I have model:
`class User(Base):
tablename = 'user'
id = Column(Integer, Sequence('id'), primary_key=True)
name = Column(String(50), nullable=False)
coffee_id = Column(Integer, ForeignKey('coffee.id'))
coffee = relationship('Coffee', backref='users')`
in SQL Alchemy I create object:
new_user = User(name="user", coffee_id=1) async with session.begin(): session.add(new_user)
If i am trying get new_user.coffee i get exception, that object is not downloaded.
Of course i can do:
user_with_coffee = select(User) \ .filter_by(id=new_user.id) \ .options(selectinload(User.coffee)) new_user = await session.execute(user_with_coffee)
But maybe i can add some parameter in add method of session or something else to avoid second query in db ?
Related
I would like to know how I should change my code to prevent it from Injections:
import sqlite3
def search_in_database(column,searched_data):
con = sqlite3.connect('db.sqlite3')
cursor = con.cursor()
cursor.execute(f"""SELECT
id
FROM
My_library
WHERE
{column} LIKE '%{searched_data}%'
;""")
all = [i for i in cursor.fetchall()]
return all
I found code in web which gives an example of how to do it:
from sqlalchemy.sql import text
# Create a connection conn
stmt = text("""SELECT * FROM users
WHERE user = :username AND password = :password""")
conn.execute(stmt, prams={"username": "foo", "password": "bar"})
but In my HTML file I would like to give to user possibility to choose the:
Place where he wants to search in Titles, authors, published_dates,isbn, language...
and when he choose where He what to search then he types the query.
How to do it in this case, avoiding Injections?
My data base:
class My_library(db.Model):
id = db.Column(db.Integer, primary_key=True)
title = db.Column(db.String(250))
authors = db.Column(db.String(100))
published_date = db.Column(db.Integer)
isbn_or_identifier = db.Column(db.String(15), unique=True)
page_count = db.Column(db.String(10000))
language = db.Column(db.String(3))
image_links = db.Column(db.String(500))
I also added validators:
from flask_wtf import FlaskForm
from wtforms import SubmitField,StringField
from wtforms.validators import ValidationError,DataRequired,Length, URL
from wtforms.fields.html5 import DateField,IntegerField,DateField,IntegerField, URLField
class AddRecValidators(FlaskForm):
title = StringField(label=('Title:'),validators=[DataRequired(), Length(min=1,max=50)])
authors = StringField(label=('Authors:'),validators=[Length(min=1,max=100)])
published_date = IntegerField(label=('Published date:'),validators=[Length(min=1,max=4)])
isbn_or_identifier = IntegerField(label=('ISBN:'),validators=[Length(min=1,max=15)])
page_count = IntegerField(label=('Page count:'),validators=[ Length(min=1,max=10000)])
language = StringField(label=('Language:'),validators=[ Length(min=1,max=3)])
image_links = URLField(label=('Image links:'))
submit = SubmitField(label=('Add to library'))
Thanks for help in advance :D
You can use sqlalchemy to build the query. For example:
q = My_library.__table__.select().where(
My_library.__table__.c.title == "The searched title"
)
but that's not exactly what you wanted. You can also address the columns by their names like this:
q = My_library.__table__.select().where(
My_library.__table__.c["title"] == "The searched title"
)
# or
q = My_library.__table__.select().where(
My_library.__table__.c["title"].like("%The searched title%")
)
Therefore you can do this:
q = My_library.__table__.select().where(
My_library.__table__.c[column].like(f"%{searched_data}%")
)
cursor.execute(q)
In case you only want the ID, you would do this:
q = sqlalchemy.select([My_library.__table__.c.id]).where(
My_library.__table__.c[column].like(f"%{searched_data}%")
)
# you can print(q) to see what it constructed
cursor.execute(q)
That was SQLAlchemy Query Language. You are using ORM. I suggest you read-up something about a session in flask first.
It is still possible to get to the column-name related attribute and I am not sure this is the most efficient way:
q = session.query(My_library.id).filter(
getattr(My_library, column).like(f"%{searched_data}%"),
)
I am fairly new to Flask and am trying to add a new row to one of my tables (called companies), everything seems to work fine until I try to commit a new set of data to said table. It keeps on showing as null, and I am not sure why. I have done the same steps with a different table and column and it worked fine. Any help would be appreciated.
Below is my logic:
#app.route('/addcompany')
#login_required
def addCompany():
if request.method == 'POST':
company_name = request.form['companyname']
company_description = request.form['companydescription']
file = request.files['file']
# if user does not select file, browser also
# submit a empty part without filename
if file.filename == '':
filename = '1200px-No-logo.svg.png'
if file and EXTENSIONS:
filename = secure_filename(file.filename)
file.save(os.path.join(app.config['UPLOAD_FOLDER'], filename))
logo = 'logos/'+filename
company_website = 'www.google.com' #request.form['companywebsite']
new_company = companies(description=company_description, company_name=company_name, logo=logo, company_website=company_website)
try:
db.session.add(new_company)
db.session.commit()
return redirect('/')
except:
return 'there was an issue adding the company'
else:
return render_template('addcompany.html')
And here is the db. class:
class companies(db.Model):
id = db.Column(db.Integer, primary_key=True)
description = db.Column(db.String(200), nullable=False)
company_name = db.Column(db.String(50), nullable=False)
logo = db.Column(db.String(200), nullable=True)
company_website = db.Column(db.String(50), nullable=True)
date_created = db.Column(db.DateTime, default=datetime.utcnow())
def __ref__(self):
return '<Company %r>' % self.id
Everything but the company_website column works, any ideas?
the database with a couple of tests
I'm trying to turn on realm sync on device which already contains some data, that already persists on server. When new user connects to realm, it should merge local realm data with synced realm data. But this code is launched before initial sync happens. Since there is no data from server is received yet, app creates some records in synchronized realm. When sync finishes I see same data twice. Records I've just created and data fetched from server. With same primary key.
See code below for an example:
RLMRealmConfiguration *config = [[RLMRealmConfiguration alloc] init];
config.syncConfiguration = [[RLMSyncConfiguration alloc] initWithUser:user realmURL:self.realmURL];
NSError *error = nil;
RLMRealm *newRealm = [RLMRealm realmWithConfiguration:config error:&error];
if(newRealm != nil && error == nil)
{
[newRealm beginWriteTransaction];
for(ModelFolder *folder in [ModelFolder allObjectsInRealm:curRealm])
{
ModelFolder *newFolder = [ModelFolder objectInRealm:newRealm forPrimaryKey:folder.uuid];
if(newFolder == nil)
[ModelFolder createInRealm:newRealm withValue:folder];
}
[newRealm commitWriteTransaction];
}
Is there a way to detect, that realm is completed initial sync?
UPD: Few more details.
ModelFolder contains #property RLMArray<ModelBookmark *><ModelBookmark> *bookmarks; And when I create Folder, that equals some folder that will be fetched in a few seconds they merged correctly. But. Bookmarks inside Folder object is not deduplicated and we get something like this:
RLMResults <0x802082d0> (
[0] ModelFolder {
uuid = 2615AB34-1C08-4E7B-8D49-6E02EDBCDF89;
name = (null);
descr = (null);
shareURL = (null);
date = 1484566331137;
bookmarks = RLMArray <0x806c78d0> (
[0] ModelBookmark {
uuid = C752FCEB-65CB-47C8-8CF4-6CA44C119ECC;
name = (null);
descr = (null);
shareURL = (null);
date = 1484566331137;
folderUuid = 2615AB34-1C08-4E7B-8D49-6E02EDBCDF89;
longitude = 27.54834598813616;
latitude = 53.91333128839566;
mapZoom = 11.73785983313041;
category = 0;
visible = 1;
},
[1] ModelBookmark {
uuid = C752FCEB-65CB-47C8-8CF4-6CA44C119ECC;
name = (null);
descr = (null);
shareURL = (null);
date = 1484566331137;
folderUuid = 2615AB34-1C08-4E7B-8D49-6E02EDBCDF89;
longitude = 27.54834598813616;
latitude = 53.91333128839566;
mapZoom = 11.73785983313041;
category = 0;
visible = 1;
}
);
tracks = RLMArray <0x806fb120> (
);
opened = 1;
}
)
Unfortunately merging of the ordered lists is not supported currently (until https://github.com/realm/realm-core/issues/1206 is implemented). For now you have to manually deduplicate list items, you can use the same workaround we use in RealmTasks app, see https://github.com/realm/RealmTasks/pull/180 for implementation details.
Given this code:
var NewComm = CRM.CreateRecord("Communication");
NewComm("Comm_ChannelId") = Request.Form("chanId");
NewComm("Comm_Type") = "Appointment";
NewComm("Comm_DateTime") = Request.Form("initialHour");
NewComm("Comm_Status") = "Pending";
NewComm("Comm_Priority") = "Normal";
NewComm("Comm_Action") = "Meeting";
NewComm("Comm_SecTerr") = Request.Form("secTerr");
NewComm("Comm_Subject") = "No Subject";
NewComm("Comm_Note") = "No notes";
NewComm.SaveChanges();
There is a method of the CreateRecord Object to retrieve the ID of the recently created record?
Once you have created the new record, the Id becomes available in the object. Using your example above, you can simply get the Id with this code:
NewComm.SaveChanges();
var CommId = NewComm("Comm_CommunicationId");
This applies to any record type with the same method.
Six Ticks Support
I am making a very simple application with 2 webpages at the moment under URLs: localhost:8080/restaurants/ and localhost:8080/restaurants/new.
I have a sqlite database which i manipulate with SQLAlchemy in my python code.
On my first page localhost:8080/restaurants/, this just contains the lists of restaurants available in my database.
My second page localhost:8080/restaurants/new, is where i have a form in order to a new restaurant such that it displays on localhost:8080/restaurants.
However Whenever i enter a new restaurant name on form at localhost:8080/restaurants/new, it fails to redirect me back to localhost:8080/restaurants/ in order to show me the new restaurant, instead it just remains on the same url link localhost:8080/restaurants/new with the message "No data received" .
Below is my code:
import cgi
from BaseHTTPServer import BaseHTTPRequestHandler, HTTPServer
#import libraries and modules
from sqlalchemy import create_engine
from sqlalchemy.orm import sessionmaker
from database_setup import Base, Restaurant, MenuItem
#create and connect to database
engine = create_engine('sqlite:///restaurantmenu.db')
Base.metadata.bind=engine
DBSession = sessionmaker(bind=engine)
session = DBSession()
class webServerHandler(BaseHTTPRequestHandler):
""" class defined in the main method"""
def do_GET(self):
try:
#look for url then ends with '/hello'
if self.path.endswith("/restaurants"):
self.send_response(200)
#indicate reply in form of html to the client
self.send_header('Content-type', 'text/html')
#indicates end of https headers in the response
self.end_headers()
#obtain all restaurant names from databse
restaurants = session.query(Restaurant).all()
output = ""
output += "<html><body><a href='/restaurants/new'>Add A New Restaurant</a>"
output += "</br></br>"
for restaurant in restaurants:
output += restaurant.name
output += """<div>
<a href='#'>Edit</a>
<a href='#'>Delete</a>
</div>"""
output += "</br></br>"
output += "</body></html>"
self.wfile.write(output)
print output
return
if self.path.endswith("/restaurants/new"):
self.send_response(200)
self.send_header('Content-type', 'text/html')
self.end_headers()
output = ""
output += "<html><body>"
output += "<h1>Add New Restaurant</h1>"
output += "<form method='POST' enctype='multipart/form-data action='/restaurants/new'>"
output += "<input name='newRestaurant' type='text' placeholder='New Restaurant Name'>"
output += "<input name='Create' type='submit' label='Create'>"
output += "</form></body></html>"
self.wfile.write(output)
return
except IOError:
self.send_error(404, "File %s not found" % self.path)
def do_POST(self):
try:
if self.path.endswith("/restaurants/new"):
ctype, pdict = cgi.parse_header(self.headers.getheader('content-type'))
#check of content-type is form
if ctype == 'mulitpart/form-data':
#collect all fields from form, fields is a dictionary
fields = cgi.parse_multipart(self.rfile, pdict)
#extract the name of the restaurant from the form
messagecontent = fields.get('newRestaurant')
#create the new object
newRestaurantName = Restaurant(name = messagecontent[0])
session.add(newRestaurantName)
session.commit()
self.send_response(301)
self.send_header('Content-type', 'text/html')
self.send_header('Location','/restaurants')
self.end_headers()
except:
pass
def main():
"""An instance of HTTPServer is created in the main method
HTTPServer is built off of a TCP server indicating the
transmission protocol
"""
try:
port = 8080
#server address is tuple & contains host and port number
#host is an empty string in this case
server = HTTPServer(('', port), webServerHandler)
print "Web server running on port %s" % port
#keep server continually listening until interrupt occurs
server.serve_forever()
except KeyboardInterrupt:
print "^C entered, stopping web server...."
#shut down server
server.socket.close()
#run main method
if __name__ == '__main__':
main()
for reference here is my database_setup file where i create the database:
import sys
#importing classes from sqlalchemy module
from sqlalchemy import Column, ForeignKey, Integer, String
#delcaritive_base , used in the configuration
# and class code, used when writing mapper
from sqlalchemy.ext.declarative import declarative_base
#relationship in order to create foreign key relationship
#used when writing the mapper
from sqlalchemy.orm import relationship
#create_engine to used in the configuration code at the
#end of the file
from sqlalchemy import create_engine
#this object will help set up when writing the class code
Base = declarative_base()
class Restaurant(Base):
"""
class Restaurant corresponds to restaurant table
in the database to be created.
table representation for restaurant which
is in the database
"""
__tablename__ = 'restaurant'
#column definitions for the restaurant table
id = Column(Integer, primary_key=True)
name = Column(String(250), nullable=False)
class MenuItem(Base):
"""
class MenuItem corresponds to restaurant table
table representation for menu_item which
is in the database
"""
__tablename__ = 'menu_item'
#column definitions for the restaurant table
name = Column(String(80), nullable=False)
id = Column(Integer, primary_key=True)
course = Column(String(250))
description = Column(String(250))
price = Column(String(8))
restaurant_id = Column(Integer, ForeignKey('restaurant.id'))
restaurant = relationship(Restaurant)
#create an instance of create_engine class
#and point to the database to be used
engine = create_engine(
'sqlite:///restaurantmenu.db')
#that will soon be added into the database. makes
#the engine
Base.metadata.create_all(engine)
I can't figure out why i cannot add new restuarants
I know this was a long time ago, but I figured out your problem.
First, the enctype='multipart/form-data' in your do_GET function under the if self.path.endswith("/restaurants/new"): portion is missing a final single quote. Second, you misspelt 'multipart' in if ctype == 'multipart/form-data':. Hope that can help you or others.
As shteeven said, the problem was with the encryption type in the form.
As the quote was missed, the 'Content-type' changed to 'application/x-www-form-urlencoded' so in that case you should parse it different as it's a string.
In order to manage both enctype you can modify your do_POST as the following
def do_POST(self):
try:
if self.path.endswith("/restaurants/new"):
ctype, pdict = cgi.parse_header(self.headers.getheader('content-type'))
print ctype
#check of content-type is form
if (ctype == 'multipart/form-data') or (ctype == 'application/x-www-form-urlencoded'):
#collect all fields from form, fields is a dictionary
if ctype == 'multipart/form-data':
fields = cgi.parse_multipart(self.rfile, pdict)
else:
content_length = self.headers.getheaders('Content-length')
length = int(content_length[0])
body = self.rfile.read(length)
fields = urlparse.parse_qs(body)
#extract the name of the restaurant from the form
messagecontent = fields.get('newRestaurant')
#create the new object
newRestaurantName = Restaurant(name = messagecontent[0])
session.add(newRestaurantName)
session.commit()
self.send_response(301)
self.send_header('Location','/restaurants')
self.end_headers()
return
Hope this extra information is useful for you!