SELECT语句没有使用Python Flask获取数据

时间:2017-05-09 03:38:16

标签: python sql flask mysql-python

尝试在客户登录时收集信息。该信息先前已输入数据库。除了电子邮件值之外,我得到了所有" 1"因为用户必须手动输入电子邮件,所以它必须绊倒从我的表中检索数据。我想我的Python代码中缺少一些东西......有什么想法吗?

from content_management import Content

#form validations
from wtforms import Form, BooleanField, TextField, PasswordField, validators
#to encrypt the password
from passlib.hash import sha256_crypt
#for SQL injection
from MySQLdb import escape_string as thwart
import gc
from functools import wraps
from dbconnect import connection

TOPIC_DICT = Content()

app = Flask(__name__)

@app.route('/login/', methods=['GET','POST'])
def login_page():
    error = ''
    try:
        c, conn = connection()
        if request.method == "POST":
            data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            data = c.fetchone()[3]

            if sha256_crypt.verify(request.form['password'], data):
                email = request.form['email']
                #grab all the clients info
                clientcid = c.execute("SELECT cid FROM clients WHERE email = (%s)", (thwart(email),))
                phone = c.execute("SELECT phone FROM clients WHERE email = (%s)", (thwart(email),))
                rating = c.execute("SELECT rating FROM clients WHERE email = (%s)", (thwart(email),))
                first_name = c.execute("SELECT first_name FROM cpersonals WHERE cid = (%s)", (clientcid,))
                last_name = c.execute("SELECT last_name FROM cpersonals WHERE cid = (%s)", (clientcid,))
                address = c.execute("SELECT address FROM cpersonals WHERE cid = (%s)", (clientcid,))
                czip = c.execute("SELECT zip FROM cpersonals WHERE cid = (%s)", (clientcid,))
                reg_date = c.execute("SELECT reg_date FROM cpersonals WHERE cid = (%s)", (clientcid,))
                conn.commit()
                c.close()
                conn.close()
                gc.collect()


                session['logged_in'] = 'client'
                session['clientcid'] = clientcid
                session['email'] = email
                session['phone'] = phone
                session['rating'] = rating
                session['first_name'] = first_name
                session['last_name'] = last_name
                session['address'] = address
                session['czip'] = czip
                session['reg_date'] = reg_date
                flash("You are now logged in.")
                return redirect(url_for("dashboard"))

            else:
                error = "Invalid credentials, try again."

        gc.collect()
        return render_template("login.html", error = error)

    except Exception as e:
        #flash(e)
        error = "Invalid credentials, try again."
        return render_template("login.html", error = error)

编辑:尝试以下操作,但现在无法登录... 

if request.method == "POST":
            data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            data = c.fetchone()[3]

            if sha256_crypt.verify(request.form['password'], data):
                clientcid = c.fetchone()[0]
                phone = c.fetchone()[1]
                rating = c.fetchone()[4]
                conn.commit()
                c.execute("SELECT * FROM cpersonals WHERE cid = (%s)", (clientcid,))
                first_name = c.fetchone()[1]
                last_name = c.fetchone()[2]
                address = c.fetchone()[3]
                czip = c.fetchone()[4]
                reg_date = c.fetchone()[5]
                conn.commit()
                c.close()
                conn.close()

EDIT2:与上一次编辑相同,即使电子邮件和密码正确,此代码也无法确认登录凭据。一旦我恢复到我发布的第一个代码块,它将确认登录(使用相同的凭据),但是除了电子邮件之外,每个变量中仍然会有#1。

@app.route('/login/', methods=['GET','POST'])
def login_page():
    error = ''
    try:
        c, conn = connection()
        if request.method == "POST":
            data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            data = c.fetchone()[3]
            password = request.form['password']

            if password == data:
                email = request.form['email']
                #grab all the clients info
                c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(email),))
                clients_table = c.fetchall()
                clientcid = clients_table[0]
                phone = clients_table[1]
                rating = clients_table[4]
                conn.commit()

                c.execute("SELECT * FROM cpersonals WHERE cid = (%s)", (clientcid,))
                cpersonals_table = c.fetchall()
                first_name = cpersonals_table[1]
                last_name = cpersonals_table[2]
                address = cpersonals_table[3]
                czip = cpersonals_table[4]
                reg_date = cpersonals_table[5] 
                conn.commit()

                c.close()
                conn.close()

                session['logged_in'] = 'client'
                session['clientcid'] = clientcid
                session['email'] = email
                session['phone'] = phone
                session['rating'] = rating
                session['first_name'] = first_name
                session['last_name'] = last_name
                session['address'] = address
                session['czip'] = czip
                session['reg_date'] = reg_date
                flash("You are now logged in.")
                return redirect(url_for("ask"))

            else:
                error = "Invalid credentials, try again."

        return render_template("login.html", error = error)

    except Exception as e:
        #flash(e)
        error = "Invalid credentials, try again."
        return render_template("login.html", error = error)

0 个答案:

没有答案
相关问题
最新问题