PureBasic Forums - English

Posted: **Tue Oct 12, 2010 4:36 am**

I'm a complete noob when it comes to Javascript. I've never used it before, so please forgive what is sure to be a stupid question:

I have a (tested working) cgi program called cgitest.exe at the same folder level as my htdocs folder on an Apache 5.2 server. The address of the script is "../cgi-bin/cgitest.exe". What I want to do is have my index.html contain no more code than necessary to have the cgitest.exe output a page. Some way to immediately call the cgi program from js without pushing a button or submitting a form. So far I'm failing. Can someone help?

Posted: **Tue Oct 12, 2010 5:22 am**

I don't know but maybe using XMLHttpRequest()
would do the trick

http://www.w3.org/TR/XMLHttpRequest/

Posted: **Tue Oct 12, 2010 8:04 am**

idle wrote:I don't know but maybe using XMLHttpRequest()
would do the trick

http://www.w3.org/TR/XMLHttpRequest/

Yes! It's otherwise known as Ajax. I've found the best easiest way is to use jQuery to perform Ajax requests otherwise you'll be continually reinventing your own Ajax helper object.

http://api.jquery.com/category/ajax/

Posted: **Tue Oct 12, 2010 10:01 am**

Why torture yourself with JavaScript? Use a server side language like PHP!

Posted: **Tue Oct 12, 2010 12:40 pm**

Code: Select all

<?php echo system('../cgi-bin/cgitest.exe'); ?>

or

Code: Select all

<!--#include virtual="../cgi-bin/cgitest.exe"-->

should do the trick.

Posted: **Tue Oct 12, 2010 4:08 pm**

Mistrel wrote:Why torture yourself with JavaScript? Use a server side language like PHP!

I think you've got them two around the wrong way!

Posted: **Tue Oct 12, 2010 8:32 pm**

Hehehe

They both have their strengths and weaknesses. both compliment each other very well, but both can equally torture the mind LOL

Posted: **Tue Oct 12, 2010 9:55 pm**

@LuCiFeR[SD]: I finally got it to work. I installed PHP5 on my Apache server and tried your code. It failed. But after googling for a while I came up with a thread where someone asked exactly the same question and the answer they got from a php expert was:

Code: Select all

<?php echo @stripslashes( @join( @file( "http://lloydsplace.com/cgi-bin/cgitest.exe" ),"" ) ) ?>

I tried that and it works perfectly. No idea why the shorter version didn't work. So now if someone calls up lloydsplace.com they should get told what their IP address is, which is what the Purebasic-coded CGI program outputs. Of course that will change soon to something else.

Thanks for the help, I'm off and running now!

Posted: **Tue Oct 12, 2010 10:03 pm**

php is much better for that.

Posted: **Tue Oct 12, 2010 10:07 pm**

System() allows to execute any programm on the server and is therefore deactivated by default.
Good Example:
Someone uses system('ls." ".$_GET[dir]');
So http://website.tld/list.php?dir=pictures would list the content of the pictures-directory.
But you could call http://website.tld/list.php?dir=picture ... 20pictures (<- That won't actually work, because I mixed up unix and windows commands, but you get the idea).
It's a bit like a SQL-Injection. Two commands at once. And your pictures are gone.

Posted: **Tue Oct 12, 2010 10:18 pm**

Holy crap, I'm glad it didn't work then! I know less than nothing about this stuff..

Posted: **Tue Oct 12, 2010 10:18 pm**

TomS wrote:System() allows to execute any programm on the server and is therefore deactivated by default.
Good Example:
Someone uses system('ls." ".$_GET[dir]');
So http://website.tld/list.php?dir=pictures would list the content of the pictures-directory.
But you could call http://website.tld/list.php?dir=picture ... 20pictures (<- That won't actually work, because I mixed up unix and windows commands, but you get the idea).
It's a bit like a SQL-Injection. Two commands at once. And your pictures are gone.

Good point! That had actually slipped my mind!!! Just goes to prove my memory is getting bad hehe

@netmaestro, Glad I kind of pointed you in the right direction

but the main thing is, you found the correct solution! Funny, I've not coded in PHP for a couple of months and it is AMAZING how quickly I seem to be forgetting the simplest of things these days

Posted: **Tue Oct 12, 2010 10:33 pm**

Well, normally you wouldn't use the system-command, would you? And calling an cgi-script is also not something every php-programmer does everyday. That's why we use php. To not use perl and other stuff

Posted: **Wed Oct 13, 2010 12:25 am**

I like to use NetBeans for large PHP projects. It's not perfect but it's a heck of a lot better than working from a text editor.

Considering that you're new to web development, have a look at the MVC design pattern:

http://en.wikipedia.org/wiki/Model%E2%8 ... Controller

Model–View–Controller (MVC) is a software architecture,[1] currently considered an architectural pattern used in software engineering. The pattern isolates "domain logic" (the application logic for the user) from the user interface (input and presentation), permitting independent development, testing and maintenance of each (separation of concerns).

Posted: **Mon Oct 25, 2010 6:34 pm**

You can use ereg_replace to remove any possibility for directory transversal. I wrote this function for my website, maybe it will be useful to you? It uses Include() though, you should beable to just modify it to fit your needs.

Code: Select all

<?PHP 
	// PHP 5
	function displayPage($page) {
		$pageID = $_GET["page"]; // get ?page= content
		// We need to take care of Directory tranversing
		$pageNewIDLower = strtolower($pageID);
		$pageNewID = ereg_replace("[^A-Za-z0-9]","",$pageNewIDLower); // <-- if page contains an illegal 
		// character it will be removed. If the file uses an underscore, then it will be treated as if its 
		// not found. If an underscore is needed just add it into the ereg_replace
		if (strstr($pageNewID,"../") || strstr($pageNewID,"%") != true) { // reduntant, but just to make sure
			// this function looks for .txt extensions inside of a directory called pages.
			// simply change the extension and directory to which ever you need
			if (file_exists("pages/$pageNewID.txt") == true) {
				@include("pages/$pageNewID.txt");
			}
			else {
				//@include("pages/home.txt");
				echo "page not found";
			}
		}
		else {
			@include("pages/home.txt");
		}
	}
?>

I bet some of the php guru's think my code is ugly. But it gets the job done for my small site

Feel free to use and modify this if you want.

PureBasic Forums - English

help with javascript

help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript

Re: help with javascript