def uploadArtical(): uid = web_helper.get_form('id', '主键(时间戳)') tit = str( base64.b64decode(web_helper.get_form('tit', '标题').replace(" ", "+")), "utf-8") txt = web_helper.get_form('txt', '内容').replace(" ", "+") tip = str( base64.b64decode(web_helper.get_form('tip', '标签').replace(" ", "+")), "utf-8") newArt = web_helper.get_form('new', '是否是新文章') if ("n" == newArt): insert = """ insert into "articaltable" ("id", "artical_name", "artical_type", "likesnum", "answernum", "readnum", "artical") values (%s, %s, %s, 0, 0, 0, %s) """ data = (uid, tit, tip, txt) beTip = db_helper.write(insert, data) else: updata = """ UPDATE "articaltable" SET "artical_name"= %s, "artical_type"= %s, "artical" = %s WHERE id=%s; """ data = (tit, tip, txt, uid) beTip = db_helper.write(updata, data) print(beTip, uid, tit, txt, tip) return web_helper.return_msg(-1 if (beTip == "False") else 0, '上传成功')
def callback(id): """ 修改记录 """ name = web_helper.get_form('name', '产品名称') code = web_helper.get_form('code', '产品编码') product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类')) standard = web_helper.get_form('standard', '产品规格') quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期') place_of_origin = web_helper.get_form('place_of_origin', '产地') front_cover_img = web_helper.get_form('front_cover_img', '封面图片') content = web_helper.get_form('content', '产品描述', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用')) # 编辑记录 sql = """ update product set name=%s, code=%s, product_class_id=%s, standard=%s, quality_guarantee_period=%s, place_of_origin=%s, front_cover_img=%s, content=%s, is_enable=%s where id=%s returning id""" vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable, id) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): """ 新增记录 """ name = web_helper.get_form('name', '产品名称') code = web_helper.get_form('code', '产品编码') product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类')) standard = web_helper.get_form('standard', '产品规格') quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期') place_of_origin = web_helper.get_form('place_of_origin', '产地') front_cover_img = web_helper.get_form('front_cover_img', '封面图片') content = web_helper.get_form('content', '产品描述', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用')) # 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值) sql = """insert into product (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable) values (%s, %s, %s, %s, %s, %s, %s, %s, %s) returning id""" vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(id): name = web_helper.get_form('name', '', False) is_enable = convert_helper.to_int_default( web_helper.get_form('is_enable', '', False), 0) sql = '''update product_class set name=%(name)s ,is_enable=%(is_enable)s where id=%(id)s returning id''' par = {'name': name, 'is_enable': is_enable, 'id': id} result = db_helper.write(sql, par) if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, '失败')
def record(): name = web_helper.get_form('name', '姓名为空', False) cardno = web_helper.get_form('cardno', '准考证号为空', False) ip = web_helper.get_ip() print(name, cardno, ip) sql = '''insert into searchrecord (name,cardno,ip) VALUES (%(name)s,%(cardno)s,%(ip)s) returning id''' par = {'name': name, 'cardno': cardno, 'ip': ip} result = db_helper.write(sql, par) if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, '失败')
def callback(): name = web_helper.get_form('name', '', False) is_enable = convert_helper.to_int_default( web_helper.get_form('is_enable', '', False), 0) sql = '''insert into product_class (name,is_enable) VALUES (%(name)s,%(is_enable)s) returning id''' par = {'name': name, 'is_enable': is_enable} result = db_helper.write(sql, par) if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, '失败')
def get_visit(): scanEmail_helper.fun_timer() ip_inner = web_helper.get_ip() ip_outer = web_helper.get_query("IP", "ip_outer") province = web_helper.get_query('province', '省') city = web_helper.get_query('city', '市') district = web_helper.get_query('district', '区县') sql = """SELECT code FROM "cityInfomation" WHERE name = '%s' and "parentCode" = (select code from "cityInfomation" where name = '%s')""" % ( district, city, ) manager_result = db_helper.read(sql) # 判断用户记录是否存在 code = manager_result[0].get('code', '').rstrip() sql_2 = """SELECT COUNT(1) FROM "visitRecode" WHERE code='%s'""" % (code) recode_result = db_helper.read(sql_2) count = recode_result[0].get('count', '') if count > 0: sql = """ UPDATE "visitRecode" SET valueindex=valueindex+1 WHERE code='%s'; """ % (code) data = () db_helper.write(sql, data) else: t = int(time.time()) insert = """ insert into "visitRecode" ("dateTime", "visitIP", "code", "ip_inner", valueIndex) values (%s, %s, %s, %s, 1) """ data = (t, ip_outer, code, ip_inner) db_helper.write(insert, data) return web_helper.return_msg(0, 'success')
def test(self): # 新增记录,不带return参数 sql = """ INSERT INTO product_class( name, is_enable) VALUES (%s, %s) """ data = ('糖果', 1) result = db_helper.write(sql, data) print(result) # 新增记录,使用return参数返回新增id sql = """ INSERT INTO product_class( name, is_enable) VALUES (%s, %s) RETURNING id; """ data = ('饼干', 1) result = db_helper.write(sql, data) print(result) # 修改不存在的记录 sql = """ UPDATE product_class SET name=%s, is_enable=%s WHERE id=10000 RETURNING id; """ data = ('糖果', 1) result = db_helper.write(sql, data) print(result) # 查询记录 sql = """ SELECT * FROM product_class """ result = db_helper.read(sql) print(result)
def callback(): """ 修改记录 """ front_cover_img = web_helper.get_form('front_cover_img', '图片') content = web_helper.get_form('content', '内容', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) # 更新记录 sql = """update infomation set front_cover_img=%s, content=%s where id=1""" vars = ( front_cover_img, content, ) # 写入数据库 db_helper.write(sql, vars) # 直接输出json return web_helper.return_msg(0, '成功')
def callback(id): """ 删除指定记录 """ # 编辑记录 sql = """delete from product where id=%s returning id""" vars = (id,) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "删除失败")
def callback(id): """ 修改记录 """ name = web_helper.get_form('name', '分类名称') is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用')) # 编辑记录 sql = """update product_class set name=%s, is_enable=%s where id=%s returning id""" vars = (name, is_enable, id) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): """ 新增记录 """ name = web_helper.get_form('name', '分类名称') is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用')) # 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值) sql = """insert into product_class (name, is_enable) values (%s, %s) returning id""" vars = (name, is_enable) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(): id = web_helper.get_query('id', '', False) id = convert_helper.to_int_default(id, 0) # 判断分类有没有被引用 sql = 'select count(1) as records from product where product_class_id=%s' % str( id) result = db_helper.read(sql) if result and result[0].get('records', -1) > 0: return web_helper.return_msg(-1, '该分类已被引用,请清除对该分类的绑定后再来删除') else: sql = 'delete from product_class where id=%s returning id' % (id) val = (id) result = db_helper.write(sql, val) if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, '失败')
def deleteArtical(): uid = web_helper.get_form('uid', '主键(时间戳)') deleteArtical = """ delete from "articaltable" where id = %s """ data = (uid, ) beTip = db_helper.write(deleteArtical, data) if beTip == "False": return web_helper.return_msg( -1, '删除失败', ) else: selectArticalList = """ select "id", "artical_name", "artical_type", "likesnum", "answernum", "readnum" from "articaltable" """ recode_result = db_helper.read(selectArticalList) return web_helper.return_msg(0, '删除成功', recode_result)
def callback(): """ 修改记录 """ content = web_helper.get_form('content', '内容', is_check_special_char=False) # 防sql注入攻击处理 content = string_helper.filter_str(content, "'") # 防xss攻击处理 content = string_helper.clear_xss(content) # 更新记录 sql = """update infomation set content=%s where id=2 returning id""" vars = (content, ) # 写入数据库 result = db_helper.write(sql, vars) if result and result[0].get('id'): return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "提交失败")
def callback(id): """ 删除指定记录 """ # 判断该分类是否已经被引用,是的话不能直接删除 sql = """select count(*) as total from product where product_class_id=%s""" % (id,) # 读取记录 result = db_helper.read(sql) if result and result[0].get('total', -1) > 0: return web_helper.return_msg(-1, "该分类已被引用,请清除对该分类的绑定后再来删除") # 编辑记录 sql = """delete from product_class where id=%s returning id""" vars = (id,) # 写入数据库 result = db_helper.write(sql, vars) # 判断是否提交成功 if result: return web_helper.return_msg(0, '成功') else: return web_helper.return_msg(-1, "删除失败")
def post_login(): """用户登陆验证""" ############################################################## # 获取并验证客户端提交的参数 ############################################################## username = web_helper.get_form('username', '帐号') password = web_helper.get_form('password', '密码') verify = web_helper.get_form('verify', '验证码') ip = web_helper.get_ip() ############################################################## # 从session中读取验证码信息 ############################################################## s = web_helper.get_session() verify_code = s.get('verify_code') print(verify, s) # 删除session中的验证码(验证码每提交一次就失效) if 'verify_code' in s: del s['verify_code'] s.save() # 判断用户提交的验证码和存储在session中的验证码是否相同 if verify.upper() != verify_code: return web_helper.return_msg(-1, '验证码错误') ############################################################## ### 获取登录用户记录,并进行登录验证 ### ############################################################## sql = """select * from manager where login_name='%s'""" % (username, ) # 从数据库中读取用户信息 manager_result = db_helper.read(sql) # 判断用户记录是否存在 if not manager_result: return web_helper.return_msg(-1, '账户不存在') ############################################################## ### 验证用户登录密码与状态 ### ############################################################## # 对客户端提交上来的验证进行md5加密将转为大写(为了密码的保密性,这里进行双重md5加密,加密时从第一次加密后的密串中提取一段字符串出来进行再次加密,提取的串大家可以自由设定) # pwd = encrypt_helper.md5(encrypt_helper.md5(password)[1:30]).upper() # 对客户端提交上来的验证进行md5加密将转为大写(只加密一次) pwd = encrypt_helper.md5(password).upper() # 检查登录密码输入是否正确 if pwd != manager_result[0].get('login_password', ''): return web_helper.return_msg(-1, '密码错误') # 检查该账号虽否禁用了 if manager_result[0].get('is_enable', 0) == 0: return web_helper.return_msg(-1, '账号已被禁用') ############################################################## ### 把用户信息保存到session中 ### ############################################################## manager_id = manager_result[0].get('id', 0) s['id'] = manager_id s['login_name'] = username s.save() ############################################################## ### 更新用户信息到数据库 ### ############################################################## # 更新当前管理员最后登录时间、Ip与登录次数(字段说明,请看数据字典) sql = """update manager set last_login_time=%s, last_login_ip=%s, login_count=login_count+1 where id=%s""" # 组合更新值 vars = ( 'now()', ip, manager_id, ) # 写入数据库 db_helper.write(sql, vars) data = [{'a': 1, 'b': 2, 'c': 3, 'd': 4, 'e': 5}] return web_helper.return_msg(0, '登录成功', data)