def edit_password():
if request.method == 'GET':
return render_template('edit_password.html')
else:
stu_id = request.form.get('stu_id')
originalPassword = request.form.get('originalPassword')
newPassword = request.form.get('newPassword')
newPassword1 = request.form.get('newPassword1')
print(stu_id, originalPassword, newPassword, newPassword1)
# 检查密码
if (newPassword1 != newPassword):
return u'两次输入密码不同,请检查'
else:
sql = "select * from STUDENT where STU_ID = '%s'" % stu_id
#print(sql)
result = query.query(sql)
#print(result)
if len(result) == 0:
return u'不存在这个用户'
else:
if result[0][6] == originalPassword:
sql = "UPDATE STUDENT SET PASSWORD='******' WHERE STU_ID='%s'" % (
newPassword, stu_id)
query.update(sql)
return redirect(url_for('edit_password'))
else:
return u'密码错误'
def manageTeacherAdd():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageTeacherAdd.html')
else:
tea_name = request.form.get('tea_name')
sex = request.form.get('sex')
tea_id = request.form.get('tea_id')
department = request.form.get('department')
major = request.form.get('major')
password = request.form.get('password')
phone = request.form.get('phone')
email = request.form.get('email')
title = request.form.get('title')
sql = "select * from TEACHER WHERE TEA_ID='%s'" % tea_id
result = query.query(sql)
if len(result) == 0:
sql = "INSERT INTO TEACHER VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s')" % (
tea_name, sex, tea_id, department, major, password, phone,
email, title)
query.update(sql)
return redirect(url_for('manageTeacher'))
else:
return u'该教师已存在'
else:
return u'页面不存在'
def managerAdd():
stu_id = session.get('stu_id') # 获取登录网站时的stu_id
# print(stu_id)
if stu_id == 'admin': # 验证是否为admin
if request.method == 'GET': # 获取信息,跳转html
return render_template('managerAdd.html')
else:
# 获取添加的name\sex\stu_no\college\major\ad_year\password
name = request.form.get('name')
sex = request.form.get('sex')
stu_no = request.form.get('stu_no')
college = request.form.get('college')
major = request.form.get('major')
ad_year = request.form.get('ad_year')
password = request.form.get('password')
# 插入数据库student表中
sql = "INSERT INTO STUDENT VALUES ('%s','%s','%s','%s','%s','%s','%s','%s')" % (
name, sex, stu_no, college, major, ad_year, password, stu_no)
# 更新数据库
query.update(sql)
# 跳转到manager函数
return redirect(url_for('manager'))
else:
return u'页面不存在'
def edit_train():
sql = "UPDATE trainplan.train SET NAME='%s',STA_ID='%s',COURSE='%s',SCORE='%s',CHECK_TIME='%s',EVALUATE='%s' WHERE NAME='%s'" % (
request.values['NAME'], request.values['STA_ID'],
request.values['COURSE'], request.values['SCORE'],
request.values['CHECK_TIME'], request.values['EVALUATE'],
request.values['id'])
query.update(sql)
def register():
# 服务器获取数据,跳转网页
if request.method == 'GET':
return render_template('register.html')
else:
# 获取填入的stu_id,user,password和password1
stu_id = request.form.get('stu_id')
user = request.form.get('user')
password = request.form.get('password')
password1 = request.form.get('password1')
print(stu_id, user, password, password1)
# 如果两次输入的密码一样,则提示密码不能一样
if (password1 != password):
return u'两次输入密码不同,请检查'
else:
# 在student表中查找到这个学生的信息
sql = "select * from STUDENT where STU_NO = '%s'" % stu_id
# print(sql)
result = query.query(sql)
# print(result)
# 如果返回数据条长度为0
if len(result) == 0:
return u'没有这个用户了'
else:
# 如果数据条第7列原password和user相等,则更新数据库中的学号和密码
if result[0][6] == user:
sql = "UPDATE STUDENT SET PASSWORD='******' WHERE STU_NO='%s'" % (
password, stu_id)
query.update(sql)
# 跳转回login函数
return redirect(url_for('login'))
else:
return u'密码错误'
def register():
if request.method == 'GET':
return render_template('register.html')
else:
stu_id = request.form.get('stu_id')
user = request.form.get('user')
password = request.form.get('password')
password1 = request.form.get('password1')
print(stu_id, user, password, password1)
if (password1 != password):
return u'两次输入密码不同,请检查'
else:
sql = "select * from STUDENT where STU_NO = '%s'" % stu_id
#print(sql)
result = query.query(sql)
#print(result)
if len(result) == 0:
return u'没有这个用户了'
else:
if result[0][6] == user:
sql = "UPDATE student SET PASSWORD='******' WHERE STU_NO='%s'" % (
password, stu_id)
query.update(sql)
return redirect(url_for('login'))
else:
return u'密码错误'
def course_discussion():
# 获取信息跳转html
if request.method == 'GET':
return render_template('course_discussion.html')
else:
# 获取发布话题topic/comments
topic = request.form.get('topic')
comments = request.form.get('comments')
# commenter = request.form.get('commenter')
# 获取登录stu_id,并在student表中查询该学生信息
# 从session中get ID 有效防止冒名顶替
stu_id = session.get('stu_id')
# 在student表查找姓名
sql = "select NAME from STUDENT where STU_NO = '%s'" % stu_id
stu_name = query.query(sql)
# 获取学生姓名
stu_name = stu_name[0][0]
# 获取当前时间
now = time.time()
now = time.strftime('%Y-%m-%d', time.localtime(now))
now = str(now)
# 生成news_id 学生姓名+时间 简单,能在列表上清晰看到 名字重复了怎么办?
news_id = stu_name + now
# 将new信息插入到news表
sql = "INSERT INTO NEWS(TOPIC, COMMENTS, COMMENTER, CREATE_TIME, NEWS_ID,IS_FIRST)" \
"VALUES ('%s', '%s', '%s','%s','%s','%s')" % (topic, comments, stu_name, now, news_id, 0)
print(sql)
# 后端更新数据表,并返回news_center函数
query.update(sql)
return render_template('news_center.html')
def detail(question):
print(question)
#question=str(question)
if request.method == 'GET':
sql = "SELECT TOPIC, COMMENTS, COMMENTER, CREATE_TIME FROM NEWS WHERE NEWS_ID='%s' AND IS_FIRST='0'" % question
title = query.query(sql)
#print(title)
title = title[0]
sql = "SELECT * FROM NEWS WHERE IS_FIRST='%s'" % question
result = query.query(sql)
return render_template('detail.html', title=title, result=result)
else:
comments = request.form.get('comments')
stu_id = session.get('stu_id')
sql = "select NAME from STUDENT where STU_NO = '%s'" % stu_id
stu_name = query.query(sql)
stu_name = stu_name[0][0]
now = time.time()
now = time.strftime('%Y-%m-%d', time.localtime(now))
now = str(now)
news_id = stu_name + now
sql = "INSERT INTO NEWS(TOPIC, COMMENTS, COMMENTER, NEWS_ID, IS_FIRST) VALUES ('回复', '%s', '%s', '%s', '%s')" % (
comments, stu_name, news_id, question)
print(sql)
query.update(sql)
sql = "SELECT TOPIC, COMMENTS, COMMENTER, CREATE_TIME FROM NEWS WHERE NEWS_ID='%s' AND IS_FIRST='0'" % question
title = query.query(sql)
# print(title)
title = title[0]
sql = "SELECT * FROM NEWS WHERE IS_FIRST='%s'" % question
result = query.query(sql)
return render_template('detail.html', title=title, result=result)
def managerAdd():
stu_id = session.get('stu_id')
#print(stu_id)
if stu_id == 'admin':
if request.method == 'GET':
#print('1111')
return render_template('managerAdd.html')
else:
#print('222')
# 服务器通过POST方法接收数据,从表单form数据获取参数值
name = request.form.get('name')
sex = request.form.get('sex')
stu_no = request.form.get('stu_no')
college = request.form.get('college')
major = request.form.get('major')
ad_year = request.form.get('ad_year')
password = request.form.get('password')
sql = "INSERT INTO STUDENT VALUES ('%s','%s','%s','%s','%s','%s','%s','%s')" % (
name, sex, stu_no, college, major, ad_year, password, stu_no)
#print(sql)
query.update(sql)
# 将用户重定向到具有指定状态代码的另一个目标位置
return redirect(url_for('manager'))
else:
return u'页面不存在'
def manageStudentAdd():
stu_id = session.get('stu_id') # 识别操作者身份
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageStudentAdd.html')
else:
stu_id = request.form.get('stu_id')
name = request.form.get('name')
sex = request.form.get('sex')
department = request.form.get('department')
major = request.form.get('major')
ad_year = request.form.get('ad_year')
password = request.form.get('password')
phone = request.form.get('phone')
email = request.form.get('email')
political = request.form.get('political')
sql = "select * from STUDENT WHERE STU_ID='%s'" % stu_id
result = query.query(sql)
if len(result) == 0:
sql = "INSERT INTO STUDENT VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')" % (
stu_id, name, sex, department, major, ad_year, password,
phone, email, political)
query.update(sql)
return redirect(url_for('manageStudent'))
else:
return u"该学生已存在"
else:
return u'页面不存在'
def managerEdit():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('managerEdit.html')
else:
stu_no = request.form.get('stu_no')
name = request.form.get('name')
sex = request.form.get('sex')
college = request.form.get('college')
major = request.form.get('major')
ad_year = request.form.get('ad_year')
password = request.form.get('password')
sql = "select * from STUDENT WHERE STU_NO='%s'" % stu_no
result = query.query(sql)
if name == '':
name = result[0][0]
if sex == '':
sex = result[0][1]
if college == '':
college = result[0][3]
if major == '':
major = result[0][4]
if ad_year == '':
ad_year = result[0][5]
sql = "UPDATE STUDENT SET NAME='%s',SEX='%s',COLLEGE='%s',MAJOR='%s',AD_YEAR='%s',PASSWORD='******',ID='%s' WHERE STU_NO='%s'" % (
name, sex, college, major, ad_year, password, stu_no, stu_no)
#print(sql)
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def edit_course():
sql = "UPDATE trainplan.course SET NO='%s',NAME='%s',TEACHER='%s',INTRO='%s',BOOK='%s'," \
"START_TIME='%s',END_TIME='%s',CLASS_TIME='%s',MAX_STAFFS='%s'," \
"CLASS_ADDRESS='%s',STATE='%s' WHERE NO='%s'" % (
request.values['NO'], request.values['NAME'],request.values['TEACHER'], request.values['INTRO'],request.values['BOOK'],
request.values['START_TIME'],request.values['END_TIME'], request.values['CLASS_TIME'],request.values['MAX_STAFFS'],
request.values['CLASS_ADDRESS'],request.values['STATE'], request.values['id'])
query.update(sql)
def personal_information_edit():
if request.method == 'GET':
return render_template('personal_information_edit.html')
else:
stu_id = session.get('stu_id')
phone = request.form.get('phone')
email = request.form.get('email')
sql = "UPDATE student SET phone='%s', email='%s' WHERE STU_ID = '%s'" % (
phone, email, stu_id)
query.update(sql)
return redirect(url_for('personal_information'))
def addDEPT():
user = session.get('sta_id')
id = request.form.get('id')
name = request.form.get('name')
admit = request.form.get('admit')
intro = request.form.get('intro')
sql = "INSERT INTO trainplan.dept (ID,NAME,ADMIN,INTRO)VALUES ('%s','%s','%s','%s')" % (
id, name, admit, intro)
query.update(sql)
sql = "select * from trainplan.staff WHERE STA_NO='%s'" % user
result = query.query(sql)
return render_template('AdmitDept.html', result=result)
def manageStudentEdit():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageStudentEdit.html')
else:
stu_id = request.form.get('stu_id')
name = request.form.get('name')
sex = request.form.get('sex')
department = request.form.get('department')
major = request.form.get('major')
ad_year = request.form.get('ad_year')
password = request.form.get('password')
phone = request.form.get('phone')
email = request.form.get('email')
political = request.form.get('political')
sql = "select * from STUDENT WHERE STU_ID='%s'" % stu_id
result = query.query(sql)
if len(result) != 0:
if stu_id == '':
stu_id = result[0][0]
if name == '':
name = result[0][1]
if sex == '':
sex = result[0][2]
if department == '':
department = result[0][3]
if major == '':
major = result[0][4]
if ad_year == '':
ad_year = result[0][5]
if password == '':
password = result[0][6]
if phone == '':
phone = result[0][7]
if email == '':
email = result[0][8]
if political == '':
political = result[0][9]
sql = "UPDATE STUDENT SET STU_ID ='%s',NAME='%s',SEX='%s',DEPARTMENT='%s',MAJOR='%s',AD_YEAR='%s',PASSWORD='******',PHONE='%s',EMAIL='%s',POLITICAL='%s' WHERE STU_ID='%s'" % (
stu_id, name, sex, department, major, ad_year, password,
phone, email, political, stu_id)
query.update(sql)
return redirect(url_for('manageStudent'))
else:
return u'该学生不存在'
else:
return u'页面不存在'
def edit():
sta_id = session.get('sta_id')
name = request.form.get('name')
sex = request.form.get('sex')
birth = request.form.get('birth')
edu = request.form.get('edu')
address = request.form.get('address')
tel = request.form.get('tel')
intro = request.form.get('intro')
sql = "UPDATE trainplan.staff SET NAME='%s',SEX='%s',BIRTH='%s',EDU='%s' ,ADDRESS='%s',TEL='%s',introduction='%s' WHERE STA_NO='%s'" % (
name, sex, birth, edu, address, tel, intro, sta_id)
query.update(sql)
sql = "select * from trainplan.staff WHERE STA_NO='%s'" % sta_id
result = query.query(sql)
return render_template('Person.html', result=result)
def managerDelete():
stu_id = session.get('stu_id')
#print(stu_id)
if stu_id == 'admin':
if request.method == 'GET':
#print('1111')
return render_template('managerDelete.html')
else:
#print('222')
stu_no = request.form.get('stu_no')
sql = "DELETE FROM STUDENT WHERE STU_NO='%s'" % stu_no
#print(sql)
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def bookOut():
stu_id = session.get('stu_id')
#print(stu_id)
if stu_id == 'librarian':
if request.method == 'GET':
#print('1111')
return render_template('bookOut.html')
else:
#print('222')
bid = request.form.get('bid')
sql = "DELETE FROM coder.book WHERE bid='%s'" % bid
#print(sql)
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def managerDelete():
stu_id = session.get('stu_id')
#print(stu_id)
if stu_id == 'librarian':
if request.method == 'GET':
#print('1111')
return render_template('managerDelete.html')
else:
#print('222')
usr_id = request.form.get('usr_id')
sql = "DELETE FROM coder.lib_user WHERE usr_id='%s'" % usr_id
#print(sql)
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def manageTeacherEdit():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageTeacherEdit.html')
else:
tea_id = request.form.get('tea_id')
tea_name = request.form.get('tea_name')
sex = request.form.get('sex')
department = request.form.get('department')
major = request.form.get('major')
password = request.form.get('password')
phone = request.form.get('phone')
email = request.form.get('email')
title = request.form.get('title')
sql = "select * from TEACHER WHERE TEA_ID='%s'" % tea_id
result = query.query(sql)
if len(result) != 0:
if tea_name == '':
tea_name = result[0][0]
if sex == '':
sex = result[0][1]
if tea_id == '':
tea_id = result[0][2]
if department == '':
department = result[0][3]
if major == '':
major = result[0][4]
if password == '':
password = result[0][5]
if phone == '':
phone = result[0][6]
if email == '':
email = result[0][7]
if title == '':
title = result[0][8]
sql = "UPDATE TEACHER SET TEA_NAME ='%s',SEX='%s',TEA_ID='%s',DEPARTMENT='%s',MAJOR='%s',PASSWORD='******',PHONE='%s',EMAIL='%s',TITLE='%s' WHERE TEA_ID='%s'" % (
tea_name, sex, tea_id, department, major, password, phone,
email, title, tea_id)
query.update(sql)
return redirect(url_for('manageTeacher'))
else:
return u'该教师不存在'
else:
return u'页面不存在'
def managerDelete():
# 获取登录网站时的ID
stu_id = session.get('stu_id')
# 验证是否为管理员用户
if stu_id == 'admin':
# 获取信息跳转html
if request.method == 'GET':
return render_template('managerDelete.html')
else:
# 获取要删除的学生学号,用sql语句在数据库中删除
stu_no = request.form.get('stu_no')
sql = "DELETE FROM STUDENT WHERE STU_NO='%s'" % stu_no
# 更新删除后的数据库,跳转到manager函数
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def manageTeacherDelete():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageTeacherDelete.html')
else:
tea_id = request.form.get('tea_id')
sql = "select * from TEACHER WHERE TEA_ID='%s'" % tea_id
result = query.query(sql)
if len(result) != 0:
sql = "DELETE FROM TEACHER WHERE TEA_ID='%s'" % tea_id
query.update(sql)
return redirect(url_for('manageTeacher'))
else:
return u'该教师不存在'
else:
return u'页面不存在'
def manageStudentDelete():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageStudentDelete.html')
else:
stu_id = request.form.get('stu_id')
sql = "select * from STUDENT WHERE STU_ID='%s'" % stu_id
result = query.query(sql)
if len(result) != 0:
sql = "DELETE FROM STUDENT WHERE STU_ID='%s'" % stu_id
query.update(sql)
return redirect(url_for('manageStudent'))
else:
return u'该学生不存在'
else:
return u'页面不存在'
def manageLectureDelete():
stu_id = session.get('stu_id')
if stu_id == 'admin':
if request.method == 'GET':
return render_template('manageLectureDelete.html')
else:
lec_id = request.form.get('lec_id')
sql = "select * from LECTURE WHERE LEC_ID='%s'" % lec_id
result = query.query(sql)
if len(result) != 0:
sql = "DELETE FROM LECTURE WHERE LEC_ID='%s'" % lec_id
query.update(sql)
return redirect(url_for('manageLecture'))
else:
return u'该课程不存在'
else:
return u'页面不存在'
def detail(question):
print(question)
# question=str(question)
# 服务器获取信息,因为要显示到话题详情,所以在news表查找topic,comments,commenter和create_time
if request.method == 'GET':
# 根据news_id和is_first=0查表,也就是原创帖,news_id就是question
sql = "SELECT TOPIC, COMMENTS, COMMENTER, CREATE_TIME FROM NEWS WHERE NEWS_ID='%s' AND IS_FIRST='0'" % question
title = query.query(sql)
# print(title)
# 标题为查到的这行数据条
title = title[0]
# 获取针对这个帖子的回复信息 is_first=question,关联具体的问题,question id在数据库自增
sql = "SELECT * FROM NEWS WHERE IS_FIRST='%s'" % question
result = query.query(sql)
return render_template('detail.html', title=title, result=result)
else:
# 回复他人评论,获取评论和登录stu_id
comments = request.form.get('comments')
stu_id = session.get('stu_id')
# 在student表查询该学生信息
sql = "select NAME from STUDENT where STU_NO = '%s'" % stu_id
# 根据查询数据条获取姓名
stu_name = query.query(sql)
stu_name = stu_name[0][0]
# 获取当前时间
now = time.time()
now = time.strftime('%Y-%m-%d', time.localtime(now))
now = str(now)
# 合成这条new_id
news_id = stu_name + now
# 插入到news表,因为是针对这个帖子的回复,所以is_first = question,topic="回复"
sql = "INSERT INTO NEWS(TOPIC, COMMENTS, COMMENTER, NEWS_ID, IS_FIRST) VALUES ('回复', '%s', '%s', '%s', '%s')" % (
comments, stu_name, news_id, question)
print(sql)
query.update(sql)
# 更新后再次显示原贴和这个帖子的回复的信息
sql = "SELECT TOPIC, COMMENTS, COMMENTER, CREATE_TIME FROM NEWS WHERE NEWS_ID='%s' AND IS_FIRST='0'" % question
title = query.query(sql)
# 标题要显示查到的这一行
title = title[0]
sql = "SELECT * FROM NEWS WHERE IS_FIRST='%s'" % question
result = query.query(sql)
return render_template('detail.html', title=title, result=result)
def PWDedit():
sta_id = session.get('sta_id')
oldpwd = request.form.get('oldpwd')
sql = "select * from trainplan.staff where STA_NO = '%s'" % sta_id
result = query.query(sql)
if len(result) != 0:
# print(result[0][10], password)#查询数据库中密码是否与输入的相同,result[][密码在数据库中的列数-1]
if result[0][10] == oldpwd: # 判断密码是否相同
newpwd = request.form.get('newpwd')
confirmpwd = request.form.get('confirmpwd')
if (newpwd != confirmpwd):
return u'两次输入的密码不一致'
else:
sql = "UPDATE trainplan.staff SET PASSWORD='******' WHERE STA_NO='%s'" % (
confirmpwd, sta_id)
query.update(sql)
return render_template('edit_pwd.html', result=result)
else:
return u'密码错误'
def addCourse():
user = session.get('sta_id')
id = request.form.get('id')
name = request.form.get('name')
teacher = request.form.get('teacher')
intro = request.form.get('intro')
book = request.form.get('book')
start = request.form.get('start')
end = request.form.get('end')
time = request.form.get('time')
max = request.form.get('max')
address = request.form.get('address')
status = request.form.get('status')
sql = "INSERT INTO trainplan.course (NO,NAME,TEACHER,INTRO,BOOK,START_TIME,END_TIME,CLASS_TIME,MAX_STAFFS,CLASS_ADDRESS,STATE)" \
"VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')" % (id,name,teacher,intro,book,start,end,time,max,address,status)
query.update(sql)
sql = "select * from trainplan.staff WHERE STA_NO='%s'" % user
result = query.query(sql)
return render_template('AdmitCourse.html', result=result)
def bookBorrow():
stu_id = session.get('stu_id')
#print(stu_id)
if stu_id == 'librarian':
if request.method == 'GET':
#print('1111')
return render_template('bookBorrow.html')
else:
#print('222')
usr_id = request.form.get('usr_id')
bid = request.form.get('bid')
return_date = request.form.get('return_date')
sql = "INSERT INTO coder.borrowed VALUES ('%s','%s','%s')" % (
usr_id, bid, return_date)
#print(sql)
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def managerAdd():
stu_id = session.get('stu_id')
#print(stu_id)
if stu_id == 'librarian':
if request.method == 'GET':
#print('1111')
return render_template('managerAdd.html')
else:
#print('222')
usr_id = request.form.get('usr_id')
usr_password = request.form.get('usr_password')
usr_type = request.form.get('usr_type')
sql = "INSERT INTO coder.lib_user VALUES ('%s','%s','%s')" % (
usr_id, usr_password, usr_type)
#print(sql)
query.update(sql)
return redirect(url_for('manager'))
else:
return u'页面不存在'
def addStaff():
user = session.get('sta_id')
name = request.form.get('name')
sex = request.form.get('sex')
sta_no = request.form.get('id')
birth = request.form.get('birth')
dept = request.form.get('dept')
job = request.form.get('job')
edu = request.form.get('edu')
address = request.form.get('address')
tel = request.form.get('tel')
introduction = request.form.get('intro')
pwd = request.form.get('pwd')
sql = "INSERT INTO trainplan.staff (NAME,SEX,STA_NO,BIRTH,JOB,EDU,ADDRESS,TEL,introduction,PASSWORD)" \
"VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s','%s')" % (
name, sex, sta_no, birth, dept, job, edu, address, tel, introduction, pwd)
query.update(sql)
sql = "select * from trainplan.staff WHERE STA_NO='%s'" % user
result = query.query(sql)
return render_template('StaffInfo.html', result=result)