1. use .encode(); 2. use placeholder for SQL INSERT
1. this makes the code able to run on both Python 2 and 3 (previous version only support 2); 2. Use placeholder to prepare SQL INSERT statement. This is much more proper than using .format to prepare the statement. One obvious advantage is it can handle single/double quotations marks very perfectly. The previou version will fail if there is single quotation mark in the values that I'm going to insert.
This commit is contained in:
XD-DENG
2
app.py
2
app.py
@@ -118,7 +118,7 @@ def FUN_upload_image():
|
|||||||
if file and allowed_file(file.filename):
|
if file and allowed_file(file.filename):
|
||||||
filename = secure_filename(file.filename)
|
filename = secure_filename(file.filename)
|
||||||
upload_time = str(datetime.datetime.now())
|
upload_time = str(datetime.datetime.now())
|
||||||
image_uid = hashlib.sha1(upload_time + filename).hexdigest()
|
image_uid = hashlib.sha1((upload_time + filename).encode()).hexdigest()
|
||||||
# Save the image into UPLOAD_FOLDER
|
# Save the image into UPLOAD_FOLDER
|
||||||
file.save(os.path.join(app.config['UPLOAD_FOLDER'], image_uid + "-" + filename))
|
file.save(os.path.join(app.config['UPLOAD_FOLDER'], image_uid + "-" + filename))
|
||||||
# Record this uploading in database
|
# Record this uploading in database
|
||||||
|
|||||||
13
database.py
13
database.py
@@ -22,7 +22,7 @@ def verify(id, pw):
|
|||||||
_c = _conn.cursor()
|
_c = _conn.cursor()
|
||||||
|
|
||||||
_c.execute("select pw from users where id = '" + id + "';")
|
_c.execute("select pw from users where id = '" + id + "';")
|
||||||
result = _c.fetchone()[0] == hashlib.sha256(pw).hexdigest()
|
result = _c.fetchone()[0] == hashlib.sha256(pw.encode()).hexdigest()
|
||||||
|
|
||||||
_conn.close()
|
_conn.close()
|
||||||
|
|
||||||
@@ -55,8 +55,7 @@ def add_user(id, pw):
|
|||||||
_conn = sqlite3.connect(user_db_file_location)
|
_conn = sqlite3.connect(user_db_file_location)
|
||||||
_c = _conn.cursor()
|
_c = _conn.cursor()
|
||||||
|
|
||||||
command = "insert into users values('" + id.upper() + "', '" + hashlib.sha256(pw).hexdigest() + "');"
|
_c.execute("insert into users values(?, ?)", (id.upper(), hashlib.sha256(pw.encode()).hexdigest()))
|
||||||
_c.execute(command)
|
|
||||||
|
|
||||||
_conn.commit()
|
_conn.commit()
|
||||||
_conn.close()
|
_conn.close()
|
||||||
@@ -93,8 +92,7 @@ def write_note_into_db(id, note_to_write):
|
|||||||
_c = _conn.cursor()
|
_c = _conn.cursor()
|
||||||
|
|
||||||
current_timestamp = str(datetime.datetime.now())
|
current_timestamp = str(datetime.datetime.now())
|
||||||
command = u"insert into notes values('{0}', '{1}', '{2}', '{3}');".format(id.upper(), current_timestamp, note_to_write, hashlib.sha1(id.upper() + current_timestamp).hexdigest())
|
_c.execute("insert into notes values(?, ?, ?, ?)", (id.upper(), current_timestamp, note_to_write, hashlib.sha1((id.upper() + current_timestamp).encode()).hexdigest()))
|
||||||
_c.execute(command)
|
|
||||||
|
|
||||||
_conn.commit()
|
_conn.commit()
|
||||||
_conn.close()
|
_conn.close()
|
||||||
@@ -113,8 +111,7 @@ def image_upload_record(uid, owner, image_name, timestamp):
|
|||||||
_conn = sqlite3.connect(image_db_file_location)
|
_conn = sqlite3.connect(image_db_file_location)
|
||||||
_c = _conn.cursor()
|
_c = _conn.cursor()
|
||||||
|
|
||||||
command = "insert into images values ('{0}', '{1}', '{2}', '{3}');".format(uid, owner, image_name, timestamp)
|
_c.execute("insert into images values (?, ?, ?, ?)", (uid, owner, image_name, timestamp))
|
||||||
_c.execute(command)
|
|
||||||
|
|
||||||
_conn.commit()
|
_conn.commit()
|
||||||
_conn.close()
|
_conn.close()
|
||||||
@@ -163,4 +160,4 @@ def delete_image_from_db(image_uid):
|
|||||||
|
|
||||||
|
|
||||||
if __name__ == "__main__":
|
if __name__ == "__main__":
|
||||||
print list_users()
|
print(list_users())
|
||||||
Reference in New Issue
Block a user