html forms, dicts and lists
Paul Rubin
phr-n2002b at NOSPAMnightsong.com
Wed Jul 31 21:42:56 EDT 2002
Kai Keliikuli <kai at keliikuli.com> writes:
> I'm wanting to do more with html forms and their processing
> than I'm able to using the cgi module, but I've had no luck
> RTFMing or googling. I want to interpret the following html
> form inputs like so
>
> form: <input type="text" name = "d['a']['b']" value="foo">
> interpreted: d = {'a':{'b':'foo'}}
Don't do that, for the usual reasons it's bad to use 'eval' or 'exec'.
Even if you don't do it the obvious way with exec, you'll have to do
complicated enough filtering to have a big chance of leaving some hole
where a hostile client can take over your application.
Just use ordinary form and field names and interpret them in your cgi.
More information about the Python-list
mailing list