在我的程序中,我有一个sqlite数据库,其中数据通过tkinter gui中的条目小部件附加到。我喜欢它,所以数据在验证后才会附加到数据库,因为目前没有验证。
例如,在我的下面的函数中,它将customerID,forename,surname,address和phone number附加到我数据库中的customer表中。我想这样,所以customerID条目只接受整数,forename,surname和address为NOT NULL,phoneNumberEntry只接受整数。
我见过人们使用validate命令但我不认为我能够实现它,因为我已经使用命令将数据附加到数据库。
def appendToCustomerTableEntry(event):
top = Toplevel()
top.title("Add to customer table")
Label(top, text = "customerID: ").grid(sticky = E)
customerIDEntry = Entry(top)
customerIDEntry.grid(row = 0, column = 1)
Label(top, text = "Forename: ").grid(row = 1, sticky = E)
customerForenameEntry = Entry(top)
customerForenameEntry.grid(row = 1, column = 1)
Label(top, text = "Surname: ").grid(row = 2, sticky = E)
customerSurnameEntry = Entry(top)
customerSurnameEntry.grid(row = 2, column = 1)
Label(top, text = "Address: ").grid(row = 3, sticky = E)
customerAddressEntry = Entry(top)
customerAddressEntry.grid(row = 3, column = 1)
Label(top, text = "Phone Number: ").grid(row = 4, sticky = E)
customerPhoneNumberEntry = Entry(top)
customerPhoneNumberEntry.grid(row = 4, column = 1)
exitButton = Button(top, text = "Exit", command = top.destroy)
exitButton.grid(row = 5, column = 2, sticky = W)
appendButton = Button(top, text = "Append", command = lambda:appendToCustomerTable
(customerIDEntry.get(), customerForenameEntry.get(), customerSurnameEntry.get(),
customerAddressEntry.get(), customerPhoneNumberEntry.get()))
appendButton.grid(row = 5, column = 1, sticky = E)
def appendToCustomerTable(customerID, Forename, Surname, Address, TelephoneNumber):
c.execute("INSERT INTO customerTable VALUES (?, ?, ?, ?, ?);", (customerID, Forename, Surname, Address, TelephoneNumber ))
conn.commit()
答案 0 :(得分:0)
这是一个sql卫生问题,还是python编程问题?
如果sql卫生,你需要弄清楚要拒绝的sql字符串或字符,也可能有库这样做。 https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
以编程方式运行if语句,改变操作顺序并使用字符串替换。 http://bobby-tables.com/python.html
在您的代码中,您需要注意的是有人试图通过您的字段发布代码。仔细看看最后一个链接。
答案 1 :(得分:-1)
第一次尝试" dont repeat your self"
# you can declare here the input type of your argument default and the type of them
def build(ui_title = [], int_arg = 0):
# on top you can also assert the input
# continue only if ui_title is True else give a AssertionError
assert (ui_title), "list is empty!!!"
# lets check int_arg for int
assert (int_arg==int), "{0} except int get {1}".format(int_arg ,type(int_arg))
for row,text in enumerate(ui_title):
Label(top, text = str(text)).grid(sticky = E)
customerIDEntry = Entry(top)
customerIDEntry.grid(row = int(row), column = 1)
if text=="Exit":
exitButton = Button(top, text = str(text), command = top.destroy)
exitButton.grid(row = int(row), column = 2, sticky = W)
ui_title = ["customerID", "Forename: ", "Surname: ", "Address: ", "Phone Number: ", "Exit"]
build(ui_title) # will work
build(ui_title, int_arg = "Hallo") # will not work, because int_arg get string and the build method will raise a AssertionError