def insert_row(conn_params, get_data={}, form_data={}):
# set execution context
conn_params['db'] = get_data['db']
# format form_data ( from a form) according to the following rules
# * add single qoutes to the variables
# * make lists a concatenation of lists
cols, values = [], []
for k in form_data:
if k in ('csrfmiddlewaretoken', 'save_changes_to'): continue
cols.append(k)
if type(form_data[k]) == list:
value = u",".join( form_data[k] )
values.append( fns.str_quote(value) )
else:
values.append( fns.str_quote(form_data[k]) )
# generate sql insert statement
q = u"INSERT INTO {0}{tbl} ({1}) VALUES ({2})".format(
u'{schm}.'.format(**get_data) if conn_params['dialect'] == 'postgresql' else u'',
u",".join(cols), u",".join(values), **get_data
)
# run query and return results
ret = sa.short_query(conn_params, (q, ))
if ret['status'] == 'success': ret['msg'] = 'Insertion succeeded'
# format status messages used in flow control (javascript side)
# replaces with space and new lines with the HTML equivalents
ret['msg'] = '<div class="alert-message block-message {0} span8 data-entry"><code>\
{1}</code></div>'.format(
'success' if ret['status'] == 'success' else 'error',
ret['msg'].replace(' ', ' ').replace('\n', '<br />')
)
return ret
def update_row(conn_params, indexed_cols={}, get_data={}, form_data={}):
# set execution context
conn_params['db'] = get_data['db']
# format form_data ( from a form) according to the following rules
# * add single qoutes to the variables
# * make lists a concatenation of lists
cols, values = [], []
for k in form_data:
if k in (u'csrfmiddlewaretoken', u'save_changes_to'): continue
cols.append(k)
if type(form_data[k]) == list:
value = u",".join( form_data[k] )
values.append( fns.str_quote(value) )
else:
values.append( fns.str_quote(form_data[k]) )
# generate SET sub statment
_l_set = []
for i in range(len(cols)):
short_stmt = u"=".join([cols[i], values[i]])
_l_set.append(short_stmt)
# generate WHERE sub statement
_l_where = []
for key in indexed_cols:
short_stmt = u"=".join([ key, fns.str_quote(form_data[key]) ])
_l_where.append(short_stmt)
# generate full query
q = u"UPDATE {0}{tbl} SET {set_stmts} WHERE {where_stmts}".format(
u'{schm}.'.format(**get_data) if conn_params['dialect'] == 'postgresql' else u'',
set_stmts = u", ".join(_l_set), where_stmts = u" AND ".join(_l_where), **get_data
)
# run query and return results
ret = sa.short_query(conn_params, (q, ))
if ret['status'] == 'success': ret['msg'] = 'Row update succeeded'
# format status messages used in flow control (javascript side)
# replaces with space and new lines with the HTML equivalents
ret['msg'] = '<div class="alert-message block-message {0} span12 data-entry"><code>\
{1}</code></div>'.format(
'success' if ret['status'] == 'success' else 'error',
ret['msg'].replace(' ', ' ').replace('\n', '<br />')
)
return ret