开发者

POST/GET bindings in Racket

开发者 https://www.devze.com 2023-01-04 21:15 出处:网络
Is there a built-in way to get at POST/GET parameters in Racket? extract-binding and friends do what I want, but there\'s a dire note attached about potential security risks related to file uploads wh

Is there a built-in way to get at POST/GET parameters in Racket? extract-binding and friends do what I want, but there's a dire note attached about potential security risks related to file uploads which concludes

Therefore, we recommend against their use, but they are provided for compatibility with old code.

The best I can figure is (and forgive me in advance)

(bytes->string/utf-8 (binding:form-value (bindings-assq (string->bytes/utf-8 "[field_name_here]") (request-bindings/raw req))))

but that seems unnecessarily complicated (and it seems like it would suffer from some of the same bugs documented in the Bindings section).

Is there a more-or-less standard, non-buggy way to get the value of a POST/GET-variable, given a field name and request? Or better yet, a way of ge开发者_JAVA百科tting back a collection of the POST/GET values as a list/hash/a-list? Barring either of those, is there a function that would do the same, but only for POST variables, ignoring GETs?


extract-binding is bad because it is case-insensitive, is very messy for inputs that return multiple times, doesn't have a way of dealing with file uploads, and automatically assumes everything is UTF-8, which isn't necessarily true. If you can accept those problems, feel free to use it.

The snippet you wrote works when the data is UTF-8 and when there is only one field return. You can define it is a function and avoid writing it many times.

In general, I recommend using formlets to deal with forms and their values.

Now your questions...

"Is there a more-or-less standard, non-buggy way to get the value of a POST/GET-variable, given a field name and request?"

What you have is the standard thing, although you wrongly assume that there is only one value. When there are multiple, you'll want to filter the bindings on the field name. Similarly, you don't need to turn the value into a string, you can leave it as bytes just fine.

"Or better yet, a way of getting back a collection of the POST/GET values as a list/hash/a-list?"

That's what request-bindings/raw does. It is a list of binding? objects. It doesn't make sense to turn it into a hash due to multiple value returns.

"Barring either of those, is there a function that would do the same, but only for POST variables, ignoring GETs?"

The Web server hides the difference between POSTs and GETs from you. You can inspect uri and raw post data to recover them, but you'd have to parse them yourself. I don't recommend it.

Jay

0

精彩评论

暂无评论...
验证码 换一张
取 消