I have learned a few programming languages in past such as J2EE, and I am acquainted with PHP, etc.
Most of the languages have specific methods to extract data from the POST or GET.
PHP has the $_POST & $_GET array while J2EE has doGet() & doPost() methods.
While learning Python, I found that both data in GET and POST can be extracted using abc = cgi.FieldStorage() and then be evaluated. Now, if I make a website using this, won't there be a security hole? Suppose a page gets data using POST, but some user goes to the page directly and feeds some GET data in the URL.
So, is there a way so that I can check whether the webpage is getting a POST or GET request without using frameworks like Django? I found out it can be done using Django or other frameworks, but I am trying to find a generic Python solution.
CGI passes metadata via well-known environment variables. In this case, the "GET/POST" information is supplied via REQUEST_METHOD.
This can be accessed as so
import os
print os.environ['REQUEST_METHOD']
(There are also SCGI / WSGI / FastCGI / etc. protocols, each with their own design and rules.)
Related
I have written a python module for extracting archives and processing some data from the extracted files, then optionally deleting the extracted files. Currently I am using it by writing user-code in a separate python script. e.g:
import my_module
with my_module.archive("data.rar") as a:
a.extract()
a.convert("data.csv", "data.xlxs")
a.delete(keep="data.xlsx")
But for non-programmers to use it, I am trying to create a webapp user-interface for it with flask.
What are the best practices for implementing some communication between the user and the module through a webapp? For example
how could my module to communicate to the webapp-user that the extraction or the data processing has finished?
how should the it display the list of extracted files?
how could the user select a file to be processed or to be deleted?
Basically I need to interleave my library code with some user code and I would like the webapp to generate and execute the user-code and to display the output of the processing module.
(I sense a close flag coming since this is a broad topic and it's been a while since "best practices" topics were allowed on SO. )
Based on my on faults I'd recommend to:
implement the backend first, don't waste time on web design if the backend functionality is not crystal clear yet. Read about flask blueprints and create a blueprint for all public calls like list directory, select file, unzip file, etc... test it out, use requests, post stuff, check responses, iterate.
if you are satisfied with basic functionality, start implementing the frontend. For interactivity you can use the very same api calls via javascript you already tested, use XMLHttpRequest (or use jQuery - I am not a big fan of that) for posting stuff. The catch here is that when you post (from the browser), you can define a callback, so you may use the flask response to update the interface.
add some css, eventlisteners to your templates to make it pretty and comfy.
Get ideas from here and here and here and here (just googled for some random pages, some seemed on topic for you).
You probably want to read this too.
I want to do automatic searches on a database (in this example www.scopus.com) with a simple python script. I need some place from where to start. For example I would like to do a search and get a list of links and open the links and extract information from the opened pages. Where do I start?
Technically speaking, scopus.com is not "a database", it's a web site that let's you search / consult a database. If you want to programmatically access their service, the obvious way is to use their API, which will mostly requires sending HTTP requests and parsing the HTTP response. You can do this with the standard lib's modules, but you'll certainly save a lot of time using python-requests instead. And you'll certainly want to get some understanding of the HTTP protocol before...
I have zero experience with website development but am working on a group project and am wondering whether it would be possible to create an interaction between a simple html/css website and my python function.
Required functionality:
I have to take in a simple string input from a text box in the website, pass it into my python function which gives me a single list of strings as output. This list of strings is then passed back to the website. I would just like a basic tutorial website to achieve this. Please do not give me a link to the CGI python website as I have already read it and would like a more basic and descriptive view as to how this is done. I would really appreciate your help.
First you will need to understand HTTP. It is a text based protocol.
I assume by "web site" you mean User-Agent, like FireFox.
Now, your talking about an input box, well this will mean that you've already handled an HTTP request for your content. In most web applications this would have been several requests (one for the dynamically generated application HTML, and more for the static css and js files).
CGI is the most basic way to programmatically inspect already parsed HTTP requests and create HTTP responses from objects you've set.
Now your application is simple enough where you can probably do all the HTTP parsing yourself to gain a basic understanding of what's going on, but you will still need to understand how to develop a server that can listen on a socket.
To avoid all that just find a Python application server that has already implemented all of the above and much more. There are many python application servers to choose from. Use one with a small learning curve for something as simple as above. Some are labeled as "micro-frameworks" in this genre.
Have you considered creating an app on Google App Engine (https://developers.google.com/appengine/)?
Their Handling Forms tutorial seems to describe your problem:
https://developers.google.com/appengine/docs/python/gettingstartedpython27/handlingforms
In PHP, I can retrieve the value in a query string like so:
So, if the request URI is http://example.com/index.php?foo=bar
<?php echo $_GET['foo']; //bar ?>
How can I emulate the above code in Python? (and not using a heavy web framework)
I cannot find simple documentation for the easiest way to do this in Python. Is there a standard Python library for handling incoming HTTP requests? I know Python is not a templating language, but its wide usage on the web suggests there should be a simple way of handling this.
All the web frameworks do it differently. As you say, Python is not a templating language, so there is no automatic way to handle HTTP requests.
There is a cgi module which is part of the standard library, and which you can use to access POSTed data via cgi.FieldStorage() - but serving an app via standard CGI is horribly inefficient and only suitable for very small-scale stuff.
A much better idea is to use a simple WSGI framework (WSGI is the standard for serving web applications with Python). There are quite a few - my current favourite is flask although I hear good things about bottle too.
Your "non heavy web framework" should typically pass a request parameter to you, and you can access the get strings from the request.GET or something to that effect.
I have a requirement to build a client for Shopify's API, building it in Python & Django.
I've never done it before and so I'm wondering if someone might advise on a good starting point for the kinds of patterns and techniques needed to get a job like this done.
Here's a link to the Shopify API reference
Thanks.
Your question is somewhat open-ended, but if you're new to Python or API programming, then you should get a feel for how to do network programming in Python, using either the urllib2 or httplib modules that come with more recent versions of Python. Learn how to initiate a request for a page and read the response into a file.
Here is an overview of the httplib module in Python documentation:
http://docs.python.org/library/httplib.html
After you've managed to make page requests using the GET HTTP verb, learn about how to make POST requests and how to add headers, like Content-Type, to your request. When communicating with most APIs, you need to be able to send these.
The next step would be to get familiar with the XML standard and how XML documents are constructed. Then, play around with different XML libraries in Python. There are several, but I've always used xml.dom.minidom module. In order to talk to an API, you'll probably need to know to create XML documents (to include in your requests) and how to parse content out of them. (to make use of the API's responses) The minidom module allows a developer to do both of these. For your reference:
http://docs.python.org/library/xml.dom.minidom.html
Your final solution will likely put both of these together, where you create an XML document, submit it as content to the appropriate Shopify REST API URL, and then have your application deal with the XML response the API sends back to you.
If you're sending any sensitive data, be sure to use HTTPS over port 443, and NOT HTTP over port 80.
I have been working on a project for the last few months using Python and Django integrating with Shopify, built on Google App Engine.
Shopify has a valuable wiki resource, http://wiki.shopify.com/Using_the_shopify_python_api. This is what I used to get a good handle of the Shopify Python API that was mentioned, https://github.com/Shopify/shopify_python_api.
It will really depend on what you are building, but these are good resources to get you started. Also, understanding the Shopify API will help when using the Python API for Shopify.
Shopify has now released a Python API client: https://github.com/Shopify/shopify_python_api
I think you can find some inspiration by taking a look at this:
http://bitbucket.org/jespern/django-piston/wiki/Home
Although it is directly opposite what you want to do (Piston is for building APIs, and what you want is to use an API) it can give you some clues on common topics.
I could mention, of course, reading obvious sources like the Shopify developers forum:
http://forums.shopify.com/categories/9
But I guess you already had it in mind :)
Cheers,
H.