TypeError:get_bind()获得了意外的关键字参数 [英] TypeError: get_bind() got an unexpected keyword argument
问题描述
我正在尝试使用
from sqlalchemy import create_engine
from sqlalchemy.orm import scoped_session, sessionmaker
在其中创建了一个基本的登录页面和一个注册页面,当我尝试使用html代码时:
In it I am created a basic login page and a register page and when I try to use html code:
<form action="/login" method="post">
<input autocomplete="off" autofocus name="username" placeholder="Username" type="text">
<input class="form-control" name="password" placeholder="Password" type="password">
<button class="btn btn-primary" type="submit">Log In</button>
<li style="list-style-type:none;"><a href="/register">Register</a></li>
</form>
在此python烧瓶代码上:
on this python flask code:
# This is the log in page
@app.route("/login", methods=["GET", "POST"])
def login():
"""Log user in"""
# Forget any user_id
session.clear()
# User reached route via POST (as by submitting a form via POST)
if request.method == "POST":
# Ensure username was submitted
if not request.form.get("username"):
return "must provide username", 403
# Ensure password was submitted
elif not request.form.get("password"):
return "must provide password", 403
# Query database for username
rows = db.execute("SELECT * FROM users WHERE username = :username",
username=request.form.get("username"))
# Ensure username exists and password is correct
if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
return "invalid username and/or password", 403
# Remember which user has logged in
session["user_id"] = rows[0]["id"]
# Redirect user to home page
return redirect("/")
# User reached route via GET (as by clicking a link or via redirect)
else:
return render_template("login.html")
我收到此错误:
TypeError: get_bind() got an unexpected keyword argument 'username'
我连接了数据库,并设置了所有其他变量,包括flask_debug.我不确定什么地方出了问题或如何进行测试.谁能帮我弄清楚为什么我会收到此错误?
I connected the database, and set up all other variables including flask_debug. I'm not sure what is wrong or how to test for it. Can anyone help me figure out why im getting this error?
推荐答案
postgresql查询的语法错误.更具体地说,在清理数据中避免sql注入.
There is an error in the syntax of the postgresql query. More specifically in the sanitizing of data to avoid sql injections.
正确的语法是
db.execute("SELECT * FROM users WHERE username = :username", {"username": request.form.get("username")})
此代码中还有更多错误.例如
There are also more errors in this code. For example
if len(rows) != 1:
您无法提取查询的len.但是,可以通过使用函数.rowcount()
来检查查询的行数,如果该函数为0,则表示搜索返回为空.
You can not extract the len of the query. However it is possible to check for the amount of rows a query has by using the function .rowcount()
which if 0 means the search came back empty.
这篇关于TypeError:get_bind()获得了意外的关键字参数的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!