有效地将 WTForm 提交写入 mysql
efficiently writing WTForm submission to mysql
我有一个很长的 wtform:
即
Question1 = TextAreaField('What is your name?')
...
Question100=TextAreaField('Describe your role')
当用户提交表单时,Flask 检索每个问题的数据:
即
Question1=form.Question1.data
..
Question100=form.Question100.data
然后我使用 sql 将数据写入数据库
即
cursor.executve("INSERT INTO table (Q1,Q100) values (%s,%s)", (Question1, Question100))
SQL 注入不是问题,我不希望使用 SQLalchemy。有没有更有效的方法来做到这一点?
编辑:
假设某些字段类型是 FieldLists、Formfields 或 HiddenFields。我如何将它们写入 table?我怎样才能循环跳过它们?
快速且可读的解决方案
written_fields = [f for f in form if f.id in WRITE_TO_SQL_FIELDS]
cursor.execute(
"INSERT INTO table ({}) values ({})".format(
",".join(f.id for f in written_fields),
",".join(str(f.data) for f in written_fields),
)
)
或者,如果您更喜欢按类型过滤:
BLACKLISTED_TYPES = (wtforms.FieldList, wtforms.Formfield, wtforms.HiddenField)
written_fields = [f for f in form if not isinstance(f, BLACKLISTED_TYPES)]
我有一个很长的 wtform:
即
Question1 = TextAreaField('What is your name?')
...
Question100=TextAreaField('Describe your role')
当用户提交表单时,Flask 检索每个问题的数据:
即
Question1=form.Question1.data
..
Question100=form.Question100.data
然后我使用 sql 将数据写入数据库 即
cursor.executve("INSERT INTO table (Q1,Q100) values (%s,%s)", (Question1, Question100))
SQL 注入不是问题,我不希望使用 SQLalchemy。有没有更有效的方法来做到这一点?
编辑: 假设某些字段类型是 FieldLists、Formfields 或 HiddenFields。我如何将它们写入 table?我怎样才能循环跳过它们?
快速且可读的解决方案
written_fields = [f for f in form if f.id in WRITE_TO_SQL_FIELDS]
cursor.execute(
"INSERT INTO table ({}) values ({})".format(
",".join(f.id for f in written_fields),
",".join(str(f.data) for f in written_fields),
)
)
或者,如果您更喜欢按类型过滤:
BLACKLISTED_TYPES = (wtforms.FieldList, wtforms.Formfield, wtforms.HiddenField)
written_fields = [f for f in form if not isinstance(f, BLACKLISTED_TYPES)]