mod_python

[Little]

I can't figure out how to build this type of program using the
publisher handler. I have the following connected to the program
SetHandler python-program
PythonHandler mod_python.publisher
PythonDebug On

But what I would like to do would be have a german word as the
parameter in the HTTP request and have the english world printed out on
the screen. Yes this will be a small dictionary but I just want to be
able to understand how to build the program and have it work without
any errors. Thanks for any help.

PS I understand the example of printing the say portion in the
mod_python manual but can't get past that.

Again Thanks!!

 

[Little]

I have created the following database but the following errors occur
when trying to execute the code.

html source:
<html>
<body>
Click here to display information from Chocolate menu:
<form action ="form.py/display" method="POST">
<p>
Press to view the display
<input type="submit">
</p>
</form>
<br>
Please provide data for chocolate to be added:
<p>
<form action ="form.py/addchocolate" method="POST">
<p>
Name: <input type="text" name="z_Name" maxlength="30"><br>
Rating: <input type="text" name="z_rating" maxlength="3"><br>
Price : <input type="text" name="z_price" maxlength="5"><br>
<input type="submit">
</p>
</form>
</body>
</html>

form.py source

import MySQLdb

def addchocolate(z_Name, z_rating, z_price):

# make sure the user provided all the parameters
if not (z_Name and z_rating and z_price):
return "A required parameter is missing, \
please go back and correct the error"
db =
MySQLdb.connect(host="localhost",user="hayward",passwd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )
db.commit()
cursor.close()
db.close()

def display(rating):
db =
MySQLdb.connect(host="localhost",user="hayward",passwd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute("""SELECT * FROM InventoryList""")
result = cursor.fetchall()
cursor.close()
db.close()
parsesongs(result)
return

def parsesongs(rawstring):
print 'Chocolate Inventory'
print
'---------------------------------------------------------------'
print 'Name Rating
Price '
print
'---------------------------------------------------------------'
for i in range (0, len(rawstring)):
table = ''
Name = rawstring[0]
table = table + Name
for j in range (0, (29 - len(Name))):
table = table + ' '
Rating = rawstring[1]
table = table + Rating
for k in range (0, (29 - len(Rating))):
table = table + ' '
Price = str(rawstring[2])
table = table + Price
print table
print
'---------------------------------------------------------------'
return

errors that occur
press display:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

TypeError: display() takes exactly 1 argument (0 given)

press the addition of the items:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

File
"/home/hayward/public_html/Homework/Python_Executable_Publisher/form.py",
line 11, in addchocolate
cursor.execute(

File "/usr/lib/python2.3/site-packages/MySQLdb/cursors.py", line 137,
in execute
self.errorhandler(self, exc, value)

File "/usr/lib/python2.3/site-packages/MySQLdb/connections.py", line
33, in defaulterrorhandler
raise errorclass, errorvalue

OperationalError: (1054, "Unknown column 'artist' in 'field list'")

Thanks for the help

 

[Steve Holden]

I have created the following database but the following errors occur
when trying to execute the code.

html source:
<html>
<body>
Click here to display information from Chocolate menu:
<form action ="form.py/display" method="POST">
<p>
Press to view the display
<input type="submit">
</p>
</form>
<br>
Please provide data for chocolate to be added:
<p>
<form action ="form.py/addchocolate" method="POST">
<p>
Name: <input type="text" name="z_Name" maxlength="30"><br>
Rating: <input type="text" name="z_rating" maxlength="3"><br>
Price : <input type="text" name="z_price" maxlength="5"><br>
<input type="submit">
</p>
</form>
</body>
</html>

form.py source

import MySQLdb

def addchocolate(z_Name, z_rating, z_price):

# make sure the user provided all the parameters
if not (z_Name and z_rating and z_price):
return "A required parameter is missing, \
please go back and correct the error"
db =
MySQLdb.connect(host="localhost",user="hayward",passwd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )
db.commit()
cursor.close()
db.close()

def display(rating):
db =
MySQLdb.connect(host="localhost",user="hayward",passwd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute("""SELECT * FROM InventoryList""")
result = cursor.fetchall()
cursor.close()
db.close()
parsesongs(result)
return

def parsesongs(rawstring):
print 'Chocolate Inventory'
print
'---------------------------------------------------------------'
print 'Name Rating
Price '
print
'---------------------------------------------------------------'
for i in range (0, len(rawstring)):
table = ''
Name = rawstring[0]
table = table + Name
for j in range (0, (29 - len(Name))):
table = table + ' '
Rating = rawstring[1]
table = table + Rating
for k in range (0, (29 - len(Rating))):
table = table + ' '
Price = str(rawstring[2])
table = table + Price
print table
print
'---------------------------------------------------------------'
return

errors that occur
press display:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

TypeError: display() takes exactly 1 argument (0 given)

press the addition of the items:
Mod_python error: "PythonHandler mod_python.publisher"

Traceback (most recent call last):

File "/usr/lib/python2.3/site-packages/mod_python/apache.py", line
193, in Dispatch
result = object(req)

File "/usr/lib/python2.3/site-packages/mod_python/publisher.py", line
173, in handler
result = apply(object, (), args)

File
"/home/hayward/public_html/Homework/Python_Executable_Publisher/form.py",
line 11, in addchocolate
cursor.execute(

File "/usr/lib/python2.3/site-packages/MySQLdb/cursors.py", line 137,
in execute
self.errorhandler(self, exc, value)

File "/usr/lib/python2.3/site-packages/MySQLdb/connections.py", line
33, in defaulterrorhandler
raise errorclass, errorvalue

OperationalError: (1054, "Unknown column 'artist' in 'field list'")

Thanks for the help

It's a while since I used mod_python, so this is a guess: The publisher
module finds function arguments in the POST input stream. Since your
form field is called "z_rating", publisher fails to find a "rating"
argument to pass to the function.

The second error message seems to imply that the database InventoryList
table doesn't have a column called "article".

regards
Steve

 

[Steve Holden]

Steve Holden wrote:
[...]

The second error message seems to imply that the database InventoryList
table doesn't have a column called "article".

regards
Steve

^article^artist^

 

[Jim Segrave]

I have created the following database but the following errors occur
when trying to execute the code.

html source:
<html>
<body>
Click here to display information from Chocolate menu:
<form action ="form.py/display" method="POST">
<p>
Press to view the display
<input type="submit">
</p>
</form>
<br>
Please provide data for chocolate to be added:
<p>
<form action ="form.py/addchocolate" method="POST">
<p>
Name: <input type="text" name="z_Name" maxlength="30"><br>
Rating: <input type="text" name="z_rating" maxlength="3"><br>
Price : <input type="text" name="z_price" maxlength="5"><br>
<input type="submit">
</p>
</form>
</body>
</html>

form.py source

import MySQLdb

def addchocolate(z_Name, z_rating, z_price):

# make sure the user provided all the parameters
if not (z_Name and z_rating and z_price):
return "A required parameter is missing, \
please go back and correct the error"
db =
MySQLdb.connect(host="localhost",user="hayward",passwd="hayward",db="hayward")
cursor = db.cursor()
cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )

I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as
the entry for z_name? (Or some similar attempt to close the
SQL statement and start a new one). I think you want to google for "SQL
injection" and think about sanitising user input a bit.

 

[Diez B. Roggisch]

I hate to ask, but what happens when I enter "a, b, c);DROP DATABASE;" as

the entry for z_name? (Or some similar attempt to close the
SQL statement and start a new one). I think you want to google for "SQL
injection" and think about sanitising user input a bit.

And using the parametrized form of cursor.execute() - which I guess is
easier to do. But you're right of course, too.

Regards,

Diez

 

[Carsten Haese]

cursor.execute(
"""INSERT INTO InventoryList (artist, title, rating) VALUES (%s,
%s, %s)""", (z_Name, z_rating, z_price) )

I hate to ask, but what happens when I enter "a, b, c);DROP
DATABASE;" as the entry for z_name? (Or some similar attempt to
close the SQL statement and start a new one). I think you want to
google for "SQL injection" and think about sanitising user input a bit.[/QUOTE]

The OP is using execute() with a parameter tuple. This is the correct method
for executing a parametrized query, and it is immune to SQL injection as long
as the DB module implements parameter substitution in a sane way.

Best regards,

Carsten Haese.