are just a few of the adjustments made between XHTML and HTML5. As we learned in our last micr…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now