查看功能没有返回响应 [英] View function did not return a response
问题描述
我想发送一个查询到mysql并获取一个数组。但是,我这样做,我不能让它工作。这里是我的代码:
$ $ $ $ $ $ $ c $ @ app.route('/ auth',methods = ['GET','POST'])
def auth():
username = request.form ['username']
password = request.form ['password']
cur = db.cursor ()
cur.execute(SELECT * FROM tbl_user WHERE username ='%s'%username)
results = cur.fetchall()
结果行:
print row [0]
总是说 view函数没有返回响应
。我做错了什么?
Flask抛出这个异常,因为你的 auth
查看没有返回任何东西。返回来自你的 auth
视图的回复:
return'Some response'
要返回MySQL结果,可能将这些行连接成一个字符串:
cur.execute(SELECT * FROM tbl_user WHERE username ='%s'%username)
return'\\\
'.join ([','.join(r)for r in cur])
注意你真的不想在web应用程序中为你的 username
参数,特别是使用字符串插值。改用SQL参数:
cur.execute(SELECT * FROM tbl_user WHERE username =%s,(username,))
现在数据库客户端将为您执行引用并防止SQL注入攻击。如果你使用字符串插值,这会发生。
(如果这是一个体面的数据库(例如不是MySQL),数据库可以采用现在通用的SQL语句并为其创建一个查询计划,然后在多次执行查询时重复使用该计划;使用字符串插值可以防止这种情况发生。 )
I want to send a query to mysql and fetch an array. But however I do it I cannot make it work. Here's my code:
@app.route('/auth',methods=['GET','POST'])
def auth():
username = request.form['username']
password = request.form['password']
cur = db.cursor()
cur.execute("SELECT * FROM tbl_user WHERE username = '%s' " % username)
results = cur.fetchall()
for row in results:
print row[0]
It always says, view function did not return a response
. What am I doing wrong?
Flask throws this exception because your auth
view didn't return anything. Return a response from your auth
view:
return 'Some response'
To return the MySQL results, perhaps join the rows together into one string:
cur.execute("SELECT * FROM tbl_user WHERE username = '%s' " % username)
return '\n'.join([', '.join(r) for r in cur])
or define a template and return the rendered template.
Note that you really do not want to use string interpolation for your username
parameter, especially in a web application. Use SQL parameters instead:
cur.execute("SELECT * FROM tbl_user WHERE username = %s", (username,))
Now the database client will do the quoting for you and prevent SQL injection attacks. If you use string interpolation, this will happen.
(If this was a decent database (e.g. not MySQL) the database could take the now-generic SQL statement and create a query plan for it, then reuse the plan again and again as you execute that query multiple times; using string interpolation you'd prevent that.)
这篇关于查看功能没有返回响应的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!