Forms are used to gather data from users and send it to a server. There are two main methods for submitting form data: GET and POST. GET places parameters in the URL, while POST appends parameters to the HTTP request body. Django provides built-in protections against cross-site request forgery attacks by generating CSRF tokens that are validated on form submission. To prevent duplicate form submissions, applications typically use the POST-redirect-GET pattern, where a POST redirects to a GET request.
Imagine you’re a new engineer at a workplace who has to learn a new unfamiliar codebase. After you acquire a copy of the repo, what is your next step? How do you dissect a new unfamiliar codebase to understand its inner workings? Come see a guided walkthrough of reading the widely used python-requests project, which gets over 18,000 downloads per day and powers many of the world’s REST-based APIs.
This was a talk given at PyCon 2016.
Working with Data and built-in functions of PHPmohanaps
This PPT for PHP covers:
Working with Data
Form and input elements validating the user input, passing variables
between pages, through GET, through POST, through REQUEST and
RESPOND, string functions - chr, ord, strtolower, strtoupper, strlen, ltrim,
rtrim, substr, strcmp, math functions - abs, ceil, floor, round, fmod, min,
max, pow, sqrt, rand, array functions - count, list, in_array, current, next,
previous, end, each, sort, rsort, Rest API.
Everyone talks about raising the bar on quality of code, but it's always hard to start implementing it when you have no clue where to start. With this talk I'm shooing that there are many levels developers can improve themselves by using the right tools. In this talk I'll go over each tool with examples how to use them against your codebase. A must attend talk for every developer that wants to scale up their quality. Most PHP developers deploy code that does what the customer requested but they don't have a clue about the quality of the product they deliver. Without this knowledge, maintenance can be a hell and very expensive. In this workshop I cover unit testing, code measuring, performance testing, debugging and profiling and give tips and tricks how to continue after this workshop.
Imagine you’re a new engineer at a workplace who has to learn a new unfamiliar codebase. After you acquire a copy of the repo, what is your next step? How do you dissect a new unfamiliar codebase to understand its inner workings? Come see a guided walkthrough of reading the widely used python-requests project, which gets over 18,000 downloads per day and powers many of the world’s REST-based APIs.
This was a talk given at PyCon 2016.
Working with Data and built-in functions of PHPmohanaps
This PPT for PHP covers:
Working with Data
Form and input elements validating the user input, passing variables
between pages, through GET, through POST, through REQUEST and
RESPOND, string functions - chr, ord, strtolower, strtoupper, strlen, ltrim,
rtrim, substr, strcmp, math functions - abs, ceil, floor, round, fmod, min,
max, pow, sqrt, rand, array functions - count, list, in_array, current, next,
previous, end, each, sort, rsort, Rest API.
Everyone talks about raising the bar on quality of code, but it's always hard to start implementing it when you have no clue where to start. With this talk I'm shooing that there are many levels developers can improve themselves by using the right tools. In this talk I'll go over each tool with examples how to use them against your codebase. A must attend talk for every developer that wants to scale up their quality. Most PHP developers deploy code that does what the customer requested but they don't have a clue about the quality of the product they deliver. Without this knowledge, maintenance can be a hell and very expensive. In this workshop I cover unit testing, code measuring, performance testing, debugging and profiling and give tips and tricks how to continue after this workshop.
This workshop is a hands-on training where a real Zend Framework application is used as an example to start improving QA using tools to test, document and perform software metric calculations to indicate where the software can be improved. I also explain the reports produced by a CI system.
Let's read code: the python-requests librarySusan Tan
Imagine you’re a new engineer at a workplace who has to learn a new unfamiliar codebase. After you acquire a copy of the repo, what is your next step? How do you dissect a codebase to understand its inner workings? This is a guided walkthrough of reading the widely used python-requests project, which gets over 18,000 downloads per day and powers many of the world’s REST-based APIs.
This is the front-page example code that demonstrates the python-requests library: "requests.get(url)". We'll see how this example code is all implemented underneath the hood.
These are the slides for a conference talk in Nashville for PyTN 2016. Full talk description: https://www.pytennessee.org/schedule/presentation/90/
Cloud functions are google’s Functions as a Service ( FaaS ) platform. As of right now it supports Node.js and Python runtimes. In this blog, we will show you how to enable Cross Origin Resource Sharing (CORS) for a Google Cloud Function using Python.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
This workshop is a hands-on training where a real Zend Framework application is used as an example to start improving QA using tools to test, document and perform software metric calculations to indicate where the software can be improved. I also explain the reports produced by a CI system.
Let's read code: the python-requests librarySusan Tan
Imagine you’re a new engineer at a workplace who has to learn a new unfamiliar codebase. After you acquire a copy of the repo, what is your next step? How do you dissect a codebase to understand its inner workings? This is a guided walkthrough of reading the widely used python-requests project, which gets over 18,000 downloads per day and powers many of the world’s REST-based APIs.
This is the front-page example code that demonstrates the python-requests library: "requests.get(url)". We'll see how this example code is all implemented underneath the hood.
These are the slides for a conference talk in Nashville for PyTN 2016. Full talk description: https://www.pytennessee.org/schedule/presentation/90/
Cloud functions are google’s Functions as a Service ( FaaS ) platform. As of right now it supports Node.js and Python runtimes. In this blog, we will show you how to enable Cross Origin Resource Sharing (CORS) for a Google Cloud Function using Python.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Custom Healthcare Software for Managing Chronic Conditions and Remote Patient...Mind IT Systems
Healthcare providers often struggle with the complexities of chronic conditions and remote patient monitoring, as each patient requires personalized care and ongoing monitoring. Off-the-shelf solutions may not meet these diverse needs, leading to inefficiencies and gaps in care. It’s here, custom healthcare software offers a tailored solution, ensuring improved care and effectiveness.
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
Cyaniclab : Software Development Agency Portfolio.pdfCyanic lab
CyanicLab, an offshore custom software development company based in Sweden,India, Finland, is your go-to partner for startup development and innovative web design solutions. Our expert team specializes in crafting cutting-edge software tailored to meet the unique needs of startups and established enterprises alike. From conceptualization to execution, we offer comprehensive services including web and mobile app development, UI/UX design, and ongoing software maintenance. Ready to elevate your business? Contact CyanicLab today and let us propel your vision to success with our top-notch IT solutions.
Enterprise Resource Planning System includes various modules that reduce any business's workload. Additionally, it organizes the workflows, which drives towards enhancing productivity. Here are a detailed explanation of the ERP modules. Going through the points will help you understand how the software is changing the work dynamics.
To know more details here: https://blogs.nyggs.com/nyggs/enterprise-resource-planning-erp-system-modules/
Unleash Unlimited Potential with One-Time Purchase
BoxLang is more than just a language; it's a community. By choosing a Visionary License, you're not just investing in your success, you're actively contributing to the ongoing development and support of BoxLang.
Innovating Inference - Remote Triggering of Large Language Models on HPC Clus...Globus
Large Language Models (LLMs) are currently the center of attention in the tech world, particularly for their potential to advance research. In this presentation, we'll explore a straightforward and effective method for quickly initiating inference runs on supercomputers using the vLLM tool with Globus Compute, specifically on the Polaris system at ALCF. We'll begin by briefly discussing the popularity and applications of LLMs in various fields. Following this, we will introduce the vLLM tool, and explain how it integrates with Globus Compute to efficiently manage LLM operations on Polaris. Attendees will learn the practical aspects of setting up and remotely triggering LLMs from local machines, focusing on ease of use and efficiency. This talk is ideal for researchers and practitioners looking to leverage the power of LLMs in their work, offering a clear guide to harnessing supercomputing resources for quick and effective LLM inference.
Climate Science Flows: Enabling Petabyte-Scale Climate Analysis with the Eart...Globus
The Earth System Grid Federation (ESGF) is a global network of data servers that archives and distributes the planet’s largest collection of Earth system model output for thousands of climate and environmental scientists worldwide. Many of these petabyte-scale data archives are located in proximity to large high-performance computing (HPC) or cloud computing resources, but the primary workflow for data users consists of transferring data, and applying computations on a different system. As a part of the ESGF 2.0 US project (funded by the United States Department of Energy Office of Science), we developed pre-defined data workflows, which can be run on-demand, capable of applying many data reduction and data analysis to the large ESGF data archives, transferring only the resultant analysis (ex. visualizations, smaller data files). In this talk, we will showcase a few of these workflows, highlighting how Globus Flows can be used for petabyte-scale climate analysis.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Launch Your Streaming Platforms in MinutesRoshan Dwivedi
The claim of launching a streaming platform in minutes might be a bit of an exaggeration, but there are services that can significantly streamline the process. Here's a breakdown:
Pros of Speedy Streaming Platform Launch Services:
No coding required: These services often use drag-and-drop interfaces or pre-built templates, eliminating the need for programming knowledge.
Faster setup: Compared to building from scratch, these platforms can get you up and running much quicker.
All-in-one solutions: Many services offer features like content management systems (CMS), video players, and monetization tools, reducing the need for multiple integrations.
Things to Consider:
Limited customization: These platforms may offer less flexibility in design and functionality compared to custom-built solutions.
Scalability: As your audience grows, you might need to upgrade to a more robust platform or encounter limitations with the "quick launch" option.
Features: Carefully evaluate which features are included and if they meet your specific needs (e.g., live streaming, subscription options).
Examples of Services for Launching Streaming Platforms:
Muvi [muvi com]
Uscreen [usencreen tv]
Alternatives to Consider:
Existing Streaming platforms: Platforms like YouTube or Twitch might be suitable for basic streaming needs, though monetization options might be limited.
Custom Development: While more time-consuming, custom development offers the most control and flexibility for your platform.
Overall, launching a streaming platform in minutes might not be entirely realistic, but these services can significantly speed up the process compared to building from scratch. Carefully consider your needs and budget when choosing the best option for you.
First Steps with Globus Compute Multi-User EndpointsGlobus
In this presentation we will share our experiences around getting started with the Globus Compute multi-user endpoint. Working with the Pharmacology group at the University of Auckland, we have previously written an application using Globus Compute that can offload computationally expensive steps in the researcher's workflows, which they wish to manage from their familiar Windows environments, onto the NeSI (New Zealand eScience Infrastructure) cluster. Some of the challenges we have encountered were that each researcher had to set up and manage their own single-user globus compute endpoint and that the workloads had varying resource requirements (CPUs, memory and wall time) between different runs. We hope that the multi-user endpoint will help to address these challenges and share an update on our progress here.
Globus Connect Server Deep Dive - GlobusWorld 2024Globus
We explore the Globus Connect Server (GCS) architecture and experiment with advanced configuration options and use cases. This content is targeted at system administrators who are familiar with GCS and currently operate—or are planning to operate—broader deployments at their institution.
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
3. Forms GET vs. POST
Two ways the browser can send parameters to the web server
• GET - Parameters are placed on the URL which is retrieved.
• POST - The URL is retrieved and parameters are appended to
the request in the the HTTP connection.
4. Utility Code – Dump a Dictionary
# Call as dumpdata('GET', request.GET)
def dumpdata(place, data) :
retval = ""
if len(data) > 0 :
retval += '<p>Incoming '+place+' data:<br/>n'
for key, value in data.items():
retval += html.escape(key) + '=' + html.escape(value) + '</br>n'
retval += '</p>n'
return retval
dj4e-samples/getpost/views.py
7. Passing Parameters to The Server
GET /form/getform?guess=42
Accept: text/html
User-Agent: Lynx/2.4 libwww/2.14
POST /form/postform
Accept: text/html
User-Agent: Lynx/2.4 libwww/2.14
Content-type: application/x-www-form-urlencoded
Content-length: 13
guess=42
HTTP
Request
Browser
Web Server
<input type="text" name="guess" id="yourid" />
8. Rules of the POST/GET Choice
• POST is used when data is being created or modified.
• GET is used when your are reading or searching things.
• GET should never be used to insert, modify or delete data.
• Web search spiders will follow GET URLs but generally not POST URLs.
• GET URLs should be “idempotent” - the same URL should give the
“same thing” each time you access it. (i.e. bookmarkable)
• GET has an upper limit of the number of bytes of parameters and
values (think about 2K).
16. <p><label for="inp08">Tell us about yourself:<br/>
<textarea rows="10" cols="40" id="inp08" name="about">
I love building web sites in Django and MySQL.
</textarea>
</p>
Incoming POST data:
...
snack=peanuts
about=I love building
web sites in Django and
MySQL.
dopost=Submit
dj4e-samples/getpost/templates/getpost/html4.html
17. <input type="submit" name="dopost" value="Submit"/>
<input type="button"
onclick="location.href='http://www.dj4e.com/'; return false;"
value="Escape">
Incoming POST data:
...
snack=peanuts
about=I love building
web sites in Django and
MySQL.
dopost=Submit
dj4e-samples/getpost/templates/getpost/html4.html
18. HTML5 Input Types
• HTML5 defined new input types
• Not all browsers support all input types
• They fall back to type="text"
https://samples.dj4e.com/getpost/html5
dj4e-samples/getpost/templates/getpost/html5.html
http://www.w3schools.com/html/html5_form_input_types.asp
19. Select your favorite color:
<input type="color" name="favcolor" value="#0000ff"><br/>
Birthday:
<input type="date" name="bday" value="2003-09-02"><br/>
E-mail:
<input type="email" name="email"><br/>
Quantity (between 1 and 5):
<input type="number" name="quantity"
min="1" max="5"><br/>
Add your homepage:
<input type="url" name="homepage"><br>
Transportation:
<input type="flying" name="saucer"><br>
https://samples.dj4e.com/getpost/html5
In-browser validation happens
when you press submit.
21. CSRF Attack
• A rogue site generates a page that includes form that posts data to a
legitimate site where the user is logged in via a session cookie
• The form is submitted to the legitimate site and the cookie is included
• The legitimate site accepts the request because of the cookie value
• Note that the rogue site does not need to know the cookie value – it
just knows that the cookie will be sent on requests to the legitimate
site
https://en.wikipedia.org/wiki/Cross-site_request_forgery
22. CSRF Defense
• The legitimate site chooses a large random number (the CSRF Token)
and puts it in the session
• When the legitimate site generates a POST form, it includes the CSRF
Token as a hidden input field
• When the form is submitted the CSRF Token is sent as well as the
cookie
• The site looks up the session and rejects the request if the incoming
CSRF Token does not match the session's CSRF Token
https://en.wikipedia.org/wiki/Cross-site_request_forgery
23. Scenario: Time to Change a Student Grade
Browser
www.dj4e.com
user: csev
instructor: true
cookies
www.dj4e.com
sessid: 42
Student Grade
123 0.5
456 1.0
42
<form method="post"
action="https://www.dj4e.com/grades/123">
<input type="text" name="new-grade"
value="0.5">
<input type="submit">
</form>
POST /grades/123
cookie: sessid=42
new-grade=0.5
Page produced
by legit server.
28. Enabling CSRF defense in Django
• Django has built in support to generate, use, and check CSRF Tokens
• Activated by default in settings.py
MIDDLEWARE = [
'django.middleware.security.SecurityMiddleware',
'django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
]
45. POST / Refresh /
• Once you do a POST and receive 200 status + a page of HTML, if
you tell the browser to refresh, the browser will re-send the
POST data a second time.
• The user gets a browser pop-up that tries to explain what is
about to happen.
47. Don't Allow Double Posts
• Typically POST requests are adding or modifying data whilst GET
requests view data
• It may be dangerous to do the same POST twice (say
withdrawing funds from a bank account)
• So the browser insists on asking the user (out of your control)
• Kind of an ugly UX / bad usability
• As developers we work so this never can happen
49. POST
Redirect
Rule
• The simple rule for pages intended for a browser is to never generate a page with
HTML content when the app receives POST data and data has been modified
• Must cause a GET by redirecting somewhere - even a GET to the same URL-
forcing the browser to make a GET after the POST
50. Review: HTTP Status Codes
• http://www.dr-chuck.com/page1.htm - 200 OK
• https://samples.dj4e.com/getpost/failform - 403 Forbidden
• Post data without CSRF Token
• http://www.wa4e.com/nowhere.htm - 404 Not Found
• http://www.drchuck.com/ - 302 Found / Moved
Also known as “redirect”
https://en.wikipedia.org/wiki/List_of_HTTP_status_codes
57. class AwesomeView(View) :
def get(self, request):
msg = request.session.get('msg', False)
if ( msg ) : del(request.session['msg'])
return render(request, 'getpost/guess.html', {'message' : msg })
def post(self, request):
guess = request.POST.get('guess')
msg = checkguess(guess)
request.session['msg'] = msg
return redirect(request.path)
dj4e-samples/getpost/views.py
The response to a POST must be a redirect
• Pass data to the GET – "flash message pattern"
• Session can be used for flash messages
59. Acknowledgements / Contributions
These slides are Copyright 2019- Charles R. Severance
(www.dr-chuck.com) as part of www.dj4e.com and made
available under a Creative Commons Attribution 4.0 License.
Please maintain this last slide in all copies of the document to
comply with the attribution requirements of the license. If you
make a change, feel free to add your name and organization to
the list of contributors on this page as you republish the
materials.
Initial Development: Charles Severance, University of Michigan
School of Information
Insert new Contributors and Translators here including names
and dates
Continue new Contributors and Translators here
60. Additional Source Information
• Portions of the text of these slides is adapted from the text www.djangoproject.org web site. Those slides which
use text from that site have a reference to the original text on that site. Django is licensed under the three-clause
BSD license.