无法将WTForms数据提交到MySQL
[英]Can't submit WTForms data into MySQL
问题描述
Can't submit WTForms data into MySQL database because the data submitted is still in Unbound Fields and stuff, although I attempted to convert it into a string. 
无法提交WTForms数据到MySQL数据库,因为尽管我尝试将其转换为字符串,但提交的数据仍在“未绑定字段”和填充中。 Not sure what to do. 不知道该怎么办。
I am trying to create a registration form using Flask and WTForms. 我正在尝试使用Flask和WTForms创建注册表单。 I am getting the following error when I get to the part of putting the data (username, password, email) into the MySQL database: 当我将数据(用户名,密码,电子邮件)放入MySQL数据库时,出现以下错误:
I have tried looking everywhere but there is no where that explains how I could fix this. 我尝试到处寻找,但是没有地方可以解释如何解决此问题。 The following is the relevant code: 以下是相关代码:
class User():
global cur
cur = config.conn.cursor()
def __init__(self, username, password, email):
self.usr = username
self.pwd = password
self.mail = email
def database(self, username, password, email):
u_p_e = cur.execute("INSERT into users (username, pwd, e-mail) VALUES ('%s', '%s', '%s')"
% (username, password, email))
cur.commit()
class Register(Form):
reg_username = TextField('Username', [validators.Length(min=1, max = 12)])
username = str(reg_username)
reg_password = PasswordField('Password', [
validators.Required(),
validators.EqualTo('confirm_password', message='Passwords do not match')
])
confirm_password = PasswordField('Confirm Password')
password = str(confirm_password)
reg_email = TextField('Email', [validators.Length(min=6, max=35)])
email = str(reg_email)
enter_db = User(username, password, email)
enter_db.database(username, password, email)
I am new to web development using Flask/WTForms. 我是使用Flask / WTForms进行Web开发的新手。
2 个解决方案
解决方案1
0 2014-02-19 07:37:41
As documented under Schema Object Names : 如架构对象名称中所述 :
Certain objects within MySQL, including database, table, index, column, alias, view, stored procedure, partition, tablespace, and other object names are known as identifiers.
[ deletia ]Identifiers are converted to Unicode internally.
Permitted characters in unquoted identifiers:
ASCII: [0-9,az,AZ$_] (basic Latin letters, digits 0-9, dollar, underscore)
Extended: U+0080 .. U+FFFF
Permitted characters in quoted identifiers include the full Unicode Basic Multilingual Plane (BMP), except U+0000:
ASCII: U+0001 .. U+007F
Extended: U+0080 .. U+FFFF
[ deletia ]The identifier quote character is the backtick (“
`”):`”):
Therefore, to include a hyphen in your e-mail column name (which is generally a bad idea), one must quote the identifier in backticks. 因此,要将连字符添加到您e-mail列名称中(通常是个坏主意),必须在反引号中加上标识符。
解决方案2
0 已采纳 2014-02-19 16:11:08
There are two problems with your code. 您的代码有两个问题。
The first problem is with how you define your class. 第一个问题是如何定义课程。
class Register(Form):
reg_username = TextField('Username', [validators.Length(min=1, max = 12)])
username = str(reg_username)
reg_password = PasswordField('Password', [
validators.Required(),
validators.EqualTo('confirm_password', message='Passwords do not match')
])
confirm_password = PasswordField('Confirm Password')
password = str(confirm_password)
reg_email = TextField('Email', [validators.Length(min=6, max=35)])
email = str(reg_email)
enter_db = User(username, password, email)
enter_db.database(username, password, email)
Your calls to str happen when the class is created and convert the reg_username , confirm_password , and reg_email attributes to strings. 您的通话str创建该类时发生,转换reg_username , confirm_password和reg_email属性字符串。 The value you are seeing in your error message is the return value from TextField.__str__ . 您在错误消息中看到的值是TextField.__str__的返回值。
You then attach enter_db as an attribute of Register . 然后,将enter_db附加为Register的属性。 enter_db is a User instantiated with the values of Register.username , Register.password , and Register.email . enter_db是一个用Register.username , Register.password和Register.email的值实例化的User 。 Then, still at class creation time, you call Register.enter_db.database and give it the same values as you used to instatiate Register.enter_db . 然后,仍在类创建时,调用Register.enter_db.database并为其提供与用于实例化Register.enter_db相同的值。
At no point in time do you assign values to the reg_username , confirm_password , and reg_email fields. 在时间你赋值到没有一点reg_username , confirm_password和reg_email领域。 This is typically done by providing request.form when you instantiate Register , for example form = Register(request.form) . 这通常通过在实例化Register时提供request.form来完成,例如form = Register(request.form) 。 Once you have done this, you would be able to access the values of each field through form.reg_username.data , etc. This part would typically take place in a view function. 完成此操作后,您将可以通过form.reg_username.data等访问每个字段的值。这部分通常在视图函数中进行。
The second problem you are having is how you execute your SQL statement. 您遇到的第二个问题是如何执行SQL语句。
"INSERT into users (username, pwd, e-mail) VALUES ('%s', '%s', '%s')"
% (username, password, email)
This uses string interpolation to place the values of username , password , and email directly into the statement before executing it. 这使用字符串插值在执行之前将username , password和email的值直接放入语句中。 In addition to this being a bad practice, any ' in one of the values will break your statement. 除了这是一种不好的做法之外,其中一个值中的任何'都会破坏您的陈述。 This is what's happening to you because TextField.__str__ includes single quotes around the field's name. 这就是您正在发生的事情,因为TextField.__str__在字段名称周围包含单引号。
A better (and more secure) approach would be to use a parameterized query. 更好(更安全)的方法是使用参数化查询。 While the specifics vary from driver to driver, I believe the ? 尽管具体情况因驾驶员而异,但我相信? is a pretty common implementation. 是一个非常常见的实现。 This would change your query to something along the lines of 这会将您的查询更改为以下内容:
"INSERT into users (username, pwd, email) VALUES (?, ?, ?)"
You'd then pass the values to cur.execute 然后将值传递给cur.execute
cur.execute("INSERT into users (username, pwd, email) VALUES (?, ?, ?)", (username, password, email))
Addressing both of these should put you on the right path. 解决这两个问题将使您走上正确的道路。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.