A guest book for your web page that demonstrates CGI, and file access.
Python, 80 lines
Download
Copy to clipboard1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 | #!/usr/bin/python
import cgi
# define files to use
header_file_name = 'files/header'
footer_file_name = 'files/footer'
book_file_name = 'files/book'
form_file_name = 'files/form'
##########################
## Function Definitions ##
##########################
# Print the header from an external file
def printfile( file_name ):
file = open( file_name , "r")
for line in file.readlines():
print line
file.close();
# define a function for the message entry
# entry == the form dictionary
# book == the guestbook file
def bookEntry( entry ):
book = open( book_file_name, 'a')
book.write( '<TR><TD COLSPAN="2"><B>%s</B>' % entry['name'].value )
book.write( '''
<HR WIDTH="100%"><BR>
</TD></TR>
<TR><TD VALIGN="TOP" ALIGN="RIGHT">
''' )
if entry.has_key('email'):
email = entry['email'].value
book.write( '<A HREF="mailto:%s">\n %s\n</A>' % (email,email) )
book.write( ' \n<BR>\n' )
if entry.has_key('website'):
website = entry['website'].value
book.write( '<A HREF="http://%s">\n %s\n</A>' % (website,website) )
book.write( ' \n' )
book.write( '</TD><TD VALIGN="TOP">\n%s\n</TD></TR>\n' %entry['message'].value )
book.write( '<TR><TD><BR></TD></TR>\n\n\n' )
book.close() # This line was changed from the April 30 version
###################
## Program Logic ##
###################
# create the form dictionary
form = cgi.FieldStorage()
# check if a from was submitted
if len( form ) > 1:
# check to see if both a name and message are provided
if not (form.has_key("name") and form.has_key("message")):
print "To add an entry, both name and message is required";
else:
bookEntry( form )
#################
## Page Output ##
#################
# print a header
print "content-Type: text/html"
print
# Print the header from an external file
printfile( header_file_name )
# read the current guestbook
printfile( book_file_name )
# write a form
printfile( form_file_name )
# print the footer
printfile( footer_file_name )
|
As per good programming practice, I've separated my HTML from my logic. I've used four text files: header, footer, form, book. All files must be readable
file descriptions in order of display.
header: every thing to be displayed before the guest book entry. The way the code is now, the header should start a table. book: This can be a blank file initially, but must be writable. This is where the entries will be inserted as table rows. form: Either close the table here and enter the form or enter the form and close the table... Your call, but this is where the form goes. footer: Every thing that goes at the bottom of the page.
Tags: cgi
Blank screen when adding an entry. Hi
I just tried your guestbook script, and noticed that when have submitted a message, a blank screen appears. I refreshed a couple of times, then I went back to the Guestbook a saw that my message was added twice. Shouldn't you rather redirect to a thank you page or to the guestbook?
Regards
Jorgen
Fixed the problem. The problem was a mistake at the end of the bookEntry function. It now works as shown above.
Injection attacks. What's the simplest thing you could to do to protect this script against Javascript injection attacks?