accessing javascript variables within psp code

Wed Jul 18 09:09:22 EDT 2007

On Wed, 2007-07-18 at 01:29 +0000, BAnderton wrote:
> Hello all,
> 
> Question:  Is there any way to access a javascript variable from
> within psp code?
> 
> 
> I'm aware of how to do the reverse of this (js_var='<%=psp_var%>').
> 
> 
> Here's a non-working example of what I'm trying to do:
> 
> 
> - - - (begin example) - - -
> 
> 
> function Test(txt)
> {
> a = confirm('Are you sure you want to delete '+txt+'?')
> if (a)
> {
> //The problem is getting the value of js variable 'txt' recognized in
> "psp space".
> <%
> os.remove(  os.path.join(os.path.dirname(req.filename), '../notes/'+
> %>txt<%)  )
> %>
> 
> 
> }
> }
> 
> 
> - - - (end example) - - -
> 
> FYI, I've already found a workaround for the above example (by placing
> a "get" variable in the URL, reloading the page, and having psp check
> for the existence of that variable before proceeding with deleting the
> appropriate file) but I'd still like this general capability for
> future projects.  I've searched several forums, websites, etc. and
> the
> answer has aluded me for two days now.  I'm new to apache, mod_python,
> and javascript, so this may be ridiculously simple.

>From your vague description it sounds like the contents of your
JavaScript variable come from the server to begin with. In that case
it's easier and more secure to "remember" the correct value on the
server instead of sending it to the client and trusting the client[*] to
send the same value back.

To store variables on the server side between requests by the same
client, use session variables.

[*] A basic premise of web programming is that the client can't be
trusted: Don't trust that maximum form field sizes will be honored,
don't trust that cookies won't be changed, don't trust that GET
parameters won't be changed, don't trust that hidden form fields won't
be changed, etc.

HTH,

-- 
Carsten Haese
http://informixdb.sourceforge.net