def add_task(db, uid, url, ttl = 10, inc = 10, pos = "", neg = "", frr = ""):
cursor = db.cursor()
sql = r'''
select * from task where uid="%s";
''' % uid
#sql = MySQLdb.escape_string(sql)
pos = MySQLdb.escape_string(pos)
neg = MySQLdb.escape_string(neg)
frr = MySQLdb.escape_string(frr)
ret = cursor.execute(sql)
cursor.fetchall()
if ret > 0:
sql = r'''
update task set ttl="%d", url="%s", inc="%d", pos="%s", neg="%s", frr="%s" where uid="%s";
''' % (ttl, url, inc, pos, neg, frr, uid)
else:
sql = r'''
insert task (uid, ttl, url, inc, pos, neg, frr) values ("%s", %d, "%s", %d, "%s", "%s", "%s");
''' % (uid, ttl, url, inc, pos, neg, frr)
cursor.execute(sql)
db.commit()
db.close()
def get_saler_target_list_by_condition(self,page_num,per_page,create_user,beg_date,end_date):
where=''
"""SQL防注入"""
create_user=MySQLdb.escape_string(create_user)
beg_date=MySQLdb.escape_string(beg_date)
end_date=MySQLdb.escape_string(end_date)
if create_user!=0:
where+='create_user=%s and '%create_user
if beg_date!='0' and end_date!='0':
where+='create_date between %s and %s and '%(beg_date,end_date)
elif end_date=='0':
where+='create_date>=%s and '%beg_date
elif beg_date=='0':
where+='create_date<=%s and '%end_date
where+='1=1'
result=pager.result_paged('product',where=where,
order="product_create_date DESC",page_num=page_num,per_page=per_page)
"""替换结果集中的人员id"""
for item in result:
id=item.create_user
item.create_user=users.get_users_by_id(id)[0]['real_name']
return result
def insertSimToDB(pulseseq, params, dec):
""" create an entry for a Simulation """
if not mysql:
return
entry_ps = repr(pulseseq.seq)
entry_params = MySQLdb.escape_string(repr(params.__dict__))
entry_hspace = MySQLdb.escape_string(repr(params.hspace.__dict__))
entry_dec = MySQLdb.escape_string(repr(dec.__dict__))
dbx = MySQLdb.connect(user="******", passwd="tiqc_cluster1", db="tiqcspice", host="marvin")
db = dbx.cursor()
sql = "insert into Simulation (name, pulseseq, params, hspace, decoherence) values ('%s', '%s','%s','%s','%s')" % (
dec.doSQLname,
entry_ps,
entry_params,
entry_hspace,
entry_dec,
)
try:
db.execute(sql)
except Exception, e:
print "ERROR in sql insertSimToDB:", e
def save_character(json_data):
json_dict = simplejson.loads(json_data)
username = MySQLdb.escape_string(json_dict['username'])
world_id = MySQLdb.escape_string(json_dict['world_id'])
# TODO save the character
return simplejson.dumps({"success": "true"})
def another_page():
print('anotherpage')
scoop = {'postername': MySQLdb.escape_string(request.form['postername']),
'activity': MySQLdb.escape_string(request.form['activity']),
'rank': request.form['rank']
}
if request.method == 'POST':
db = utils.db_connect()
cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor)
query = "INSERT INTO club_name (postername) VALUES ('" + MySQLdb.escape_string(request.form['postername']) + "')"
# Print query to console (useful for debugging)
print query
cur.execute(query)
id=cur.lastrowid
#db.commit()
query2 = "INSERT INTO activity (club_id, activity, rank) VALUES (" + str(id) + ", '" + MySQLdb.escape_string(request.form['activity']) + "', '" + request.form['rank'] + "')"
# Print query to console (useful for debugging)
print query2
cur.execute(query2)
db.commit()
cur.execute('SELECT DISTINCT cn.postername, a.activity, a.rank FROM club_name cn NATURAL JOIN activity a')
rows = cur.fetchall()
return render_template('another_page.html', club_name=rows, activity = rows, scoop = scoop)
def store_comment(user_name, message, md5):
# To initial connection
conn = init_connection()
# To get current cursor
cur = conn.cursor()
user_name = MySQLdb.escape_string(user_name)
# This set of codes is to get the current user indexID
# To execute the generated sql text
cur.execute("""select indexID from users where uName = %s""", user_name)
# To get one set of data from the return results
uID = cur.fetchone()
# To convert format from tuple to string
uID = str(uID)
# To split out the user ID from the return results
uID = uID[1 : +uID.find("L", 1, -1)]
# This set of codes is to get the supported website indexID
# To execute the generated sql text
cur.execute("""select indexID from url where md5 = %s""", md5)
# To get one set of data from the return results
urlID = cur.fetchone()
# To convert format from tuple to string
urlID = str(urlID)
# To split out the supported website indexID from the return results
urlID = urlID[1 : +urlID.find("L", 1, -1)]
# To execute the generated sql text
sql = """insert into comments values(null,%s,%s,now(),%s)"""
message = MySQLdb.escape_string(message)
args = int(urlID), message, int(uID)
# To execute the sql
cur.execute(sql, args)
# To commit the actions, if not, it will not execbte anything
conn.commit()
# To close the current cursor
cur.close()
# To kill the connection
conn.close()
# To return something
return "store sucessfully!"
def from_operational(self, identifier):
""" Read a project from operational database
"""
query = """
SELECT p.environment_name AS identifier,
p.project_name,
u.username AS author,
p.created,
p.updated,
p.published,
p.project_id
FROM projects AS p
INNER JOIN user AS u ON u.user_id = p.author
WHERE p.environment_name = '%s'""" % identifier
row = []
with admin_query() as cursor:
try:
cursor.execute(query)
row = cursor.fetchone()
except:
conf.log.exception("Getting project from operational db failed. %s" % identifier)
if not row:
return None
project = {'identifier': row[0],
'project_name': MySQLdb.escape_string(row[1]),
'author': MySQLdb.escape_string(row[2]),
'created': row[3],
'updated': row[4],
'published': row[5],
'project_key': row[6]}
return project
def from_analytical(self, identifier):
""" Return project from analytical database
"""
query = """
SELECT identifier, project_name, author, created,
updated, published, project_key
FROM project_dim
WHERE identifier = '%s' AND VALID_TO IS NULL""" % identifier
row = []
with analytical_query() as cursor:
try:
cursor.execute(query)
row = cursor.fetchone()
except:
conf.log.exception("Getting project from analytical db failed. project identifier : %s" %
identifier)
if not row:
return None
project = {'identifier': MySQLdb.escape_string(row[0]),
'project_name': MySQLdb.escape_string(row[1]),
'author': MySQLdb.escape_string(row[2]),
'created': row[3],
'updated': row[4],
'published': row[5],
'project_key': row[6]}
return project
def LogTrace(iso, host, mti, result):
d = datetime.now()
hex_dump = dumphex(iso.getNetworkISO())
iso_dump = iso.dumpFields()
if result != '':
trasaction_result = ASResponseCodes.GetISOResponseText(result)
else:
trasaction_result = ''
transaction_type = Tran_Type.GetMessagesescription(mti)
sql = """ INSERT INTO switch_office.host_trace_log(
created,
host_data,
iso,
binary_data,
trasaction_result,
transaction_type
)
VALUES ("%s", "%s", "%s", "%s", "%s", "%s")
""" % (d, host, MySQLdb.escape_string(iso_dump), MySQLdb.escape_string(hex_dump), trasaction_result, transaction_type)
return sql
def register():
page = 'Register'
global currentUser
global loggedIn
db = complimentutil.db_connect()
cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor)
# if user typed in a post ...
if request.method == 'POST':
print "HI"
username = MySQLdb.escape_string(request.form['username'])
currentUser = username
pw = MySQLdb.escape_string(request.form['pw'])
query = "INSERT INTO users (username) VALUES ('%s')" % username
print query
cur.execute(query)
qy = "INSERT INTO user_passwords (password) VALUES (SHA2('%s', 0))" % pw
print qy
cur.execute(qy)
session['username'] = currentUser
q = "SELECT * from users WHERE username = '******'" % session['username']
print q
cur.execute(q)
loggedIn=True
return redirect(url_for('mainIndex'))
return render_template('register.html', page=page, loggedIn=loggedIn)
def fpost():
post = MySQLdb.escape_string(smart_str(request.form['post_text']))
user = MySQLdb.escape_string(smart_str(request.form['user']))
lv = MySQLdb.escape_string(smart_str(request.form['lvalue']))
la = MySQLdb.escape_string(smart_str(request.form['ladr']))
pic = request.files['file']
if pic:
ur = secure_filename(pic.filename)
if '.' not in ur:
ur = "." + ur
if len(get_post_all(user)) > 0:
ur = str(get_post_all(user)[-1][0] + 1) + ur
else:
ur = "1" + ur
pic.save(os.path.join(app.config['UPLOAD_FOLDER'], ur))
ur = "pics/" + ur
else:
ur = "__empty__"
if posting(user, MySQLdb.escape_string(post), ur):
if la:
if la[:7] != "http://":
la = "http://" + la
pi = int(get_post_all(user)[-1][0])
if lv:
put_link(pi, la, lv)
else:
put_link(pi, la)
session['user'] = user
return redirect(url_for("hom"))
def insert_course(con, name, course_code, level, program_code):
"""Insert the course in the database given the database.
"""
course_id = get_course_id(con, name)
if course_id == 0:
faculty_id = insert_faculty(con, program_code)
try:
cur = con.cursor()
cur.execute("""INSERT INTO courses
(
name,
course_code,
level,
facultyId
)
VALUES
(
'%s', '%s',
'%s', %d
)"""
% ( mdb.escape_string(name),
mdb.escape_string(course_code),
mdb.escape_string(level),
faculty_id))
course_id = cur.lastrowid
con.commit()
except mdb.Error, e:
print "Error %d: %s" % (e.args[0], e.args[1])
def estateadd2():
db = utils.db_connect()
cur = db.cursor()
if request.method == 'POST': #if user has submitted something
if 'address' in request.form: #if user is adding an estate
damageType = MySQLdb.escape_string(request.form['damageType'])
address = request.form['address']
query = "INSERT INTO basicHouse (address,county,state,price) VALUES ('" + address +"', '"+MySQLdb.escape_string(request.form['county'])+"', '"+MySQLdb.escape_string(request.form['state'])+"', "+MySQLdb.escape_string(request.form['price'])+")"
print(query)
cur.execute(query)
db.commit()
query = "INSERT INTO house_damages (type,house_id,cost) VALUES ('"
query+=damageType+"', (SELECT house_id FROM basicHouse WHERE address= '"+ address+"' GROUP BY address) , '"+ MySQLdb.escape_string(request.form['damageCost']) + "');"
print(query)
cur.execute(query)
#rows = cur.fetchall()
db.commit()
if 'damAddress' in request.form: #if adding damages to existing estate
address = MySQLdb.escape_string(request.form['damAddress'])
damageType = MySQLdb.escape_string(request.form['damDamageType'])
damageCost = MySQLdb.escape_string(request.form['damDamageCost'])
query = "INSERT INTO house_damages (house_id,type,cost) VALUES ((SELECT house_id FROM basicHouse WHERE address = '" + address + "'),'"+ damageType+"',"+damageCost + ");"
print(query)
cur.execute(query)
db.commit()
return render_template('index.html', name = currentUser)
def author_insert(cursor, last, first, initials):
"""docstring for author_lookup(conn, last, first, initials)"""
initials_quoted = "NULL"
first_initial_quoted = "NULL"
second_initial_quoted = "NULL"
if len(initials) == 0:
initials = first[0].upper()
if len(initials) > 0:
initials_quoted = "'%s'" % MySQLdb.escape_string(initials)
first_initial_quoted = "'%s'" % MySQLdb.escape_string(initials[0])
if len(initials) > 1:
second_initial_quoted = "'%s'" % MySQLdb.escape_string(initials[1])
last_quoted = "'%s'" % MySQLdb.escape_string(last)
first_quoted = "'%s'" % MySQLdb.escape_string(first)
values = (last_quoted, first_quoted, initials_quoted, first_initial_quoted, second_initial_quoted)
query = """INSERT into author values (NULL, %s, %s, %s, %s, %s);""" % values
cursor.execute(query)
cursor.execute("SELECT LAST_INSERT_ID();")
row = cursor.fetchone()
author_id = int(row[0])
return author_id
def register():
#If they registered for an account
if request.method == 'POST':
#set up database connections
db = utils.db_connect()
cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor)
#get form results.
username = MySQLdb.escape_string(request.form['username'])
password = MySQLdb.escape_string(request.form['pw'])
zipcode = MySQLdb.escape_string(request.form['zipcode'])
#testing in terminal
print "Hi " + username + " " + password + " " + zipcode
#Insert into 'users' table
#query = "INSERT INTO users (username, password, zipcode) VALUES ('";
#query += request.form['username'] + "','" + request.form['pw'] + "','" + request.form['zipcode'] + "')"
#Hash it
###ADD ZIPCODE TO USERS TABLE
query = "INSERT INTO users (username, password, zipcode) VALUES ('%s', SHA2('%s', 0), '%d')" % (username, password, int(zipcode))
print query #testing in terminal
cur.execute(query)
db.commit()
return render_template('login.html', selectedMenu='Login')
return render_template('register.html', selectedMenu='Register', name = currentUser)
def login():
page = 'Login'
global currentUser
global loggedIn
db = complimentutil.db_connect()
cur = db.cursor(cursorclass=MySQLdb.cursors.DictCursor)
# if user typed in a post ...
if request.method == 'POST':
print "HI"
username = MySQLdb.escape_string(request.form['username'])
currentUser = username
pw = MySQLdb.escape_string(request.form['pw'])
query = "SELECT u.username, up.password FROM users u INNER JOIN user_passwords up ON u.id = up.id WHERE u.username = '******' AND up.password = SHA2('%s', 0)" % (username, pw)
print query
cur.execute(query)
if cur.fetchone():
session['username'] = currentUser
loggedIn=True
return redirect(url_for('mainIndex'))
else:
print "mistake"
return render_template('login.html', page=page, loggedIn=loggedIn)
def stringify_for_sql(i, this_type=None):
"""stringify, SQL-escape an object, adding quotes if it is a string"""
if isinstance(i, basestring):
if isinstance(i, unicode):
try:
i = i.encode(encoding)
except UnicodeEncodeError:
i = unicodedata.normalize('NFKD', i).encode(encoding, 'ignore')
if dbconnection:
i = dbconnection.escape_string(i)
else:
import MySQLdb
MySQLdb.escape_string(SQL)
if isinstance(i, basestring):
i = "'" + str(i) + "'"
else:
try:
if i is None or np.isnan(i):
i = 'NULL'
except TypeError:
pass
i = str(i)
return i
def BuildISOUpdateFieldAndValues(uuid, iso, extra=None):
if not extra: extra = {}
v1 = iso.getBitsAndValues()
field_list = ''
fields_in_row = 0
for v in v1:
try:
field_name = ISO8583_to_DB[v['bit']]
if field_list != '':
fields_in_row += 1
field_list += ' , '
# Add a new line every 5 fields.
if fields_in_row >= 5:
field_list += '\n '
fields_in_row = 0
field_list += field_name + '="' + MySQLdb.escape_string(v['value']) + '"'
except KeyError as e:
print 'Bit does not exist in the database: ' + str(e)
for extra_field in extra.keys():
#field_list += ',\n %s' % extra_field
v = str(extra[extra_field])
field_list += ", " + extra_field + '="' + MySQLdb.escape_string(v) + '"'
sql = "UPDATE core_node SET "
sql += field_list
sql += " WHERE tran_gid " + '="' + uuid + '"'
return sql
def fun():
user = MySQLdb.escape_string(smart_str(request.form['user']))
unf = MySQLdb.escape_string(smart_str(request.form['unf']))
if unfollow(user, unf):
posts = fget_post_all(user)
return render_template("home.html", posts=posts, Username=user)
return render_template("main-page.html")
def insertMySQL(tweetDict):
con = None
try:
con = mdb.connect('localhost', 'root', 'sa', 'tweetsearch');
cur = con.cursor()
with con:
cur = con.cursor()
checkquery = "SELECT * FROM tweet WHERE username = '******' AND tweetcontent = '" \
+ MySQLdb.escape_string(tweetDict.get(tweetDict.keys()[0])) \
+"'"
cur.execute(checkquery)
rows = cur.fetchall()
if(len(rows) == 0):
query = "INSERT INTO tweet(username, tweetcontent) VALUES('" \
+ MySQLdb.escape_string(tweetDict.keys()[0]) \
+ "', '" \
+ MySQLdb.escape_string(tweetDict.get(tweetDict.keys()[0])) \
+ "')"
cur.execute(query)
return True
except mdb.Error, e:
print "Error %d: %s" % (e.args[0],e.args[1])
sys.exit(1)
def get_qsyk_and_insert(self, docid):
cover_img = MySQLdb.escape_string(docid['cover_img'])
docid = docid['docid']
if self.db_has_exist(docid):
return
url = "http://c.3g.163.com/nc/article/%s/full.html" % str(docid)
data = utils.download_page(url, True)
if data:
data = data[docid]
if data:
ptime = data['ptime']
today = ptime.split(' ')[0]
imgs = data['img']
body = data['body'].encode('utf-8')
title = data['title'].replace(' ', '').replace('(', '-').replace('(', '-').replace(')', '').replace(')', '')
for img in imgs:
body = body.replace(img['ref'], "<img src=\"" + img['src'] + "\"/><hr>")
body = body.replace('%', '%%')
body = MySQLdb.escape_string(body)
sql = "insert into wangyi(item_type, title, url, docid, cover_img, ptime, today, body) values('%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s')" % (self._item_type, title, url, docid, cover_img, ptime, today, body)
utils.insert_mysql(sql)
def register(req,context):
username = MySQLdb.escape_string(req['username'])
nickname = MySQLdb.escape_string(req['nickname'])
password = MySQLdb.escape_string(req['password'])
studentNo = MySQLdb.escape_string(req['studentNo'])
db = MySQLdb.connect("localhost","root","jcyk","beta")
cursor = db.cursor()
#
sql = "insert into USER (_username,_nickname,_password,_studentNo,_version) values(%s,%s,%s,%s,%s)"
try:
cursor.execute(sql,(username,nickname,password,studentNo,1))
db.commit()
db.close()
res = {}
res['type'] = 'register_result'
res['body'] = 'ok'
if(req.has_key('head')):
filename = '%s.png'%username
ls_f = base64.b64decode(req['head'])
f = open(filename,'wb')
f.write(ls_f)
f.close()
return json.dumps(res)
except:
db.rollback()
db.close()
res = {}
res['type'] = 'register_result'
res['body'] = 'error'
return json.dumps(res)
def login(req,context):
username = MySQLdb.escape_string(req['username'])
password = MySQLdb.escape_string(req['password'])
db = MySQLdb.connect("localhost","root","jcyk","beta")
cursor = db.cursor()
#
sql = "select _password from USER WHERE _username = %s"
try:
cursor.execute(sql,(username,));
result = cursor.fetchone()
if result[0] != password:
db.close()
res = {}
res['type'] = 'login_result'
res['body'] = 'error: wrong password'
return json.dumps(res)
except:
db.close()
res= {}
res['type'] = 'login_result'
res['body'] = 'error: no such user'
return json.dumps(res)
res= {}
res['type'] = 'login_result'
res['body'] = 'ok'
return json.dumps(res)
def web_db_insert(self,item):
# try:
# db.insert('t_hh_dianping_tuangou_deal_info',**data)
# except:
# pass
key_str = ','.join('`%s`' % k for k in item.keys())
value_str = ','.join(
'NULL' if v is None or v == 'NULL' else "'%s'" % MySQLdb.escape_string('%s' % v) for v in
item.values())
kv_str = ','.join(
"`%s`=%s" % (k, 'NULL' if v is None or v == 'NULL' else "'%s'" % MySQLdb.escape_string('%s' % v))
for (k, v)
in item.items())
# print kv_str
# print key_str
sql = "INSERT INTO t_hh_dianping_shop_info_pet_hospital(%s) VALUES(%s)" % (key_str, value_str)
sql = "%s ON DUPLICATE KEY UPDATE %s" % (sql, kv_str)
print sql
# with open('eeeeddddd','a') as f:
# f.write(sql+'\n')
# time.sleep(100)
try:
db.query(sql.replace('NULL','0'))
except:
pass
def signin():
user = MySQLdb.escape_string(smart_str(request.form['Username']))
password = MySQLdb.escape_string(smart_str(request.form['Password']))
if sign_in(user, password):
posts = fget_post_all(user)
return render_template("home.html", posts=posts, Username=user)
return render_template("main-page.html")
def populateTempHQ(hqDB):
f = open('shops007.txt')
string = f.readlines()
decoded = json.loads(string[0])
shopdetails = decoded['shopdetails']
staffdetails = decoded['staffdetails']
products = decoded['products']
shopinventories = decoded['shopinventories']
members = decoded['members']
for i in shopdetails:
if(i):
query = 'insert into hq_shops values("%s","%s","%s",%s)' %(MySQLdb.escape_string(i['shop_Id']),MySQLdb.escape_string(i['name']),MySQLdb.escape_string(i['address']),i['phone_number'])
hqDB.execute(query)
for i in staffdetails:
if(i):
query = 'insert into hq_staff values(%s,"%s","%s","%s","%s",%s,"%s","%s")' %(i['staff_Id'],MySQLdb.escape_string(i['name']),MySQLdb.escape_string(i['address']),i['gender'],i['DOB'],i['contact'],i['position'],i['shop_Id'])
hqDB.execute(query)
for i in products:
if(i):
query = 'insert into hq_products values("%s","%s","%s","%s",%s,%s,%s,%s,%s,%s,%s)' %(i['barcode'],MySQLdb.escape_string(i['name']),MySQLdb.escape_string(i['category']),MySQLdb.escape_string(i['manufacturer']),(i['product_type']),i['bundle_unit_qty'],i['bundle_unit_discount'],i['min_stock_level'],i['max_stock_level'],i['normal_price'],i['member_price'])
hqDB.execute(query)
for i in shopinventories:
if(i):
query = 'insert into hq_shop_inventories values("%s","%s",%s,%s)' %(i['shop_Id'],i['barcode'],i['active_price'],i['quantity'])
hqDB.execute(query)
for i in members:
if(i):
query = 'insert into hq_members values("%s","%s","%s",%s)' %(MySQLdb.escape_string(i['email']),MySQLdb.escape_string(i['name']),i['password'],i['phone'])
hqDB.execute(query)
def sql(self, quoted=True):
""" gives sql string format, including quotes
"""
if quoted:
return '"%s"' % MySQLdb.escape_string(str(self.data))
else:
return '%s' % MySQLdb.escape_string(str(self.data))
def post(self):
title = self.get_argument('title', None)
if not title:
tid = self.get_argument('tid', None)
if not tid:
return self.render('error.html', msg='no id')
done = self.get_argument('done', None)
if done:
self.db.update_task(tid=tid, done=done)
return self.render('success.html')
content = self.get_argument('content', None)
if content:
self.db.update_task(tid=tid, content="'%s'"%MySQLdb.escape_string(content.encode('utf-8')))
return self.render('success.html')
order = self.get_argument('order', None)
if order:
self.db.update_task(tid=tid, ord=self.db.min_task_ord().get('ord', 0)-1)
return self.render('success.html')
if self.db.find_task(title): #dump task
return self.render('error.html', msg='Dump')
else:# create task
self.db.create_task(
int(time.time()),
self.db.max_task_ord().get('ord', 0) + 1,
MySQLdb.escape_string(title.encode('utf-8')),
'',
0,
)
return self.render('success.html')
def insert_counterfeit_pic(self, phishing_url, img_path):
'''
向mysql counterfeit_list表中插入仿冒网站的截图
'''
url_hash = hash_md5(phishing_url)
with open(img_path) as f:
img = f.read()
table_name = 'counterfeit_list'
fields = ['url']
wheres = {'hash': [url_hash, 's']}
select_result = self.require_get(
table_name, fields, wheres, get_type='select', fetch_type='one', print_none=0)
try:
# can't use the above definition of the structure of the SQL
# statement methods, beyond the length
if select_result is False:
sql = "INSERT INTO counterfeit_list (url,hash,webpage) VALUES ('%s','%s','%s')" % (
phishing_url, url_hash, MySQLdb.escape_string(img))
self.cur.execute(sql)
self.db_conn.commit()
else:
sql = "UPDATE counterfeit_list SET webpage='%s' WHERE hash='%s'" % (
MySQLdb.escape_string(img), url_hash)
self.cur.execute(sql)
self.db_conn.commit()
return True
except MySQLdb.Error, e:
re_connect_result = self.check_mysql_error(e)
if re_connect_result is True:
return self.insert_counterfeit_pic(phishing_url, img_path)
else:
return False
def changePDU(index,barcode,localDB):
index = "" + str(index)
if(not(index.isdigit())):
return "Invalid Index Entered."
barcode = "" + str(barcode)
if(not(barcode.isdigit())):
return "Invalid barcode Entered."
query0 = "Select count(*) from product_information where barcode = '%s'" % MySQLdb.escape_string(str(barcode))
localDB.execute(query0)
result = localDB.fetchone()
if(result[0] == 0):
return "Barcode not found."
message = '1'
query = "Select count(*) from pdu where pdu_index = %s" % MySQLdb.escape_string(str(index))
localDB.execute(query)
result = localDB.fetchone()
if(result[0] == 0):
query2 = "Insert into pdu values(%s,'%s')" %(MySQLdb.escape_string(str(index)),MySQLdb.escape_string(str(barcode)))
result = localDB.execute(query2)
if not result:
return ""
else:
query2 = "Update pdu set barcode = '%s' where pdu_index = %s" %(MySQLdb.escape_string(str(barcode)),MySQLdb.escape_string(str(index)))
result = localDB.execute(query2)
if not result:
return ""
return message
def translateBlock(block):
global iBlockInsert, insertSQLTrans, loadSQL, langTo, loadSQL
try:
translate = translator.translate(block[2].encode('utf-8'),
lang_from=fromLang,
lang_to=langTo)
if translate:
sql = "({id}, {language_id}, '{text}', NOW(), NOW(), 1, {siteID}, {cc}, 1, 0, 0)".format(
id=block[0],
language_id=langID,
siteID=siteID,
text=MySQLdb.escape_string(str(translate.encode('utf-8'))),
cc=len(translate.split()))
else:
sql = "({id}, {language_id}, '', NOW(), NOW(), 1, {siteID}, 0, 1, 0, 0)".format(
id=block[0], language_id=langID, siteID=siteID)
loadSQL.append(insertSQLTrans + sql + ";")
except Exception as exc:
pass
def insert(self, sql, values):
self.sql = sql % values
vs = []
strtype = type('str')
for v in values:
if type(v) == strtype:
vs.append(MySQLdb.escape_string(v))
else:
vs.append(v)
# print tuple(values);
# print tuple(vs);exit()
sql = sql % tuple(vs)
try:
self._checkConn()
self.cur.execute(sql)
re = True
except Exception, e:
re = str(Exception) + ':' + str(e) + ' -- sql:' + sql
def fetch_recent_task_durations(self, tasks):
"""For each task, determine the duration of its last completed run.
This is possibly inaccurate, since it identifies a task purely based
on its description."""
if len(tasks) == 0:
return {}
# Need to manually construct the values for WHERE IN clause, no support from MySQLdb
escaped_descs = [
"'" + str(MySQLdb.escape_string(task.description)) + "'"
for task in tasks
]
where_values = ', '.join(escaped_descs)
# Fetch duration of last completed run from the dist_test_durations table
query = """
SELECT description, duration_secs FROM dist_test_durations
WHERE description in (%s);
""" % (where_values)
c = self._execute_query(query)
return c.fetchall()
def translateBlock(block):
global iBlockInsert, insertSQLTrans, loadSQL, langTo
translate = translator.translate(block[2].encode('utf-8'),
lang_from=fromLang,
lang_to=langTo)
loadSQL.append(
"({id}, {language_id}, '{text}', NOW(), NOW(), 1, 1, {cc}, 1)".format(
id=block[0],
language_id=langID,
text=MySQLdb.escape_string(str(translate.encode('utf-8'))),
cc=len(translate.split())))
iBlockInsert += 1
if len(loadSQL) >= maxBlockInsert:
cursor = db.cursor()
iBlockInsert = 0
cursor.execute(insertSQLTrans + ','.join(loadSQL) + ";")
cursor.close()
loadSQL = []
def get_yy_red(self):
self.tools.setup_logging(sys.argv[1], True, True)
quncms_db = self.config['mysql']['quncms']
mysql = sMysql(quncms_db['host'], quncms_db['user'], quncms_db['password'], quncms_db['dbname'])
links = [
'http://www.yy.com/t/red',
#'http://www.yy.com/ent/dance',
#'http://www.yy.com/ent/music'
]
for i in range(0, len(links)):
url = links[i]
html = self.sGet(url, 'utf-8')
titles = self.sMatch('<p class="video-title">', '<\/p>', html, 0)
count = self.sMatch('<div class="audience-count">', '<\/div>', html, 0)
pics = self.sMatch('data-original="', '"', html, 0)
#3086431716
gourl = self.sMatch('class="video-box" href="', '"', html, 0)
for j in range(0, len(titles)):
_vvid = gourl[j].split('_')
if len(_vvid) < 2:
continue
axd = self.tools.strip_tags(count[j])
axd = axd.strip()
item = {
'yy_title': MySQLdb.escape_string(titles[j]),
'yy_view': axd,
'yy_pic': pics[j],
'yy_id': _vvid[1],
}
_has = mysql.fetch_one("select * from video_yy where yy_id=%s" % item['yy_id'])
if _has is None:
action = 'Add'
mysql.dbInsert('video_yy', item)
else:
action = 'Update'
up = {'yy_title': item['yy_title'], 'yy_view': item['yy_view']}
mysql.dbUpdate('video_yy', up, "yy_id=%s" % item['yy_id'])
logging.debug('%s=====:%s=====%s ' % (action, item['yy_title'], gourl[j]))
def query_preprocessing(query):
'''preprocessing the query to prevent sql injection'''
black_words = ['select', 'insert', 'update', 'drop', 'source', 'join']
black_symbals = [';']
def gen_re_string(string):
s = '\\s'
for i in str(string):
s += '[' + i + i.upper() + ']'
s += '\\s'
return s
for i in black_words:
if re.findall(gen_re_string(i), query):
raise Exception, "query contains illegal word '" + i + "'"
for i in black_symbals:
if re.findall(i, query):
raise Exception, "query contains illegal symbal '" + i + "'"
return mysql.escape_string(query)
def sqliterator(self):
header = """INSERT INTO `amazon`.`book` (
`id` ,
`isbn` ,
`title` ,
`friendly_title` ,
`creator` ,
`contributor` ,
`language` ,
`subject` ,
`publisher`
)
VALUES ("""
tail = ');\n'
id = self.getID()
isbn = self.getISBN()
pub = self.getPublisher()
result = ""
if self.switch:
for title in self.getTitle():
for ftitle in self.getFriendlyTitle():
for creator in self.getCreator():
for contrib in self.getContributor():
for lang in self.getLanguage():
for sub in self.getSubject():
result = result + header
result = result + "'" + id + "'," + str(
isbn) + ","
result = result + "'" + MySQLdb.escape_string(
remove_newline(title)
) + "'," + "'" + MySQLdb.escape_string(
remove_newline(ftitle)) + "',"
result = result + "'" + MySQLdb.escape_string(
remove_newline(creator)
) + "'," + "'" + MySQLdb.escape_string(
remove_newline(contrib)) + "',"
result = result + "'" + MySQLdb.escape_string(
remove_newline(lang)
) + "'," + "'" + MySQLdb.escape_string(
remove_newline(sub)
) + "'," + "'" + MySQLdb.escape_string(
remove_newline(pub)) + "'"
result = result + tail
yield result
def __add_model(self, model):
"""モデルをCSV文字列に変換.
"""
model_cls = model.__class__
cls_name = model_cls.__name__
tar_model_table = self.__model_table.get(cls_name, None)
if tar_model_table is None:
# 新規登録.
self.__model_table[cls_name] = ''
# モデルのクラスを登録.
if self.__cls_table.get(cls_name) is None:
self.__cls_table[cls_name] = model_cls
self.__cls_name.append(cls_name)
csv_data_list = []
for field in model_cls._meta.fields:
# フィールドに設定されている値.
value = getattr(model, field.attname)
if isinstance(field, ObjectField):
value = field.get_db_prep_save(value, None)
if value is None:
value = 'NULL'
elif isinstance(value, datetime.datetime):
value = "%04d-%02d-%02d %02d:%02d:%02d" % (
value.year, value.month, value.day, value.hour,
value.minute, value.second)
elif isinstance(value, bool):
value = int(value)
elif isbasestring(value):
# 無理やりだけどバイナリデータをエスケープ.
value = MySQLdb.escape_string(StrUtil.to_s(value))
csv_data_list.append('"%s"' % value)
# 書き込む.
csv_text = ModelCSVManager.STR_KUGIRI.join(csv_data_list) + '\r\n'
self.__model_table[cls_name] += csv_text
if ModelCSVManager.SIZE_MAX <= len(self.__model_table[cls_name]):
return True
else:
return False
def api_handler(data, api_info):
"""
@author Blakely Madden
@date 2014-02-24
@updated 2014-03-19
@purpose take the raw request and sanitize it for use with the DB
@args data [string], api_info [APIInfo]
@return dictionary
@exceptions None
@can_block False
"""
# remove whitespace and trailing '/'
# split fields separated by '/' and make a list of them
info = data.strip()
info = info.strip('/')
info = info.split('/')
for i in info: # escape all the strings for use with SQL statements
i = MySQLdb.escape_string(i)
db = db_hooks.DBHook(api_info.host, api_info.port, api_info.user,
api_info.pw, api_info.db) # set up the DB connection
table = info[0]
try: # get the column data that we need to make JSON objects
cols = db.execute_db_command("SHOW COLUMNS FROM %s" % table)
except Exception as e:
return invalid_request(table, e)
col_names = [] # pull out the actual column names
for item in cols:
col_names.append(item[0])
if len(info) == 1:
return safe_db_query_to_json (table_rows (table), col_names, db)
if len(info) == 2:
return safe_db_query_to_json (all_values_in_column (table, info[1]),
[info[1]], db)
if len(info) == 3:
return safe_db_query_to_json (rows_matching_table_field_val (table,
info[1],
info[2]),
col_names, db)
def doCrawl(partList, index, logger, id, retry=0):
#partList = getElementDirt()
#partList = getElementDirtWithHand()
try:
if index > 0:
partList = partList[index:]
for ind, part in enumerate(partList):
tup = checkExitRecord(id, part['pn'])
if len(tup) == 0:
logger.info("serach " + part['pn'])
index = ind
supplierMap = {}
supplierArray = getSupplierList(part['id'])
search = searchPart(part['pn'])
getElement(search, supplierArray, supplierMap, part['pn'], id,
part['id'])
crawlNextPage(search, supplierArray, supplierMap, part['pn'],
id, part['id'])
foo = [3, 4, 5, 6, 7]
time.sleep(choice(foo))
else:
logger.info(part['pn'] + " had search in a week")
for row in tup:
currentMessage = {}
currentMessage['partNumber'] = str(row[0])
currentMessage['amount'] = str(row[1])
currentMessage['condition'] = str(row[2])
currentMessage['supplierCode'] = MySQLdb.escape_string(
str(row[3]))
currentMessage['foreignKey'] = str(id)
currentMessage['commissionElementId'] = part['id']
currentMessage['isCopy'] = 1
insertStockMarketCrawlMessage(currentMessage)
except Exception, ex:
if retry == 1:
retry = 0
index = index + 1
else:
retry = retry + 1
logger.error(str(traceback.format_exc()))
logger.error(str(Exception) + ":" + str(ex))
doCrawl(partList, index, logger, id, retry)
def update(self, table, conds, params):
"""
更新数据
:arg table 数据表
:arg conds 更新条件集
:arg params 更新数据集
:return 数字(正常) None(异常)
"""
if isinstance(params, dict) is False:
return self.update_obj(table, conds, params)
conds = self.validateConds(conds)
if conds is None:
return None
setValue = ','.join(["{}=%s".format(k) for k in params.keys()])
values = [MySQLdb.escape_string(str(s)) for s in params.values()]
str_sql = 'update {} set {} where {}'.format(table, setValue, conds)
result = self.execute(str_sql, values)
return result
def InsertJiJiao():
try:
update=0;
url=[["通知新闻","more1.htm"],["公告栏","more2.htm"],["学生工作","more7.htm"],["就业信息","more8.htm"]]
for i in range(len(url)):
print url[i][0]
content=JiJiao.GetByJiJiao("http://222.195.158.131/jcjxzx/"+url[i][1]);
length=len(content);
#print length
if length<=0:
update=update+1;
else:
for j in range(length):
#print content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1]
Insert(content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1],"基础教学中心",13)
print time.ctime()+"\t基础教学中心新闻更新数目:"+str(length)
if update==len(url):
print time.ctime()+"\t\t暂无更新";
except :
print time.ctime()+"\t基础教学中心更新连接超时。"
def insertLdaModel(self, name, value, binary_model):
"this function insert a row into tv_storage if that row doesnt exist"
print("hola")
from mysql.connector import Error
import MySQLdb
name = name
value = value
try:
sql = "INSERT INTO prueba (name, lda, binary_model) VALUES (%s,%s,%s);"
self.cursor = self.connection.cursor()
self.cursor.execute(
sql, (name, value, MySQLdb.escape_string(binary_model)))
#without using commit function is imposible insert but it is not neccesary to do a select
self.connection.commit()
except Error as e:
print("Error", e)
logging.warning("Error inserting into table prueba model: " +
str(name))
def InsertWenXin():
try:
update=0;
url=[["CollegeNews.aspx?news=1","学院新闻"],["CollegeNews.aspx","工作通知"]]
for i in range(len(url)):
#print url[i][1]
content=WenXin.GetByWenXin ("http://www3.ouc.edu.cn/artcollege/"+url[i][0]);
length=len(content);
#print length
if length<=0:
update=update+1;
else:
for j in range(length):
#print content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1]
Insert(content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1],"文新学院",11)
print time.ctime()+"\t文新学院新闻更新数目:"+str(length)
if update==len(url):
print time.ctime()+"\t\t暂无更新";
except :
print time.ctime()+"\t文新学院更新连接超时。"
def get_hashlist_id(self):
ct = formatTime()
total_size = self.get_bt_size(self.sign_torrent)
shash = self.sign_torrent['hash']
sname = self.sign_torrent['name']
sname = mdb.escape_string(sname)
info = self.query("select id from pl_hash_list where info_hash='" +
shash + "'")
if len(info) > 0:
pid = str(info[0][0])
else:
print 'insert into pl_hash_list data'
pid = self.execute(
"insert into pl_hash_list (`name`,`info_hash`,`length`,`create_time`) values('"
+ sname + "','" + shash + "','" + total_size + "','" + ct +
"')")
return pid
def search_user_by_email(self, email):
""" Search an user inside SQL Database
:param email: String with email adddress
:return: Dict with result of SQL query
"""
logger.info("Searching for email address {}".format(email))
email = MySQLdb.escape_string(email)
query = "SELECT {} FROM {} WHERE {}=%s ORDER BY {} LIMIT 1;".format(
self.user_column, self.user_table, self.user_email_column,
self.user_column)
user_info = self._search(query, email)
if not user_info:
raise UserNotFound(
"User not found in database for email '{}'".format(email))
return dict(user_info.fetchone())[self.user_column]
def createUser(username, age, gender, height, postal_code):
print(username, age, gender, height, postal_code)
#Escapamos el valor del username
username = MySQLdb.escape_string(username)
username = username.decode("utf-8")
#Comprobamos que todos los datos son correctos.
correctAge = age.isdigit()
correctGender = (gender == '1' or gender == '0')
correctHeight = height.isdigit()
correctPostalCode = postal_code.isdigit()
if (correctAge and correctGender and correctHeight and correctPostalCode):
#Si todos los datos son correctos, creamos el objeto y
#lo subimos a la bbdd.
SQLSentence = "INSERT INTO Users (username, age, gender, height, postal_code, expenses) VALUES ('{0}', {1}, {2}, {3}, {4}, 0)".format(
str(username), age, gender, height, postal_code)
result = insert_sql(SQLSentence)
return result
else:
return False
return True
def InsertSystemOfCourse():
try:
update=0;
url=[["最新公告","http://jwc.ouc.edu.cn:8080/ouc/index.do"]]
for i in range(len(url)):
# print url[i][0]
content=SystemOfCourse.GetByCourse(url[i][1]);
length=len(content);
# print length
if length<=0:
update=update+1;
else:
for j in range(length):
#print content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1]
Insert(content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1],"选课系统",15)
print time.ctime()+"\t选课系统公告更新数目:"+str(length)
if update==len(url):
print time.ctime()+"\t选课系统公告\t暂无更新"
except :
print time.ctime()+"\t选课系统更新连接超时。"
def InsertYiShu():
try:
update=0;
url=[["最新公告","more11.htm"],["系内动态","more1.htm"],["学术交流","more9.htm"]]
for i in range(len(url)):
# print url[i][0]
content=YiShu.GetByYiShu("http://222.195.158.131/wanb/"+url[i][1]);
length=len(content);
# print length
if length<=0:
update=update+1;
else:
for j in range(length):
#print content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1]
Insert(content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1],"艺术系",14)
print time.ctime()+"\t艺术系新闻更新数目:"+str(length)
if update==len(url):
print time.ctime()+"\t\t暂无更新";
except :
print time.ctime()+"\t艺术系更新连接超时。"
def encode_post(text):
'''
INPUT : Raw Text (contains html is ok)
OUTPUT : Fresh Text (MySQL Escaped and Stripped)
'''
# text = text.encode('ascii','ignore').strip()
try:
text = text.encode('ascii', 'replace')
except:
print '\nDECODE ERROR Encode Post\n' + text
text = text.strip()
text = re.sub('\t', '', text)
text = re.sub('\n', '', text)
text = re.sub('\r', '', text)
try:
text = MySQLdb.escape_string(text)
except:
# hash = hashlib.sha224(text).hexdigest()
print '\nESCAPE ERROR ENCODE Post\n' + text
return text
def add(bank_id, name, rangedate, url, beginDate, endDate):
try:
time.strptime(beginDate, "%Y-%m-%d")
beginDate = "'" + beginDate + "'"
except:
beginDate = 'NULL'
try:
time.strptime(endDate, "%Y-%m-%d")
endDate = "'" + endDate + "'"
except:
endDate = 'NULL'
name = MySQLdb.escape_string(name)
cursor = XykSpider.db().cursor()
sql = "INSERT INTO s_spider (`bank_id`, `name`, `url`, `range_date`, `begin_date`, `end_date`, `time`) VALUES ( %d, '%s', '%s', '%s', %s, %s, now())"
sql = sql % (bank_id, name, url, rangedate, beginDate, endDate)
try:
cursor.execute(sql)
except:
print sql
XykSpider.db().commit()
def select_blog_info(self, BlogId, IsAdmin=None):
'''
@summary: 查询当前文件的信息
'''
datatuple = ()
try:
BlogId = MySQLdb.escape_string(BlogId)
if IsAdmin:
sql1 = '''SELECT `GroupCode`,`Subject`,`FileName`,`AddTime`,`Views`,`Privacy` FROM `BlogData` WHERE Id = %s AND IsDelete = 0;''' % BlogId
else:
sql1 = '''SELECT `GroupCode`,`Subject`,`FileName`,`AddTime`,`Views`,`Privacy` FROM `BlogData` WHERE Id = %s AND IsDelete = 0 AND Privacy = 0;''' % BlogId
sql2 = '''UPDATE `BlogData` SET Views = Views + 1 WHERE `Id` = %s''' % BlogId
self.MySQLAccess.execute(sql2)
data = self.MySQLAccess.select(sql1)
if data:
datatuple = data[0]
except:
err_msg = get_err_msg()
root.error(err_msg)
return datatuple
def __init__(self, object):
self.perfdb = object.perfdb
self.phase = object.phase
self.test_dir = object.test_dir
self.test_short_dir = object.test_short_dir
self.output_dir = object.output_dir
self.output_file_name = object.output_file_name
self.contamination = os.path.join(self.output_dir,
"contamination_message")
self.contaminated = 1 if os.path.exists(self.contamination) else 0
self.contamination_message = "No contamination."
if self.contaminated:
with open(self.contamination, "r") as f:
self.contamination_message = MySQLdb.escape_string(
f.read().replace('\n', ''))
self.did_correct_pass = 0
self.did_time_pass = 0
self.test_run_model_result = TableRow("test_run_model_result",
self.perfdb)
def InsertShuXue():
try:
update=0;
url=[["http://www2.ouc.edu.cn/math/Ch/main.asp","首页"]]
for i in range(len(url)):
#print url[i][1]
content=ShuXue.GetByShuXue(url[i][0]);
length=len(content);
#print length
if length<=0:
update=update+1;
else:
for j in range(length):
#print content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1]
Insert(content[j][0],MySQLdb.escape_string(str(content[j][2])),content[j][1],"数学学院",12)
print time.ctime()+"\t数学学院新闻更新数目:"+str(length)
if update==len(url):
print time.ctime()+"\t\t暂无更新";
except :
print time.ctime()+"\t数学学院更新连接超时。"
def pg_search(title, page):
if page < 0:
return {}
start = (page - 1) * 10
end = 10
sqlquery = """SELECT DISTINCT `id`, `title` , `creator` , `contributor`
FROM `book`
WHERE MATCH (
title, friendly_title
)
AGAINST (
'""" + MySQLdb.escape_string(title) + """'
) ;"""
db = connect_to_database("amazon", "root",
"gitkotwg0") #replace with password
cursor = db.cursor()
cursor.execute(sqlquery)
result = cursor.fetchall()
db.close()
books = {}
if (start > len(result)):
start = len(result)
for i in xrange(start, len(result)):
if (len(books) == end):
break
id, title, creator, contributor = result[i]
if books.has_key(id):
if creator:
books[id]['creator'].append(creator)
if contributor:
books[id]['contributor'].append(contributor)
books[id]['creator'] = unique(books[id]['creator'])
books[id]['contributor'] = unique(books[id]['contributor'])
else:
books[id] = {'title': title, 'creator': [], 'contributor': []}
if creator:
books[id]['creator'].append(creator)
if contributor:
books[id]['contributor'].append(contributor)
return books
def getLabourContractList(request):
usr_id = request.session.get('usr_id','') or testid
if usr_id ==0:
s = """
{
"errcode": -1,
"errmsg": "无权访问,请先关注"
} """
return HttpResponseJsonCORS(s)
#if int(usr_id) == 447:
# usr_id = 173
pageNo = request.POST.get('pageNo','') or 1
pageNo = int(pageNo)
search = request.POST.get('search','')
search = MySQLdb.escape_string(search)
sql="""select lc.id,op.id,op.cname,lc.Req_no,lc.apply_day from labour_contract lc
left join out_proj op on lc.proj_id = op.id
LEFT JOIN users_wx U ON U.addr_id = lc.teams_id
left join labour_contract_invalid lci on lc.id = lci.lc_id
where U.usr_id = %s and lci.id is null
"""%(usr_id)
print sql
if search !='':
sql+="AND ( IFNULL(op.cname,'') LIKE '%%%s%%' OR IFNULL(lc.req_no,'') LIKE '%%%s%%' ) "%(search,search)
sql+="ORDER BY lc.apply_day DESC"
rows,iTotal_length,iTotal_Page,pageNo,select_size = db.select_for_grid(sql,pageNo,10)
names = 'lc_id proj_id proj_name req_no apply_day'.split()
data = [dict(zip(names, d)) for d in rows]
L = json.dumps(data,ensure_ascii=False,cls=ComplexEncoder)
s = """
{
"errcode": 0,
"errmsg": "获取协议列表成功",
"data":%s,
"totalLength":%s,
"totalPage":%s,
"pageNo":%s,
"pageSize":%s
} """%(L,iTotal_length,iTotal_Page,pageNo,select_size)
#print ToGBK(s)
return HttpResponseJsonCORS(s)
def write_to_db(dic):
db = MySQLdb.connect(host='localhost',
user='******',
passwd='root',
db='en_magic',
charset='utf8')
cursor = db.cursor()
for v in keys:
if dic.get(v) == None:
dic[v] = ''
else:
dic[v] = MySQLdb.escape_string(dic[v])
try:
pre_sql = "select id from tb_book_pub where isbn = '%s'" % dic['isbn']
if dic['isbn'] == '':
pre_sql = "select id from tb_book_pub where url = '%s'" % dic['url']
if cursor.execute(pre_sql) != 0:
db.close()
return
sql = "insert into tb_book_pub( \
name, authors, publisher, \
isbn, url, img_address, \
price, datePubed, \
language, format, age_range, \
pagenum, categories, series) \
values ('%s', '%s', '%s', \
'%s', '%s', '%s', \
'%s', '%s', '%s', \
'%s', '%s', '%s', \
'%s', '%s', '%s')" \
% (dic['name'], dic['authors'], dic['publisher'], \
dic['isbn'], dic['url'], dic['img_address'], \
dic['price'], dic['datePubed'], \
language, dic['format'], dic['age_range'],
dic['pagenum'], dic['categories'], dic['series'])
cursor.execute(sql)
db.commit()
except Exception as e:
print e
db.rollback()
db.close()
def run(stage,subject,type):
with open('subject_list.json','rb') as f:
subject_list = json.load(f)
_subject = None
for sub in subject_list:
if sub['stage'] == stage and sub['subject'] == subject:
_subject = sub
if _subject is None:
return
id_list = get_question_id_list(stage,subject,type)
for id in id_list:
if redis.get(id) is None:
try:
redis.set(id,0)
question = get_question(id)
_question = dict()
change = False
for key,value in question.iteritems():
url_list = get_replace_str(value)
for url in url_list:
print url
if url_list is not None and len(url_list) > 0:
change = True
print '=='*30 ,'qlen ', len(value)
_question[key] = replace(value,url_list)
print '=='*30 ,'_qlen ', len(_question[key])
print _question.keys()
if _question[key] is not None:
_question[key] = MySQLdb.escape_string(_question[key])
_question['id'] = id
if change:
update_question(_question)
redis.set(id,1)
del id
except Exception as e:
print 'hi', e
redis.delete(id)
del id
# time.sleep(2)
if one:
break
def getValidityResult(field_id, request):
sql = "select ifnull(validity_sql,''),para_cols from menu_form_validity where field_id= '%s'" % (
field_id)
lT, iN = db.select(sql)
if iN == 0:
return 1
sql = lT[0][0]
para_cols = lT[0][1]
paras = para_cols.split(',')
print paras
print request.POST
for e in paras:
if e == '': break
sql = sql.replace("{%s}" % e,
MySQLdb.escape_string(request.POST.get(e, '')))
print ToGBK(sql)
lT, iN = db.select(sql)
if iN == 0:
return 1
return lT[0][0]
def assign_rid_user(self, rid, username):
"""
Assigns a receipt id (from an existing receipt in the database) to an owner
:return: (bool) True, if anything ok, False, if receipt already assigned
"""
self.__CURSOR.execute(
"SELECT user_id FROM receipts WHERE receipt_id = ('{rid}')".format(
rid=MySQLdb.escape_string(rid)))
if self.__CURSOR.fetchone() != (None, ):
return False
user_id = self.__get_user_id(username)
self.__CURSOR.execute(
"UPDATE receipts SET user_id={uid} WHERE receipt_id='{rid}'".
format(uid=user_id, rid=rid))
self.__CONNECTION.commit()
logging.info(
"<USER-HANDLER> Receipt -> User\n\t|-USERNAME: {name}\n\t|-USER ID: {id}\n\t"
"'-RECEIPT ID: {rid}".format(name=username, id=user_id, rid=rid))
return True
