def post(self, user):
if user == None:
keys = db.GqlQuery("SELECT __key__ FROM StoredData", user)
else:
keys = db.GqlQuery(
"SELECT __key__ FROM StoredData where user = :1", user)
for key in keys:
db.run_in_transaction(dbSafeDelete, key)
self.redirect('/%s/' % (user))
def show_stored_data(self, user):
self.response.out.write('''
<p><table border=1>
<tr>
<th>Key</th>
<th>Value</th>
<th>Created (GMT)</th>
</tr>''')
# This next line is replaced by the one under it, in order to help
# protect against SQL injection attacks. Does it help enough?
#entries = db.GqlQuery("SELECT * FROM StoredData ORDER BY tag")
entries = db.GqlQuery(
"SELECT * FROM StoredData where user = :1 ORDER BY tag", user)
for e in entries:
entry_key_string = str(e.key())
self.response.out.write('<tr>')
self.response.out.write('<td>%s</td>' % escape(e.tag))
self.response.out.write('<td>%s</td>' % escape(e.value))
self.response.out.write('<td><font size="-1">%s</font></td>\n' %
e.date.ctime())
self.response.out.write('''
<td><form action="/%s/deleteentry" method="post"
enctype=application/x-www-form-urlencoded>
<input type="hidden" name="entry_key_string" value="%s">
<input type="hidden" name="tag" value="%s">
<input type="hidden" name="fmt" value="html">
<input type="submit" style="background-color: red" value="Delete"></form></td>\n'''
% (user, entry_key_string, escape(e.tag)))
self.response.out.write('</tr>')
self.response.out.write('</table>')
def query(self, query, max_line):
results = []
query = ndb.GqlQuery(query)
for query_line in query.run(limit=max_line):
results.append(query_line)
return results
def store_a_value(self, tag, value, user):
# There's a potential readers/writers error here :(
entry = db.GqlQuery(
"SELECT * FROM StoredData where tag = :1 AND user = :2", tag,
user).get()
if entry:
entry.value = value
else:
entry = StoredData(tag=tag, value=value, user=user)
entry.put()
## Send back a confirmation message. The TinyWebDB component ignores
## the message (other than to note that it was received), but other
## components might use this.
result = ["STORED", tag, value]
WritePhoneOrWeb(self, lambda: json.dump(result, self.response.out),
user)
def get_value(self, tag, user):
entry = db.GqlQuery(
"SELECT * FROM StoredData where tag = :1 AND user = :2", tag,
user).get()
if entry:
value = entry.value
else:
value = ""
## We tag the returned result with "VALUE". The TinyWebDB
## component makes no use of this, but other programs might.
## check if it is a html request and if so clean the tag and value variables
if self.request.get('fmt') == "html":
value = escape(value)
tag = escape(tag)
WritePhoneOrWeb(
self, lambda: json.dump(["VALUE", tag, value], self.response.out),
user)
def _query_user(username):
return ndb.GqlQuery("SELECT * FROM BlogPost WHERE username=%s" %
username)