omarf Posted November 13, 2008 Share Posted November 13, 2008 This has to be something simple, but I just can't get it to work. On the first page I take in a variable $keywords in a search field: <form method = "POST" action = "search2.php"> <input name="keywords" type="text"> <input name="submit_keyword_search" type="submit"> </form> Then on the second page which is where I will style the CGI output I have: <?php echo "You entered: "; echo $_POST["keywords"]; $keywords = $_POST["keywords"]; echo "<br/>"; echo "keywords variable is: "; echo $keywords; echo "<br/>"; //this works (without variable): $result = exec("../scgi-bin/hello3.cgi"); //this doesn't work: //$result = exec("../scgi-bin/hello3.cgi?$keywords"); print($result); ?> And the CGI is pretty simple, although the code below needs something to handle the $keywords variable: #!/usr/bin/perl print "Content-type:text/html\n\n"; print "Hello world from:"; How can I pass the variable to the CGI script? Here's a link to the pages mentioned: http://smofco.com/test_search/search1.php Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/ Share on other sites More sharing options...
flyhoney Posted November 13, 2008 Share Posted November 13, 2008 hmm.. $result = exec("../scgi-bin/hello3.cgi"); is like running the script from the command line right? So couldn't you just do: $result = exec("../scgi-bin/hello3.cgi $keywords"); And in your PERL script, (my perl is super rusty) access the keywords using @ARGS or whatever. Just a note, NEVER place user generated input in an exec() command. That is the fastest way to get your shit hacked. Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-689469 Share on other sites More sharing options...
omarf Posted November 13, 2008 Author Share Posted November 13, 2008 Excellent! @ARGV was what I needed. Thank you, flyhoney. Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-689555 Share on other sites More sharing options...
omarf Posted November 13, 2008 Author Share Posted November 13, 2008 Follow-up question... If passing a variable with the user's input is dangerous, what's the alternative to the exec () command? I got nowhere with virtual (). Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-689676 Share on other sites More sharing options...
Mchl Posted November 13, 2008 Share Posted November 13, 2008 Just make sure that user input is safe before passing it to exec(). Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-689683 Share on other sites More sharing options...
flyhoney Posted November 13, 2008 Share Posted November 13, 2008 Yeah, my bad, I should have said: NEVER pass raw user input to the exec() command. Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-689736 Share on other sites More sharing options...
madThumbs Posted December 5, 2008 Share Posted December 5, 2008 How did you replace the var in the CGI? like this? I tried it but it won't work with me #!/usr/bin/perl print "Content-type:text/html\n\n"; print "Hello world from:"; print $keywords; Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-707193 Share on other sites More sharing options...
omarf Posted December 6, 2008 Author Share Posted December 6, 2008 Like this: #!/usr/bin/perl print "Content-type:text/html\n\n"; print "Hello world from: "; print @ARGV; Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-707439 Share on other sites More sharing options...
madThumbs Posted December 11, 2008 Share Posted December 11, 2008 Thanks Man!!! Link to comment https://forums.phpfreaks.com/topic/132594-passing-a-variable-from-php-to-cgi/#findComment-712724 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.