By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
439,941 Members | 1,789 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 439,941 IT Pros & Developers. It's quick & easy.

mod_python

P: n/a
I can't figure out how to build this type of program using the
publisher handler. I have the following connected to the program
SetHandler python-program
PythonHandler mod_python.publisher
PythonDebug On

But what I would like to do would be have a german word as the
parameter in the HTTP request and have the english world printed out on
the screen. Yes this will be a small dictionary but I just want to be
able to understand how to build the program and have it work without
any errors. Thanks for any help.

PS I understand the example of printing the say portion in the
mod_python manual but can't get past that.

Again Thanks!!

Nov 5 '05 #1
Share this Question
Share on Google+
6 Replies


P: n/a
I have created the following database but the following errors occur
when trying to execute the code.

html source:
<html>
<body>
Click here to display information from Chocolate menu:
<form action ="form.py/display" method="POST">
<p>
Press to view the display
<input type="submit">
</p>
</form>
<br>
Please provide data for chocolate to be added:
<p>
<form action ="form.py/addchocolate" method="POST">
<p>
Name: <input type="text" name="z_Name" maxlength="30"><br>
Rating: <input type="text" name="z_rating" maxlength="3"><br>
Price : <input type="text" name="z_price" maxlength="5"><br>
<input type="submit">
</p>
</form>
</body>
</html>

form.py source

import MySQLdb

def addchocolate(z_Name, z_rating, z_price):

# make sure the user provided all the parameters
if not (z_Name and z_rating and z_price):
return "A required parameter is missing, \
please go back and correct the error"
db =
MySQLdb.connect(host="localhost",user="hayward",pa sswd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )
db.commit()
cursor.close()
db.close()

def display(rating):
db =
MySQLdb.connect(host="localhost",user="hayward",pa sswd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute("""SELECT * FROM InventoryList""")
result = cursor.fetchall()
cursor.close()
db.close()
parsesongs(result)
return

def parsesongs(rawstring):
print 'Chocolate Inventory'
print
'---------------------------------------------------------------'
print 'Name Rating
Price '
print
'---------------------------------------------------------------'
for i in range (0, len(rawstring)):
table = ''
Name = rawstring[i][0]
table = table + Name
for j in range (0, (29 - len(Name))):
table = table + ' '
Rating = rawstring[i][1]
table = table + Rating
for k in range (0, (29 - len(Rating))):
table = table + ' '
Price = str(rawstring[i][2])
table = table + Price
print table
print
'---------------------------------------------------------------'
return

errors that occur
press display:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

TypeError: display() takes exactly 1 argument (0 given)

press the addition of the items:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

File
"/home/hayward/public_html/Homework/Python_Executable_Publisher/form.py",
line 11, in addchocolate
cursor.execute(

File "/usr/lib/python2.3/site-packages/MySQLdb/cursors.py", line 137,
in execute
self.errorhandler(self, exc, value)

File "/usr/lib/python2.3/site-packages/MySQLdb/connections.py", line
33, in defaulterrorhandler
raise errorclass, errorvalue

OperationalError: (1054, "Unknown column 'artist' in 'field list'")

Thanks for the help

Nov 6 '05 #2

P: n/a
Little wrote:
I have created the following database but the following errors occur
when trying to execute the code.

html source:
<html>
<body>
Click here to display information from Chocolate menu:
<form action ="form.py/display" method="POST">
<p>
Press to view the display
<input type="submit">
</p>
</form>
<br>
Please provide data for chocolate to be added:
<p>
<form action ="form.py/addchocolate" method="POST">
<p>
Name: <input type="text" name="z_Name" maxlength="30"><br>
Rating: <input type="text" name="z_rating" maxlength="3"><br>
Price : <input type="text" name="z_price" maxlength="5"><br>
<input type="submit">
</p>
</form>
</body>
</html>

form.py source

import MySQLdb

def addchocolate(z_Name, z_rating, z_price):

# make sure the user provided all the parameters
if not (z_Name and z_rating and z_price):
return "A required parameter is missing, \
please go back and correct the error"
db =
MySQLdb.connect(host="localhost",user="hayward",pa sswd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )
db.commit()
cursor.close()
db.close()

def display(rating):
db =
MySQLdb.connect(host="localhost",user="hayward",pa sswd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute("""SELECT * FROM InventoryList""")
result = cursor.fetchall()
cursor.close()
db.close()
parsesongs(result)
return

def parsesongs(rawstring):
print 'Chocolate Inventory'
print
'---------------------------------------------------------------'
print 'Name Rating
Price '
print
'---------------------------------------------------------------'
for i in range (0, len(rawstring)):
table = ''
Name = rawstring[i][0]
table = table + Name
for j in range (0, (29 - len(Name))):
table = table + ' '
Rating = rawstring[i][1]
table = table + Rating
for k in range (0, (29 - len(Rating))):
table = table + ' '
Price = str(rawstring[i][2])
table = table + Price
print table
print
'---------------------------------------------------------------'
return

errors that occur
press display:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

TypeError: display() takes exactly 1 argument (0 given)

press the addition of the items:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

File
"/home/hayward/public_html/Homework/Python_Executable_Publisher/form.py",
line 11, in addchocolate
cursor.execute(

File "/usr/lib/python2.3/site-packages/MySQLdb/cursors.py", line 137,
in execute
self.errorhandler(self, exc, value)

File "/usr/lib/python2.3/site-packages/MySQLdb/connections.py", line
33, in defaulterrorhandler
raise errorclass, errorvalue

OperationalError: (1054, "Unknown column 'artist' in 'field list'")

Thanks for the help

It's a while since I used mod_python, so this is a guess: The publisher
module finds function arguments in the POST input stream. Since your
form field is called "z_rating", publisher fails to find a "rating"
argument to pass to the function.

The second error message seems to imply that the database InventoryList
table doesn't have a column called "article".

regards
Steve
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/

Nov 6 '05 #3

P: n/a
Steve Holden wrote:
[...]

The second error message seems to imply that the database InventoryList
table doesn't have a column called "article".

regards
Steve


^article^artist^
--
Steve Holden +44 150 684 7255 +1 800 494 3119
Holden Web LLC www.holdenweb.com
PyCon TX 2006 www.python.org/pycon/

Nov 6 '05 #4

P: n/a
In article <11**********************@g14g2000cwa.googlegroups .com>,
Little <co************@yahoo.com> wrote:
I have created the following database but the following errors occur
when trying to execute the code.

html source:
<html>
<body>
Click here to display information from Chocolate menu:
<form action ="form.py/display" method="POST">
<p>
Press to view the display
<input type="submit">
</p>
</form>
<br>
Please provide data for chocolate to be added:
<p>
<form action ="form.py/addchocolate" method="POST">
<p>
Name: <input type="text" name="z_Name" maxlength="30"><br>
Rating: <input type="text" name="z_rating" maxlength="3"><br>
Price : <input type="text" name="z_price" maxlength="5"><br>
<input type="submit">
</p>
</form>
</body>
</html>

form.py source

import MySQLdb

def addchocolate(z_Name, z_rating, z_price):

# make sure the user provided all the parameters
if not (z_Name and z_rating and z_price):
return "A required parameter is missing, \
please go back and correct the error"
db =
MySQLdb.connect(host="localhost",user="hayward",p asswd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )

I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as
the entry for z_name? (Or some similar attempt to close the
SQL statement and start a new one). I think you want to google for "SQL
injection" and think about sanitising user input a bit.

--
Jim Segrave (je*@jes-2.demon.nl)

Nov 6 '05 #5

P: n/a
> I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as
the entry for z_name? (Or some similar attempt to close the
SQL statement and start a new one). I think you want to google for "SQL
injection" and think about sanitising user input a bit.


And using the parametrized form of cursor.execute() - which I guess is
easier to do. But you're right of course, too.

Regards,

Diez
Nov 7 '05 #6

P: n/a
On Sun, 06 Nov 2005 23:29:01 -0000, Jim Segrave wrote
In article <11**********************@g14g2000cwa.googlegroups .com>,
Little <co************@yahoo.com> wrote:
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )


I hate to ask, but what happens when I enter "a, b, c);DROP
DATABASE;" as the entry for z_name? (Or some similar attempt to
close the SQL statement and start a new one). I think you want to
google for "SQL injection" and think about sanitising user input a bit.


The OP is using execute() with a parameter tuple. This is the correct method
for executing a parametrized query, and it is immune to SQL injection as long
as the DB module implements parameter substitution in a sane way.

Best regards,

Carsten Haese.

Nov 7 '05 #7

This discussion thread is closed

Replies have been disabled for this discussion.