无法使用 Python 和 MYSQL 登录,因为脚本 'login.py' 格式错误 header:错误 header:<html>”
Can't login using Python and MYSQL because of malformed header from script 'login.py': Bad header: <html>"
我正在尝试使用 Ubuntu 20.04 服务器通过 Python 和 MYSQL 登录,但我总是遇到 ,500 内部错误
脚本是这样的,它不是很安全:
#!/usr/bin/python3
import pymysql
import cgi
from http import cookies
from art import *
# Open database connection
db = pymysql.connect("localhost","superadmin","123","dinamic" )
# prepare a cursor object using cursor() method
cursor = db.cursor()
data=cgi.FieldStorage()
a=data.getvalue('e1')
b=data.getvalue('p1')
# Prepare SQL query to fetch a record into the database.
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
try:
# Execute the SQL command
if(cursor.execute(sql)):
# Commit your changes in the database
db.commit()
c=cookies.SimpleCookie()
# assign a value
c['mou']=a
# set the xpires time
c['mou']['expires']=24*60*60
# print the header, starting with the cookie
print (c)
print("Content-type: text/html")
print('''<html>
<head>
<title>Hello Word - First script</title>
</head>
<body>
<h2>successfully login</h2>
</body>
</html>''')
else:
# Commit your changes in the database
db.commit()
print("Content-type: text/html")
print("<html>")
print("<body>")
print("<h2>fail</h2>")
print("</body>")
print("</html>")
except:
# Rollback in case there is any error
db.rollback()
和 HTML 文件:
<html>
<body>
<form action="login.py" method="post">
email: <input type="text" name="e1">
password: <input type="password" name="p1">
<input type="submit" value="register">
</form>
</body>
</html>
在日志中我收到以下错误:
File "/var/www/html/dinamic_python/login.py", line 15, in <module>: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324689 2021] sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'": /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.363064 2021] [cgi:error] [pid 18037] [client 127.0.0.1:59482] End of script output before headers: login.py
我做错了什么?我的脚本有问题吗?
这一行:
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
看起来很可疑。
我通常会尝试做这样的事情:
sql = "SELECT id, email, password FROM register WHERE email = %s AND password = %s"
然后调用你的光标:
cursor.execute(sql, (a, b))
将参数作为字符串传递到查询中并不是最好的主意。
有关详细信息,请参阅 here and here。
根据错误判断:
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
您的一个或多个变量(a 或 b)看起来也可能是 NoneType。
尝试打印。
print("{} / {}".format(a, b))
A 或 B 的类型为“NoneType”:TypeError:只能连接 str(不是“NoneType”)
问题是我需要在 if 和 else 语句中添加 print ("Content-type: text/html", end="\r\n\r\n", flush=True)
。另外,注意 \r\n
,使用它非常重要。
我正在尝试使用 Ubuntu 20.04 服务器通过 Python 和 MYSQL 登录,但我总是遇到 ,500 内部错误
脚本是这样的,它不是很安全:
#!/usr/bin/python3
import pymysql
import cgi
from http import cookies
from art import *
# Open database connection
db = pymysql.connect("localhost","superadmin","123","dinamic" )
# prepare a cursor object using cursor() method
cursor = db.cursor()
data=cgi.FieldStorage()
a=data.getvalue('e1')
b=data.getvalue('p1')
# Prepare SQL query to fetch a record into the database.
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
try:
# Execute the SQL command
if(cursor.execute(sql)):
# Commit your changes in the database
db.commit()
c=cookies.SimpleCookie()
# assign a value
c['mou']=a
# set the xpires time
c['mou']['expires']=24*60*60
# print the header, starting with the cookie
print (c)
print("Content-type: text/html")
print('''<html>
<head>
<title>Hello Word - First script</title>
</head>
<body>
<h2>successfully login</h2>
</body>
</html>''')
else:
# Commit your changes in the database
db.commit()
print("Content-type: text/html")
print("<html>")
print("<body>")
print("<h2>fail</h2>")
print("</body>")
print("</html>")
except:
# Rollback in case there is any error
db.rollback()
和 HTML 文件:
<html>
<body>
<form action="login.py" method="post">
email: <input type="text" name="e1">
password: <input type="password" name="p1">
<input type="submit" value="register">
</form>
</body>
</html>
在日志中我收到以下错误:
File "/var/www/html/dinamic_python/login.py", line 15, in <module>: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324689 2021] sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'": /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
[Wed Mar 24 18:45:37.363064 2021] [cgi:error] [pid 18037] [client 127.0.0.1:59482] End of script output before headers: login.py
我做错了什么?我的脚本有问题吗?
这一行:
sql = "select id,email,password from register where email='"+a+"' AND password='"+b+"'"
看起来很可疑。
我通常会尝试做这样的事情:
sql = "SELECT id, email, password FROM register WHERE email = %s AND password = %s"
然后调用你的光标:
cursor.execute(sql, (a, b))
将参数作为字符串传递到查询中并不是最好的主意。 有关详细信息,请参阅 here and here。
根据错误判断:
[Wed Mar 24 18:45:37.324733 2021] TypeError: can only concatenate str (not "NoneType") to str: /var/www/html/dinamic_python/login.py
您的一个或多个变量(a 或 b)看起来也可能是 NoneType。
尝试打印。
print("{} / {}".format(a, b))
A 或 B 的类型为“NoneType”:TypeError:只能连接 str(不是“NoneType”)
问题是我需要在 if 和 else 语句中添加 print ("Content-type: text/html", end="\r\n\r\n", flush=True)
。另外,注意 \r\n
,使用它非常重要。