I've been trying to run this code but kept getting a type error, I've searched the web but didn't find solution to my problem. NB: This is a fraction of the whole code
@app.route("/search", methods = ["GET", "POST"])
def search():
if "user_email" not in session:
return render_template("sign.html", error="Please Login First", work="Failed")
if request.method == 'GET':
title = request.form.get('title')
isbn = request.form.get('isbn')
author = request.form.get('author')
searchs = db.execute("SELECT * FROM books WHERE author iLIKE '%"+author+"%' OR title iLIKE '%"+title+"%' OR isbn iLIKE '%"+isbn+"%'").fetchall()
return render_template('search.html', work = 'Success', searchs = searchs )
As a beginner, a reasonably simple solution to the problem is to run separate queries for each variable, if they are provided, and merge them into a single list for the template (we can get away with this because we're always querying the same table, so the output rows will always have the same structure).
@app.route("/search", methods = ["GET", "POST"])
def search():
if "user_email" not in session:
return render_template("sign.html", error="Please Login First", work="Failed")
if request.method == 'GET':
# Make a list to hold the results.
searches = []
title = request.form.get('title')
if title is not None:
titles = db.execute("SELECT * FROM books WHERE title ILIKE %s", ('%'+title+'%',)).fetchall()
searchs.extend(titles)
isbn = request.form.get('isbn')
if isbn is not None:
isbns = db.execute("SELECT * FROM books WHERE isbn ILIKE %s", ('%'+isbn+'%',)).fetchall()
searchs.extend(isbns)
author = request.form.get('author')
if author is not None:
authors = db.execute("SELECT * FROM books WHERE author ILIKE %s", ('%'+author+'%',)).fetchall()
searchs.extend(authors)
return render_template('search.html', work = 'Success', searchs = searchs )
There are better ways to do this, but this should work for now. Note that the form of the queries
result = db.execute("SELECT thing FROM table WHERE thing = %s", (value,))
ensures that the query values are sent to the database in the format it expects (they are "quoted", in the jargon), and prevents SQL injection attacks, when a malicious user enters SQL scripts into your web form to see if they can download data from your database, or change or delete the data it contains.
I would assume you are getting this error because the request.form.get() is returning a None value. Also, request.form is used to retrieve POST Data but it seems like you are using this for a GET request.
In the past, I have used this command to get parameters from a GET request
search = request.args.get("search_query", "")
The 2nd parameter in request.args.get is a default value
the.fetchall() is not needed and may be the reason, You should use db.engine.execute()
query = ('SELECT State_name, count(State_name) FROM "University" group by State_name')
res = db.engine.execute(query)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.