why is user = form.getfirst("user", "").upper() safe?

shanepy · Nov-22-2018, 08:28 PM

Hello,

https://docs.python.org/3.5/library/cgi....-interface

import cgi
form = cgi.FieldStorage()
user = form.getfirst("user", "").upper()    # This way it's safe.
...

Why does converting to the cgi form data to upper case make it "safe"?

***micseydel*** · Nov-24-2018, 06:48 PM

My best guess is that the default argument, the empty string, prevents None being returned, which would result in the upper call throwing a AttributeError. The upper call doesn't make it safe, it's what's being made safe.

**buran** · (This post was last modified: Nov-26-2018, 07:37 AM by buran.)

It's not converting to upper() that makes it safe but using getfirst() method instead of getvalue(). i.e. if user supply list, instead of single value.
Note that upper() is present also in the original example of code that would fail.

shanepy · Nov-27-2018, 03:57 AM

@buran: that makes more sense, but I don't see what use upper() serves in this example since

form.getfirst("user", "")

could only return a string.

**buran** · Nov-27-2018, 07:23 AM

upper() is not meant to convert user input to str. It's meant to convert any str to uppercase string. That is why the initial example would fail if user supply list instead of str.

>>> 'Some StrinG'.upper()
'SOME STRING'
>>>

shanepy · Nov-27-2018, 06:56 PM

I understand the upper() method is used to trigger an AttributeError exception in case it is called on a list but that could not possibly happen in the example code-

user = form.getfirst("user", "").upper()    # This way it's safe.

so why call it?

**buran** · Nov-27-2018, 07:13 PM

No, this is the solution, not the example code for error.
The example code for error is this one:

user = form.getvalue("user").upper()

now, if form.getvalue("user") returns list and you call upper() on it you will get an error.
as explained in the docs, you can test for what is returned. but there is alternative - if instead you use

user = form.getfirst("user", "").upper()

it will return just the first element (single string) or "" and upper() will not raise exception

you can also use form.getlist() in which case you will always get a list. In any case the code is more compact and clean compared to the one if you check what is returned.

Possibly Related Threads…
Thread		Author	Replies	Views	Last Post
	Warn user of validation error before they click submit	robertkwild	1	875	Mar-12-2025, 03:49 AM Last Post: Tishat73
	How to revert back to a previous line from user input	Sharkenn64u	2	874	Dec-28-2024, 08:02 AM Last Post: Pedroski55
	Handling receiving updates from user in Telebot	mohsenamiri	0	1,311	Aug-26-2024, 09:25 AM Last Post: mohsenamiri
	User input with while loops	chizzy101010	2	5,129	Aug-25-2024, 06:00 PM Last Post: chizzy101010
	Regex to catch what user has put in text box	robertkwild	26	5,047	Jun-26-2024, 01:06 PM Last Post: AdamHensley
	PyQt5 - issue of delay in overall performance & user interface while using serial COM	thiru	0	783	Jun-18-2024, 08:34 AM Last Post: thiru
	How to Randomly Print a Quote From a Text File When User Types a Command on Main Menu	BillKochman	13	4,229	Apr-24-2024, 05:47 AM Last Post: Bronjer
	run SQL without user intervention python	dawid294	0	629	Jan-19-2024, 01:11 PM Last Post: dawid294
	When is it safe to compare (==) two floats?	Radical	4	2,450	Nov-12-2023, 11:53 AM Last Post: PyDan
	WHILE LOOP NOT RETURNING USER INPUT AFTER ZerroDivisionError! HELP!	ayodele_martins1	7	2,460	Oct-01-2023, 07:36 PM Last Post: ayodele_martins1

why is user = form.getfirst("user", "").upper() safe?

User Panel Messages

Announcements