So, have fun learning all of this stuff! It’s great fun, and you should stick with it and keep asking questions here. Even if it’s just for yourself and a couple of friends. ![]() It is downright unethical to stand up a project that handles passwords like this. Even if you are using the appropriate crypto in your function, you have absolutely no idea what’s being stored in your database because you are explicitly allowing the arbitrary execution of code from user input. The only reason I’m pointing this out here in what is clearly a learning sample is that you have a password component to this which appears to be (maybe? I have no idea what you are doing in your function here) storing passwords in plain text. But please realize that this is not suitable for anything beyond a personal learning project. It’s totally legit to do these kinds of things by hand to learn what is happening under the hood. You have to at least use prepared statements to prevent injection attacks. Everything you’ve put together so far will explode the minute you actually deploy it to anywhere visible to the internet. You cannot ever directly expose user input to the database. To fix this particular problem, you need single quotes around the email variable you are passing in as a function parameter.īut I have to point out that all of this is very bad practice. Sql = ‘’’INSERT INTO users (first, last, email, password) VALUES (‘first’, ‘last’, email, ‘password’)’’’ If you’re following the same pattern there as you are elsewhere, somewhere in that function, you are doing a literal insert statement along the lines of The problem is in your create_user function that you haven’t showed. Any and all insight would be greatly appreciated. When i manually execute the sql, everything works correctly, but when clicking the submit button I get the error. As you can see, the email column does exist, the email input value is labeled as email, and is passed as the variable: email. Last TEXT, email TEXT UNIQUE, password TEXT)Īnd there is data in that table (including email values). Plus, the users table was created with the following logic: CREATE_TABLE_USERS_SQL = """ĬREATE TABLE users(id INTEGER PRIMARY KEY AUTOINCREMENT, username TEXT UNIQUE, first TEXT, Usernames = cursor.execute(CHECK_USER_SQL, (username,)).fetchall() Return create_user(username, first, last, email, password)Įmails = cursor.execute(CHECK_EMAIL_SQL, (email,)).fetchall() SELECT username FROM users WHERE username = ?ĭef add_user(username, first, last, email, password): The db_mgmt module's logic that is used above: DB_NAME = 'test.db' Return redirect(url_for('signup', message = result)) ![]() Result = db_mgmt.add_user(username, first, last, email, password) This is my app/routing logic for the view in question: methods=) This is the html for the form in question: ![]() The only problem is that the email column does exist. The only problem is that when I click the submit button and it routes to the validate page that queries the database to ensure that the username or email doesn't already exist, I receive the following error: sqlite3.OperationalError: no such column: email At this point, I have a registration page with form that collects: -username I am learning Flask by trying to build a blog. OpenShift (requires extensive ssh installation of ruby, python, etc.).Google App Engine (Desktop admin app flask can be configured with this repo).WebFaction (SSH paid-web-host flask must be installed by you possible configuration and path issues possible SFTP).Heroku (SSH flask must be installed by you, slightly-difficult-windows-instructions, upgradeable cloud service).(web-SSH web-instant-MySQL-db web-IDE instant deployment of flask, free easy logs github/single-file-upload support SFTP/SSH requires pay).Official Flask website and documentation.Use if you are discussing a certain extension to Flask.Īlso check out /r/python or /r/django Websites built with Flask Use or if you have a very specific problem and need help with code. Use Python and Flask to build the web faster
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |