SQL query with variables in python -

-

I am creating a program that is a user interface for quizes fixed by teachers in a primary school. I'm trying to use the data typed by the user on the previous page. It is searching for people in the database that match the related user name and quiz number. This is because the teacher can see how well the students are doing on some poems.

This is my code. 

  dbDatabase = sqlite3.connect ('c: \\ xampp \\ cgi-bin \\ Makingableable.db') cuDatabase = dbDatabase cursor () Fieldstorage = cgi.FieldStorage () # Quizno = Fieldstorage.getvalue ("quizno") typed on the webpage executable for UserID = Fieldstorage.getvalue ("username") # print (Quizno) # print (UserID) in cuDatabase (line) in CuDatabase (from "result" As a result, WHERE QuizID = '"+ + str (Quizno) +" "" and UserID =' "+ UserID +" ''): Print (line) DbDatabase.commit () cuDatabase.close ()  < / Pre> 
 I'm getting the error message when I run my webpage:  
  result from 40 Type 41 WHERE quizid = '"" + + (quisionone) + "" = "> = 42> and UserID =' '" + User ID + "43 43 for the line (in line): and undefined, user id =' hpa 1 'Operational Error: Near Hupa 1 ": Syntax Error Args = (' 'near Hupa 1' ':   
 In addition to  or  code> and  instead of  AND . Code> so that the user has not asked this question whether it will show any quiz to the user or if a lot of people do a quiz, the teacher will see everyone, for example, Quiz 1?   
 
 
 You should use the SQL parameters:  
  cuDatabase.execute ("" Resulting in WHERE QuizID =? And UserID =? "", (Quizno, UserID))   
 ?  Placeholders will be replaced by your values, automatically cited to prevent SQL injection attacks (and operational errors). Quoted from  
:  
 
 Usually your SQL operations will need to use values ​​from Python variables. You should gather your query by string operation of Python, Because doing this is unsafe; This makes your program weak for attack of a SQL injection (see a humorous example of what might be wrong).  
 Instead, use the parameter replacement of the DB-API ? Enter  as a placeholder, wherever you want to use a value, and then provide a tupe of values ​​as the second argument of the cursor  execute ()  method. (Other database modules can use a different placeholder, such as % s  or : 1 .)   
 to ask a Use different queries for other queries, if no query results from this database; If you otherwise use  or  instead of  and , then you will get both quiz results which  other  users have done,  and   This  user has completed anything.

Comments

Post a Comment

Popular posts from this blog

Pass DB Connection parameters to a Kettle a.k.a PDI table Input step dynamically from Excel -

-
Image
I have a requirement whenever I run my own kettle, dynamically took database connection parameters from an excel source Every run should go. I have an Excel column names: hostname, username, database, password. I want to pass these connection parameters to my table input stage dynamically whenever it runs the job. This is what I was trying to do. You can get it Connection parameters from the DB reading source (for example Excel or a CSV file in my example) < / Li> Store the parameters in the variable Using the variable in your connection's settings. Setting Variables Create another conversion for (you can not do it in the same conversion Uses): set variables element variable: The element that reads / writes your data creates a new connection and sets the connection parameter using $ {variable name_} Note that you will need to type in the field field in the field $ {password} Also keep in mind that this can be a security problem as the
Read more

multithreading - PhantomJS-Node in a for Loop -

-
I am trying to implement a screen-scraps application that opens a URL in which a parameter changes as it is for a loop: var data = [ '100', '101', '102', '103', '104']; (Var indexA = 0; indexA & lt; data.length; indexA ++) for {Phantom Generation ({'port': freeport}, function (pH) {ph.create page (function (page) {page.open ("http: //...++ data [index B] +" ... " , Status {console.log ("open site:" + data [index B], position); / * OLD * / indexB ++; page evaluation (function () {// page scrape and an object Return}, function {console.log (result.dataRequest); // here is the problem}); / * new and fixed * / indexB ++} first console Logs it: Open Site: 100 Success Opens Site: 101 Success B Ola Site: 102 Success Opening Site: 103 Success Opened Site: 104 Success Which is good. Data is verified in scrap HTML and from index to array Matches. So in page 101 I scrap '101 and retrieve' and pu
Read more

c++ - MATLAB .m file to .mex file using Matlab Compiler -

-
I know that it can speak as a very famous topic, but something that helps me with it Not found This scenario is: I have my functions function, no matter what's inside, it's a generic function that may depend on other toolboxes. Does. Has input and output; I want to generate the same myFun.mex function; : Lib myFun This way I get some new files: libmyfun.c libmyfun.dll Libmyfun.exp libmyfun.exports libmyfun .h libmyfun.lib Reading around and I think that Creating a myfun.cpp that is very famous is included: / * gateway function * / zero max function (ent NLHS, MXARRA * PLS [], int NRHS, CONST M Xeray * PHS []) Here is the Variable Deals * / / * code here * /} I have tried to do this and are called Regular of Max Generation: Max ('- v', 'myfun.cpp') But I get many errors, and I should say that my myfun.cpp copy / Paste Function is where I have a lot of doubts ... especially on input / output management. My q
Read more