Flask 错误1064 sql语法错误
我正在尝试使用WTF表单进行注册,当我试图通过flask执行注入数据时,我遇到了一个sql语法错误。但是我可以通过mysql命令行使用普通sql查询插入数据Flask 错误1064 sql语法错误,flask,mysql-python,Flask,Mysql Python,我正在尝试使用WTF表单进行注册,当我试图通过flask执行注入数据时,我遇到了一个sql语法错误。但是我可以通过mysql命令行使用普通sql查询插入数据 from wtforms import Form, BooleanField, StringField, PasswordField, validators from MySQLdb import escape_string as thwart class RegistrationForm(Form): username = St
from wtforms import Form, BooleanField, StringField, PasswordField, validators
from MySQLdb import escape_string as thwart
class RegistrationForm(Form):
username = StringField('Username', [validators.Length(min=4, max=25)])
email = StringField('Email Address', [validators.Length(min=6, max=35)])
password = PasswordField('New Password', [validators.DataRequired(), validators.EqualTo('confirm', message='Passwords must match')])
confirm = PasswordField('Repeat Password')
accept_tos = BooleanField('I accept the TOS', [validators.DataRequired()])
# for registering the user
@app.route('/register/', methods = ['GET', 'POST'])
def register_page():
try:
form = RegistrationForm(request.form)
if request.method == 'POST' and form.validate():
username = form.username.data
email = form.email.data
password = sha256_crypt.encrypt(str(form.password.data))
c, conn = connection()
x = c.execute("SELECT * FROM users WHERE username = '(%s)'" %(thwart(username),))
#x = c.fetchone()
if int(x) > 0:
flash ("that username already taken, please take another")
return render_template("register.html", form =form)
else:
c.execute("INSERT INTO users (username, password, email, tracking) VALUES (%s, %s, %s, %s)" %(thwart(username), thwart(password), thwart(email), thwart('/home/')))
c.commit()
flash("Thanks for registering")
c.close()
conn.close()
gc.collect()
session['logged_in'] = True
session['username'] = username
return redirect(url_for('dashboard'))
return render_template("register.html", form = form)
except Exception as e:
return render_template("register.html", error = e, form = form)
错误可以在下面找到
在输入密码并将其与确认匹配并提交后。我犯了一个错误。谁能帮我一下吗。您的SQLite语句看起来有误
x = c.execute("SELECT * FROM users WHERE username = '(%s)'" %(thwart(username),))
据我所知,单引号已经在处理中,但在任何情况下,您都可以使用准备好的语句:
x = c.execute("SELECT * FROM users WHERE username = ?", (thwart(username)))
c.execute("INSERT INTO users (username, password, email, tracking) VALUES (?, ?, ?, ?)" (thwart(username), thwart(password), thwart(email), thwart('/home/')))
c.
您的INSERT
语句也是如此:
x = c.execute("SELECT * FROM users WHERE username = ?", (thwart(username)))
c.execute("INSERT INTO users (username, password, email, tracking) VALUES (?, ?, ?, ?)" (thwart(username), thwart(password), thwart(email), thwart('/home/')))
c.
同样地
query2 = "INSERT INTO users (username, password, email, tracking) VALUES (%s, %s, %s, %s)"
c.execute(query2, (thwart(username), thwart(password), thwart(email), thwart('/home/'))
成功了 这起作用了。但我得到一个新的错误,称为'str'对象在实现此代码后不可调用@Tim BiegeleisenCan你能至少在发生错误的地方给我一个行号吗?
password=sha256\u crypt.encrypt(str(form.password.data))
。。。你确定你的代码没有其他问题吗?我不确定。我正在尝试检查您前面询问的错误行。我使用password=sha256_crypt.encrypt(form.password.data)运行它,但仍然收到相同的错误@蒂姆·比格莱森