将字符串从 html 文件中的表单传递到尊重 utf-8 编码的 python 脚本
我在index.html 文件中有此表单。
<form method="post" action="index.php" accept-charset="UTF-8">
<input id="a" name="a" type="text">
<input type="submit" name="run_query" value="Add User" size="30">
</form>
我试图通过将以下 php 代码嵌入到 index.html 文件中,将文本输入作为参数传递给 pyton 脚本:
<?
session_start();
ob_start();
if(isset($_REQUEST['run_query'])) {
$add_user = $_REQUEST['a'];
$command = "add_author.py $add_user";
exec($command);
}
?>
我已将 add_author.py 文件放入 index.html 所在的同一文件夹中。它适用于任何字符串。但如果我尝试使用包含 ä ö é 的字符串,它就不起作用。
python 文件看起来像这样。
import sys
import codecs
if __name__ == '__main__':
wFile = codecs.open("test.txt", "w", "utf8")
wFile.write(" ".join(sys.argv[1:]))
wFile.close()
顺便说一下:index.html 中有这一行。
<meta charset="utf-8" />
我很想听到更好的方法来管理我的任务或纠正我的方法。谢谢你!
I have this form in a index.html file.
<form method="post" action="index.php" accept-charset="UTF-8">
<input id="a" name="a" type="text">
<input type="submit" name="run_query" value="Add User" size="30">
</form>
And I am trying to pass the text input to a pyton script as argument by embedding the following php code into the index.html file:
<?
session_start();
ob_start();
if(isset($_REQUEST['run_query'])) {
$add_user = $_REQUEST['a'];
$command = "add_author.py $add_user";
exec($command);
}
?>
I have put the add_author.py file into the same folder where index.html lays. It works fine with any string. But if I try to use strings which contains ä ö é it does not work.
The python file looks like this.
import sys
import codecs
if __name__ == '__main__':
wFile = codecs.open("test.txt", "w", "utf8")
wFile.write(" ".join(sys.argv[1:]))
wFile.close()
By the way: The index.html has this line in it.
<meta charset="utf-8" />
I would love to hear from a better approach of managing my task or a correction of my approach. Thank you!
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
为什么不让 PHP 写入文件而不是调用另一个 python 脚本?
如果您坚持使用 python 脚本,也许您需要先对其进行编码,但通常会检查此处所述的不同方法:
http://docs.python.org/howto/unicode.html
我的猜测是你只需要在字符串上调用 unicode()
Why not have PHP write to the file instead of calling another python script?
If you insist on using the python script maybe you need to encode it first, but generally check with the different approaches stated here:
http://docs.python.org/howto/unicode.html
My guess is that you just need to call unicode() on the string
您可以直接将 Python 与 CGI 结合使用。它应该比从 PHP 调用 Python 更快。配置也应该更容易。
简单的例子。
您必须将此 python 文件放入 CGI 脚本目录中。最常见的是
/cgi-bin/。好吧,服务器可能也需要一些配置。最后 3 行是简单的 http 标头。在我的示例中,它只是重定向到其他站点。没有可显示的内容。
getvalue("a","")将返回字段“a”的值或空字符串(第二个参数)。嗯,几乎是常规的 Python 文件。You can use Python directly with CGI. It should be faster than calling Python from PHP. It should be easier to configure too.
Simple example.
You have to put this python file into directory for CGI scripts. The most common is
/cgi-bin/. Well, the server may need some configuration too.The 3 last lines are simple http headers. In my example it just redirect to other site. There is no content to display. The
getvalue("a","")will return value of field "a" or the empty string (second argument). Well, almost regular Python file.文件顶部应强制使用 utf 编码。
应该可以正常工作
At the top of your file should force utf encoding.
Should work just fine
PHP 代码的实际问题似乎是添加到“命令”的参数“$add_user”没有以任何方式转义或保护。
这使得可以将任何内容发送到“exec”中,从而使系统容易受到攻击。网络漫画 XKCD 有一个关于此问题的“有趣”示例: http://xkcd.com/327/
您看到的原因是 UTF-8 编码的“åäö”以不可打印的字节开头,这会导致许多旧 shell 出现问题,具体取决于系统配置。
The actual problem with the PHP code seems to be that the argument "$add_user" added to the "command" is not escaped or secured in any way.
This makes it possible to send anything into the "exec", making the system vulnerable to attacks. The webcomic XKCD has a "funny" example of this problem: http://xkcd.com/327/
The cause of what you see is that UTF-8 encoded "åäö" begins with an unprintable byte that causes problems in many older shells, depending on system configuration.