How to display input on one web page on another?

Thread Starter

Markd77

Joined Sep 7, 2009
2,796
I'd like to have a web page www example com/input.html with an input box.
Whatever gets typed into that input box I'd like to display on the page www example com/input.html (actually my computer will be sending to the input box but I'm pretty sure I can do that easily with Python).
A visitor to output.html shouldn't be able to find the location of input.html (or I could just put a password on input.html).

The problem is I don't know where to start looking or even what to search for. Any tips?
My host has the following available:
PHP4
PHP5 with SOAP Support
Perl
Python
Ruby Hosting

<ed> I should probably mention that although this could be done with FTP, my host has a system where to use FTP, you have to log in to their site and unlock it for a period. </ed>
 
Last edited:

BMorse

Joined Sep 26, 2009
2,675
In order to do this, you have to find out if your host will allow you to run scripts on the server, you would have to have the input "post" data to the host server, which could then be retrieved ("get") by the output form (would be best if the output form just queried the server for data every now and then, basically set up a timer to update the form periodically, or when a user clicks a button to refresh)..... you can write these scripts in any of the server supported languages you posted above..... here is some light reading on the "post" and "Get" methods used for this type of stuff... http://catcode.com/formguide/getpost.html
 

Thread Starter

Markd77

Joined Sep 7, 2009
2,796
Finally managed it, still have to sort out a couple of things:
Whatever you put here:
http://www.marksphotos.info/in.shtml
You have to click back to input again.

should turn up here:
http://www.marksphotos.info/out.shtml

I might not leave the pages up for very long, if anyone spots any problems or security issues please let me know.
No typing rude things in the box!


in.shtml
Rich (BB code):
<html>
<body>

<form action="/cgi-bin/in.py" method="post">
<input type="submit" value="Send Data" />
First name: <input type="text" name="first" />
  <br /> 
  <!-- form contents go here --> 
</form>

</body>
</html>
out.shtml
Rich (BB code):
<html>
<body>



<!--#exec cgi="/cgi-bin/test.py" -->

</body>
</html>
test.py (for output)
Rich (BB code):
#!/usr/bin/python

print "Content-type: text/html\n"

print """
<html>

<head>
  <title>Test</title>
</head>

<body>

Below text comes from file
<BR>

"""

file_in = open("test.txt", "r")
count = file_in.readline()     # it *is* a text file
file_in.close() 
print count     

print "</body>"
print "</html>"

in.py
Rich (BB code):
#!/usr/bin/python

import cgi
form = cgi.FieldStorage() # instantiate only once!
name = form.getfirst('first', 'empty')

# Avoid script injection escaping the user input
name = cgi.escape(name)

print """\
Content-Type: text/html\n
<html><body>
<p>File should be updated to "%s"</p>

""" % name

file_out = open("test.txt", "w")
file_out.write(str(name))

file_out.close() 
   

print "</body>"
print "</html>"
 

c0de3

Joined May 1, 2009
50
Looks pretty good. I didnt see the code and went and tried some injections. They all failed. Then I saw the code and see you are scrubbing for it. Nice.


I don't see a length limit. someone could try to fill up your drive or crash the system by putting huge amounts of data into the post.
 

Thread Starter

Markd77

Joined Sep 7, 2009
2,796
I think I probably should put a length check on it, someone just put 93kB of Lorem ipsum text on there. I had no idea you could paste that much into an input box. I'll probably give the input page an unguessable name anyway, with no links to it.
I'm going to take the input page down now.
 

techmonster1

Joined Jul 24, 2012
1
In my point of view Processing data from an HTML form can not be done with HTML.

You either need to use a server side scripting language (such as PHP), or a client side scripting language (such as Javascript).

In general it is better to use a server side scripting language because that will work for all visitors. Perhaps 10% of people have javascript turned off. Consequently javascript based form processing will not work for them.
 
Top