[英]Can't login using Python and MYSQL because of malformed header from script 'login.py': Bad header: <html>"
我正在尝试使用 Ubuntu 20.04 服务器通过 Python 和 MYSQL 登录,但我总是得到,,,500 内部错误”
脚本是这样的,它不是那么安全:
#!/usr/bin/python3
import pymysql
import cgi
from http import cookies
from art import *
# Open database connection
db = pymysql.connect("localhost","superadmin","123","dinamic" )
# prepare a cursor object using cursor() method
cursor = db.cursor()
data=cgi.FieldStorage()
a=data.getvalue('e1')
b=data.getvalue('p1')
# Prepare SQL query to fetch a record into the database.
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
try:
# Execute the SQL command
if(cursor.execute(sql)):
# Commit your changes in the database
db.commit()
c=cookies.SimpleCookie()
# assign a value
c['mou']=a
# set the xpires time
c['mou']['expires']=24*60*60
# print the header, starting with the cookie
print (c)
print("Content-type: text/html")
print('''<html>
<head>
<title>Hello Word - First script</title>
</head>
<body>
<h2>successfully login</h2>
</body>
</html>''')
else:
# Commit your changes in the database
db.commit()
print("Content-type: text/html")
print("<html>")
print("<body>")
print("<h2>fail</h2>")
print("</body>")
print("</html>")
except:
# Rollback in case there is any error
db.rollback()
和 HTML 文件:
<html>
<body>
<form action="login.py" method="post">
email: <input type="text" name="e1">
password: <input type="password" name="p1">
<input type="submit" value="register">
</form>
</body>
</html>
在日志中,我收到以下错误:
File "/var/www/html/dinamic_python/login.py", line 15, in <module>: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324689 2021] sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'": /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.363064 2021] [cgi:error] [pid 18037] [client 127.0.0.1:59482] End of script output before headers: login.py
我究竟做错了什么? 我的脚本有问题吗?
这一行:
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
看起来很腥。
我通常尝试做这样的事情:
sql = "SELECT id, email, password FROM register WHERE email = %s AND password = %s"
然后调用你的 cursor: cursor.execute(sql, (a, b))
将参数作为字符串传递到查询中并不是最好的主意。 有关更多信息,请参见此处和此处。
根据错误判断:
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
看起来您的一个或多个变量(a 或 b)可能是 NoneType。
尝试打印。
print("{} / {}".format(a, b))
A 或 B 的类型为“NoneType”:TypeError:只能连接 str(不是“NoneType”)
问题是我需要将print ("Content-type: text/html", end="\r\n\r\n", flush=True)
添加到 if 和 else 语句中。 另外,请注意\r\n
,使用它非常重要。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.