def post(self, user): if user == None: keys = db.GqlQuery("SELECT __key__ FROM StoredData", user) else: keys = db.GqlQuery( "SELECT __key__ FROM StoredData where user = :1", user) for key in keys: db.run_in_transaction(dbSafeDelete, key) self.redirect('/%s/' % (user))
def show_stored_data(self, user): self.response.out.write(''' <p><table border=1> <tr> <th>Key</th> <th>Value</th> <th>Created (GMT)</th> </tr>''') # This next line is replaced by the one under it, in order to help # protect against SQL injection attacks. Does it help enough? #entries = db.GqlQuery("SELECT * FROM StoredData ORDER BY tag") entries = db.GqlQuery( "SELECT * FROM StoredData where user = :1 ORDER BY tag", user) for e in entries: entry_key_string = str(e.key()) self.response.out.write('<tr>') self.response.out.write('<td>%s</td>' % escape(e.tag)) self.response.out.write('<td>%s</td>' % escape(e.value)) self.response.out.write('<td><font size="-1">%s</font></td>\n' % e.date.ctime()) self.response.out.write(''' <td><form action="/%s/deleteentry" method="post" enctype=application/x-www-form-urlencoded> <input type="hidden" name="entry_key_string" value="%s"> <input type="hidden" name="tag" value="%s"> <input type="hidden" name="fmt" value="html"> <input type="submit" style="background-color: red" value="Delete"></form></td>\n''' % (user, entry_key_string, escape(e.tag))) self.response.out.write('</tr>') self.response.out.write('</table>')
def query(self, query, max_line): results = [] query = ndb.GqlQuery(query) for query_line in query.run(limit=max_line): results.append(query_line) return results
def store_a_value(self, tag, value, user): # There's a potential readers/writers error here :( entry = db.GqlQuery( "SELECT * FROM StoredData where tag = :1 AND user = :2", tag, user).get() if entry: entry.value = value else: entry = StoredData(tag=tag, value=value, user=user) entry.put() ## Send back a confirmation message. The TinyWebDB component ignores ## the message (other than to note that it was received), but other ## components might use this. result = ["STORED", tag, value] WritePhoneOrWeb(self, lambda: json.dump(result, self.response.out), user)
def get_value(self, tag, user): entry = db.GqlQuery( "SELECT * FROM StoredData where tag = :1 AND user = :2", tag, user).get() if entry: value = entry.value else: value = "" ## We tag the returned result with "VALUE". The TinyWebDB ## component makes no use of this, but other programs might. ## check if it is a html request and if so clean the tag and value variables if self.request.get('fmt') == "html": value = escape(value) tag = escape(tag) WritePhoneOrWeb( self, lambda: json.dump(["VALUE", tag, value], self.response.out), user)
def _query_user(username): return ndb.GqlQuery("SELECT * FROM BlogPost WHERE username=%s" % username)