在我的程序中,我有一个sqlite数据库,其中的数据通过tkintergui中的条目小部件附加到其中。我希望数据只在经过验证后才附加到数据库中,因为目前还没有验证。在
例如,在我的函数下面,它将customerID、forename、姓氏、地址和电话号码追加到数据库中的customer表中。我希望这样customerID条目只接受整数,名字、姓氏和地址不为空,phoneNumberEntry也只接受整数。在
我见过有人使用validatecommand,但我不认为我能够实现它,因为我已经在使用一个命令将数据追加到数据库中。在
def appendToCustomerTableEntry(event):
top = Toplevel()
top.title("Add to customer table")
Label(top, text = "customerID: ").grid(sticky = E)
customerIDEntry = Entry(top)
customerIDEntry.grid(row = 0, column = 1)
Label(top, text = "Forename: ").grid(row = 1, sticky = E)
customerForenameEntry = Entry(top)
customerForenameEntry.grid(row = 1, column = 1)
Label(top, text = "Surname: ").grid(row = 2, sticky = E)
customerSurnameEntry = Entry(top)
customerSurnameEntry.grid(row = 2, column = 1)
Label(top, text = "Address: ").grid(row = 3, sticky = E)
customerAddressEntry = Entry(top)
customerAddressEntry.grid(row = 3, column = 1)
Label(top, text = "Phone Number: ").grid(row = 4, sticky = E)
customerPhoneNumberEntry = Entry(top)
customerPhoneNumberEntry.grid(row = 4, column = 1)
exitButton = Button(top, text = "Exit", command = top.destroy)
exitButton.grid(row = 5, column = 2, sticky = W)
appendButton = Button(top, text = "Append", command = lambda:appendToCustomerTable
(customerIDEntry.get(), customerForenameEntry.get(), customerSurnameEntry.get(),
customerAddressEntry.get(), customerPhoneNumberEntry.get()))
appendButton.grid(row = 5, column = 1, sticky = E)
def appendToCustomerTable(customerID, Forename, Surname, Address, TelephoneNumber):
c.execute("INSERT INTO customerTable VALUES (?, ?, ?, ?, ?);", (customerID, Forename, Surname, Address, TelephoneNumber ))
conn.commit()
这是sql卫生问题,还是python编程问题?在
如果sql环境卫生,您需要确定要拒绝哪些sql字符串或字符,也可能有库可以做到这一点。 https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
在程序上,可以运行if语句,改变操作顺序并使用字符串替换。 http://bobby-tables.com/python.html
在你的代码中,你要注意的似乎是有人试图通过你的字段发布代码。看看最后一个链接。在
首先尝试“dont repeat your self”
相关问题 更多 >
编程相关推荐