Can't login using Python and MYSQL because of malformed header from script 'login.py': Bad header: "

Question

我正在尝试使用 Ubuntu 20.04 服务器通过 Python 和 MYSQL 登录，但我总是得到,,,500 内部错误”

脚本是这样的，它不是那么安全：

#!/usr/bin/python3
import pymysql
import cgi
from http import cookies
from art import *
# Open database connection
db = pymysql.connect("localhost","superadmin","123","dinamic" )

# prepare a cursor object using cursor() method
cursor = db.cursor()
data=cgi.FieldStorage()
a=data.getvalue('e1')
b=data.getvalue('p1')

# Prepare SQL query to fetch a record into the database.
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
try:
# Execute the SQL command
 if(cursor.execute(sql)):
   # Commit your changes in the database
   db.commit()
   c=cookies.SimpleCookie()

   # assign a value
   c['mou']=a

   # set the xpires time
   c['mou']['expires']=24*60*60

   # print the header, starting with the cookie
   print (c)
   print("Content-type: text/html")
   print('''<html>
      <head>
         <title>Hello Word - First script</title>
      </head>
      <body>
         <h2>successfully login</h2>
      </body>
   </html>''')
 else:
   # Commit your changes in the database
   db.commit()
   print("Content-type: text/html")
   print("<html>")
   print("<body>")
   print("<h2>fail</h2>")
   print("</body>")
   print("</html>")
except:
   # Rollback in case there is any error
   db.rollback()

和 HTML 文件：

<html>
   <body>
      <form action="login.py" method="post">
         email: <input type="text" name="e1">
         password: <input type="password" name="p1">
         <input type="submit" value="register">
      </form>
   </body>
</html>

在日志中，我收到以下错误：

 File "/var/www/html/dinamic_python/login.py", line 15, in <module>: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324689 2021]   sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'": /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.363064 2021] [cgi:error] [pid 18037] [client 127.0.0.1:59482] End of script output before headers: login.py

我究竟做错了什么？ 我的脚本有问题吗？

Answer 1

这一行：

sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"

看起来很腥。

我通常尝试做这样的事情：

sql = "SELECT id, email, password FROM register WHERE email = %s AND password = %s"

然后调用你的 cursor： cursor.execute(sql, (a, b))

将参数作为字符串传递到查询中并不是最好的主意。 有关更多信息，请参见此处和此处。

根据错误判断：

[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py

看起来您的一个或多个变量（a 或 b）可能是 NoneType。

Answer 2

尝试打印。

print("{} / {}".format(a, b))

A 或 B 的类型为“NoneType”：TypeError：只能连接 str（不是“NoneType”）

Answer 3

问题是我需要将print ("Content-type: text/html", end="\r\n\r\n", flush=True)添加到 if 和 else 语句中。 另外，请注意\r\n ，使用它非常重要。

Can't login using Python and MYSQL because of malformed header from script 'login.py': Bad header: "

问题描述

3 个解决方案

解决方案1
1 2021-03-24 17:26:23

解决方案2
0 2021-03-24 17:26:51

解决方案3
0 已采纳 2021-03-24 18:53:10

Can't login using Python and MYSQL because of malformed header from script 'login.py': Bad header: "

问题描述

3 个解决方案

解决方案1 1 2021-03-24 17:26:23

解决方案2 0 2021-03-24 17:26:51

解决方案3 0 已采纳 2021-03-24 18:53:10

解决方案1
1 2021-03-24 17:26:23

解决方案2
0 2021-03-24 17:26:51

解决方案3
0 已采纳 2021-03-24 18:53:10