Chr*_*ris 2 python postgresql flask flask-sqlalchemy
我正在尝试在烧瓶中使用数据库
from sqlalchemy import create_engine
from sqlalchemy.orm import scoped_session, sessionmaker
在其中我创建了一个基本的登录页面和一个注册页面,当我尝试使用 html 代码时:
<form action="/login" method="post">
<input autocomplete="off" autofocus name="username" placeholder="Username" type="text">
<input class="form-control" name="password" placeholder="Password" type="password">
<button class="btn btn-primary" type="submit">Log In</button>
<li style="list-style-type:none;"><a href="/register">Register</a></li>
</form>
在这个Python Flask代码上:
# This is the log in page
@app.route("/login", methods=["GET", "POST"])
def login():
"""Log user in"""
# Forget any user_id
session.clear()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return "must provide username", 403
# Ensure password was submitted
elif not request.form.get("password"):
return "must provide password", 403
# Query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# Ensure username exists and password is correct
if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
return "invalid username and/or password", 403
# Remember which user has logged in
session["user_id"] = rows[0]["id"]
# Redirect user to home page
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
我收到此错误:
TypeError: get_bind() got an unexpected keyword argument 'username'
我连接了数据库,并设置了所有其他变量,包括flask_debug。我不确定出了什么问题或如何测试它。谁能帮我弄清楚为什么我会收到此错误?
postgresql 查询的语法有错误。更具体地说,是在数据清理中避免 SQL 注入。
正确的语法是
db.execute("SELECT * FROM users WHERE username = :username", {"username": request.form.get("username")})
这段代码还存在更多错误。例如
if len(rows) != 1:
您无法提取查询的长度。但是,可以使用该函数检查查询的行数,.rowcount()如果 0 表示搜索返回空。
| 归档时间: |
|
| 查看次数: |
9456 次 |
| 最近记录: |