Chris/devopsexam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

1. use .encode(); 2. use placeholder for SQL INSERT

Browse Source 
1. this makes the code able to run on both Python 2 and 3 (previous version only support 2);

2. Use placeholder to prepare SQL INSERT statement. This is much more proper than using .format to prepare the statement. One obvious advantage is it can handle single/double quotations marks very perfectly. The previou version will fail if there is single quotation mark in the values that I'm going to insert.
This commit is contained in:
XD-DENG
2018-04-17 22:09:38 +08:00
parent 7385cb4add
commit 793c1fa130
2 changed files with 6 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
app.py
View File

@@ -118,7 +118,7 @@ def FUN_upload_image():
if file and allowed_file(file.filename):
filename = secure_filename(file.filename)
upload_time = str(datetime.datetime.now())
image_uid = hashlib.sha1(upload_time + filename).hexdigest()
image_uid = hashlib.sha1((upload_time + filename).encode()).hexdigest()
# Save the image into UPLOAD_FOLDER
file.save(os.path.join(app.config['UPLOAD_FOLDER'], image_uid + "-" + filename))
# Record this uploading in database