[Web-SIG] Random thoughts

Greg Ward gward at python.net
Thu Oct 30 21:51:17 EST 2003 

I'm just catching up on the archive for this list.  Some random
thoughts:

  * a new package, 'web', is definitely in order.
    "from web import cookies", "from web import http" just sounds right.
    (That contradicts Greg Stein's proposal in PEP 267, but I assume
    he's not strongly wedded to that.)

  * I'm all for stealing good ideas from other sources (eg. PHP,
    the Java servlet API), but I'm not keen on the exact semantics
    Simon has mentioned from PHP.  In particular, I hope no one is
    seriously considering global dictionaries called COOKIES or GET.

    Clearly, the Right Way is:

      request.get_cookie("session_id")

      request.get_form_var("name")

    (spelling and terminology yet to be decided; eg. I could live with
    it getcookie() and getformvar() ;-)

An aside: in the query string

   ?name=Greg&colour=blue&age=31

what exactly are 'name', 'colour', and 'age'?  Are they form variables?
query variables? parameters? fields?  Is this specified anywhere?

(In Quixote's HTTPRequest class, they're called "form variables" --
hence get_form_var() -- but I've never been terribly thrilled with that
terminology.  At the moment, I like "query variables".)

  * on the fields-with-multiple-values issue: I'm with Steve Holden and
    David Fraser.  (I.e., the programmer should know which query
    variables expect multiple values, and the request object should
    always return a list for those variables.)  cgi.py is Dead Wrong
    here; the type of an object should be predictable from the code, not
    dependent on the HTTP client!

    (But I disagree with Steve on handling multiple values for a query
    variable that expects a single value: in that case, IMHO sloppy
    should be the default, and you should get the first value.  I don't
    want to guard every get_form_var() call with a "except KeyError" to
    avoid broken/malicious clients crashing the script!)

    (I've mentally toyed with funky types like Barry suggested, but I
    think that sort of context-sensitive trickery is unPythonic.  Just
    because you can do something doesn't mean you should.)

    Perhaps something like Quixote's form framework belongs in the
    standard library -- the Widget classes solve a lot of problems
    with handling HTML forms.  There's some out-of-date documentation
    here:
      http://www.mems-exchange.org/software/quixote/doc/widgets.html

  * the "PATHINFO" variable is not CGI-specific.  Zope and Quixote are
    both utterly dependent on PATHINFO, and they're not tied to CGI.
    (There are strong connections, but you can run a Quixote app with
    mod_python, Medusa, or Twisted -- no CGI there!)

    Also, the Java servlet API has a getPathInfo() method, and Java
    servlets are most certainly not CGI scripts.

    "pathinfo" is just the part of the URL that the HTTP server doesn't
    look at.  ;-)

  * I oppose Simon Willison's practice of using the same variable
    in the "GET" and "POST" part of a request, but I will defend to the
    death his right to do so.  (But not in Quixote, where a narrower
    definition of what is Right, Good, and Truthfull prevails.)

Enough for now.  I still have lots of archive to read.  ;-(

        Greg
-- 
Greg Ward <gward at python.net>                         http://www.gerg.ca/
And now for something completely different.

More information about the Web-SIG mailing list