如何使用Django和Python使代码不同类型

Question

我需要一些帮助。我需要为使用Django和Python的某些条件编写相同的代码。我正在解释我的代码和下面的场景。

if request.method == 'POST':
        location_name = request.POST.get('lname')
        rname = request.POST.get('rname')
        seat = request.POST.get('seat')
        projector = request.POST.get('projector')
        video = request.POST.get('video')
        num=str(random.randint(100000000000,999999999999))
        doc = m.parse("roomlist.xml")
        root=doc.getElementsByTagName("roomlist")
        valeurs = doc.getElementsByTagName("roomlist")[0]
        element = doc.createElement("location")
        element.setAttribute("name"  , location_name)
        el1 = element.appendChild(doc.createElement("room"))
        el1.setAttribute("id", num)
        el2=el1.appendChild(doc.createElement("roomname"))
        el2.appendChild(doc.createTextNode(rname))
        el3=el1.appendChild(doc.createElement("noseats"))
        el3.appendChild(doc.createTextNode(seat))
        el4=el1.appendChild(doc.createElement("projectorscreen"))
        el4.appendChild(doc.createTextNode(projector))
        el5=el1.appendChild(doc.createElement("videoconf"))
        el5.appendChild(doc.createTextNode(video))
        valeurs.appendChild(element)
        doc.writexml(open("roomlist.xml","w"))
    return render(request, 'booking/bmr.html', {})

这是我的表格数据，存储为xml格式。但是我需要按照以下条件来处理数据。

1-Vulnerable code: Application uses SQL Query to search for the room(use sql query to search xml data). The user input (room name) is direct without any validation resulting in injection attack.
2-Incorrect solution #1: Escape special SQL characters by hand adding a `\` before any special characters
3-Incorrect solution #2: URL encode paste contents in the request before passing it to the model layer
4-Incorrect solution #3: Remove special SQL characters
5-Correct solution: Use prepared statement and pass arguments to it properly

我的xml文件如下所示。

<?xml version="1.0" ?><roomlist>
  <location name="Bangalore">
    <room id="1uy92j908u092">
      <roomname> Aquarius </roomname>
      <noseats> 10 </noseats>
      <projectorscreen>yes</projectorscreen>
      <videoconf>yes</videoconf>
    </room>
  </location>
<location name="Bhubaneswar"><room id="131198912460"><roomname>cottage</roomname><noseats>5</noseats><projectorscreen>Yes</projectorscreen><videoconf>Yes</videoconf></room></location><location name="puri"><room id="509955554930"><roomname>room1</roomname><noseats>10</noseats><projectorscreen>No</projectorscreen><videoconf>Yes</videoconf></room></location></roomlist>

在这里，我需要按照上述条件修改代码。请帮助我。