How to differentiate between GET and POST in plain CGI

Question

I have learned a few programming languages in past such as J2EE, and I am acquainted with PHP, etc.

Most of the languages have specific methods to extract data from the POST or GET. PHP has the $_POST & $_GET array while J2EE has doGet() & doPost() methods.

While learning Python, I found that both data in GET and POST can be extracted using abc = cgi.FieldStorage() and then be evaluated. Now, if I make a website using this, won't there be a security hole? Suppose a page gets data using POST, but some user goes to the page directly and feeds some GET data in the URL.

So, is there a way so that I can check whether the webpage is getting a POST or GET request without using frameworks like Django? I found out it can be done using Django or other frameworks, but I am trying to find a generic Python solution.

There is no generic solution if you are going to be using a framework to serve data - use the framework specific solution to check for GET/POST values. — metatoaster, Jul 29 '14 at 04:08
I dont want to use any framework. Just the normal Python language and its CGI scripts — Shaurya Chaudhuri, Jul 29 '14 at 04:13

score 4 · Accepted Answer · edited May 23 '17 at 12:29

4

CGI passes metadata via well-known environment variables. In this case, the "GET/POST" information is supplied via REQUEST_METHOD.

This can be accessed as so

import os
print os.environ['REQUEST_METHOD']

(There are also SCGI / WSGI / FastCGI / etc. protocols, each with their own design and rules.)

edited May 23 '17 at 12:29

Community

1
1

answered Jul 29 '14 at 04:18

user2864740

60,010
15
145
220

How to differentiate between GET and POST in plain CGI

1 Answers1