OT: How to embed or call a shell script in an html file?

Matt Graham danceswithcrows at usa.net
Sun Jun 23 11:33:05 MST 2013


From: joe@
> Matt asked:
>> How is this working?
> Regarding 'readin' , I have a small program by that name
> in my /usr/bin (and in ~/www/bin) that enables a hot-key.
> Also I have linked 'clear' to 'cls'.

OK.  You can do this, but doing things like this makes it more difficult for
other people to debug your code.

>>> ... how can I integrate this shell script into an html
>>> file as I hope to be able to use it in a web page?
>> You will have an easier time of it if you use something that's
>> designed for creating dynamic web pages, like mod_python or
>> CGI-Perl or Ruby on Rails or PHP. 
> But I don't know how to use any of those

If you're going to make web pages that do things, you will have to learn
something like Ruby/Python/PHP.  Things like wordpress/drupal/django are not
written in shell because it's difficult to do the complex stuff that those
CMSes require in shell.

A basic PHP script that should be usable on your web sewer with 1 change:

<?php

$header='<html><head><title>Test search</title></head><body>';
$footer='</body></html>';

$form='<form action="'.$_SERVER['PHP_SELF'].'" method="get">
<label>Name 1:</label> <input type="text" name="name1"/><br/>
<label>Name 2:</label> <input type="text" name="name2"/><br/>
<input type="submit" name="" value="Go"/>
</form>';

$filename='/www/stuff.txt'; // full path of file you're searching in

$out='';
if(isset($_GET['name1']) and isset($_GET['name2'])){
        $o1=htmlentities($_GET['name1']);
        $o2=htmlentities($_GET['name2']);
        $out.="<p>Searched for: name1 $o1 name2 $o2</p>\n";
        $n1=escapeshellarg($_GET['name1']);
        $n2=escapeshellarg($_GET['name2']);
        $out.="<p>First 10 results:</p>\n<pre>\n";
        $out.=`grep -i $n1 $filename | grep -i $n2 | head -n 10`;
        $out.="</pre>\n";
        }

print $header;
print $out;
print $form;
print $footer;
// save as search.php on your PHP-enabled webserver somewhere
// end code

...note that this is very bare-bones and has almost no security attached to
it; there are good reasons why real scripts don't just put $_GET vars into
shell commands they're executing.  Using `` or system() or shell_exec() is not
usually done because there are usually better ways to handle things than
shelling out (like a DB and the mysqli or PDO classes).

It is also easy for beginners to forget to escape data in PHP and make your
PHP scripts vulnerable to XSS and SQL injection and all kinds of terrible
things.  However, PHP is easy to use for quick one-offs since so much useful
stuff is built in to the language.  Hope That Helps,

-- 
Matt G / Dances With Crows
The Crow202 Blog:  http://crow202.org/wordpress/
There is no Darkness in Eternity/But only Light too dim for us to see



More information about the PLUG-discuss mailing list