传递 sql 查询时 django 中的 UnboundLocalError

UnboundLocalError in django while passing an sql query

这是我的错误信息:

Environment:


Request Method: POST
Request URL: http://127.0.0.1:8000/mainpage.html

Django Version: 3.2.12
Python Version: 3.7.4
Installed Applications:
['django.contrib.admin',
 'django.contrib.auth',
 'django.contrib.contenttypes',
 'django.contrib.sessions',
 'django.contrib.messages',
 'django.contrib.staticfiles',
 'website']
Installed Middleware:
('whitenoise.middleware.WhiteNoiseMiddleware',
 'django.middleware.security.SecurityMiddleware',
 'django.contrib.sessions.middleware.SessionMiddleware',
 'django.middleware.common.CommonMiddleware',
 'django.middleware.csrf.CsrfViewMiddleware',
 'django.contrib.auth.middleware.AuthenticationMiddleware',
 'django.contrib.messages.middleware.MessageMiddleware',
 'django.middleware.clickjacking.XFrameOptionsMiddleware',
 'whitenoise.middleware.WhiteNoiseMiddleware')



Traceback (most recent call last):
  File "C:\Users\user\AppData\Local\Programs\Python\Python37\lib\site-packages\django\core\handlers\exception.py", line 47, in inner
    response = get_response(request)
  File "C:\Users\user\AppData\Local\Programs\Python\Python37\lib\site-packages\django\core\handlers\base.py", line 181, in _get_response
    response = wrapped_callback(request, *callback_args, **callback_kwargs)
  File "C:\Users\user\desktop\dentist\website\views.py", line 40, in mainpage
    c.execute(query)

Exception Type: UnboundLocalError at /mainpage.html
Exception Value: local variable 'query' referenced before assignment

这是我的pythonviews.py

def logout(request):
    try:
        del request.session['your-email']
    except KeyError:
        pass
    result_dict = {}
    result_dict['logout_success'] = 'See you next time! You have sucessfuly logged out'
    return render(request, 'home.html', result_dict)

def mainpage(request):
    if 'your-email' not in request.session:
        if request.method == "POST":
            email = request.POST['your-email']
            password = request.POST['your-password']
            if email!='' and password!='':
                verification = "SELECT * FROM users WHERE email = '" + email + "' AND password = '" + password + "';"
                c = connection.cursor()
                c.execute(verification)
                account_exist = c.fetchall()    
                results_dict = {}
                if not account_exist:
                    results_dict = {'error':'Please try again. Entered username or password is wrong'}
                    return render(request, 'login.html',results_dict)
                request.session['your-email'] = email
    else:
        query = "SELECT email, display_name, age, phone_number, vaccination_status, rating, count_rate FROM users WHERE email = '" + request.session['your-email'] + "';"  
    c = connection.cursor()
    c.execute(query)    # this is line 40 the error message
    results = c.fetchall()
    result_dict = {'records': results}
    return render(request, 'mainpage.html', result_dict)

def login(request):
    if request.method == "POST":
        display_photo = request.POST['your-photo']
        display_name = request.POST['your-name']
        email = request.POST['your-email']
        age = request.POST['your-age']
        phone_number = request.POST['phone-number']
        gender = request.POST['your-gender']
        vaccination_status = request.POST['your-vaccination']
        password = request.POST['your-password']
    
        if display_photo!= '' and  display_name != '' and email != '' and age !='' and phone_number !='' and gender !='' and vaccination_status !='' and password !='':
            email_check =  "SELECT * FROM users WHERE email = '" + email + "';"
            c = connection.cursor()
            c.execute(email_check)
            emails_exist = c.fetchall() #container
            results_dict = {}
            if len(display_name)>128:
                results_dict['name_warning'] = 'Your name cannot be more than 128 characters'
            if len(email) > 128:
                results_dict['email_verifier'] = ' Your email cannot be more than 128 characters'
            elif emails_exist:
                results_dict['email_verifier']='There is already an account with email ' + email
            if len(password) < 6:
                results_dict['pw_warning'] = 'Your password cannot be less than 6 characters'
            elif len(password) >64:
                results_dict['pw_warning'] = 'Your password cannot be more than 64 characters'
            if results_dict:
                return render(request,'booknow.html',results_dict)
        insert_query = "INSERT INTO users (display_photo, display_name, email, age, phone_number, gender, vaccination_status, password, rating, count_rate) VALUES ('%s','%s','%s','%s','%s','%s','%s','%s','%s','%s');" % (display_photo, display_name,email,age,phone_number,gender,vaccination_status,password,0,0)
        c = connection.cursor()
        c.execute(insert_query) 
    return render(request, 'login.html')

这是 HTML 代码 (mainpage.html):

<html>

    <head>
        <title> RentBuddy! </title>
    </head>
<style>
table {
  font-family: arial, sans-serif;
  border-collapse: collapse;
  width: 100%;
}

td, th {
  border: 1px solid #000000;
  text-align: left;
  padding: 2px;
}

tr:nth-child(even) {
  background-color: #dddddd;
}
</style>
<body style="margin:50;padding:50">

<div id="clockbox" style="font:12pt TimesNewRoman; color:#FF4500; text-align:right"></div>
<script type="text/javascript">
var tday=["Sunday","Monday","Tuesday","Wednesday","Thursday","Friday","Saturday"];
var tmonth=["January","February","March","April","May","June","July","August","September","October","November","December"];

function GetClock(){
var d=new Date();
var nday=d.getDay(),nmonth=d.getMonth(),ndate=d.getDate(),nyear=d.getFullYear();
var nhour=d.getHours(),nmin=d.getMinutes(),nsec=d.getSeconds(),ap;

if(nhour==0){ap=" AM";nhour=12;}
else if(nhour<12){ap=" AM";}
else if(nhour==12){ap=" PM";}
else if(nhour>12){ap=" PM";nhour-=12;}

if(nmin<=9) nmin="0"+nmin;
if(nsec<=9) nsec="0"+nsec;

var clocktext=""+tday[nday]+", "+tmonth[nmonth]+" "+ndate+", "+nyear+" "+nhour+":"+nmin+":"+nsec+ap+"";
document.getElementById('clockbox').innerHTML=clocktext;
}

GetClock();
setInterval(GetClock,1000);
</script>
<br>
<form method = "POST" action = "home.html"> {%csrf_token%} <button type="submit">Logout</button> </form> 
<a href = 'settings.html'> Click here to become a buddy! </a>

</br>
<h2 style = "color:rgba(400,133,0); font:20pt;text-align:center"> RentBuddy :)</h2>
    {{logout_success}}
    <body>
    
    {% for rows in records %}
    <p> Welcome back, {{rows.1}} </p>
    <p>Here's your account information as of now:</p>
<table border = "1">
<tr>
<td> Email Address </td>
<td> Name </td>
<td> Age </td>
<td> Phone Number </td>
<td> Vaccination Status </td>
<td> Rating </td>
<td> Number of times you have been rated </td> </tr>
<tr> 
    <td> {{rows.0}} </td>
    <td> {{rows.1}} </td>
    <td> {{rows.2}} </td> 
    <td> {{rows.3}} </td> 
    <td> {{rows.4}} </td> 
    <td> {{rows.5}} </td>
    <td> {{rows.6}} </td>
{% endfor %} 
</tr> <br> </table> <br>

    <p> Check out our buddies :) </p>
    
        <p> Search by the buddy's name: [sorted by alphabetical order ascendingly]</p>
        <form method = "GET" action = "result.html"> <!-- This means after we click submit, will go to another page called result wiht the get mehtod -->
            <input type = "text" name = "age"/>
            <input type = "submit" value = "Search Buddy by Age">
        </form>
        
        <p> Search by the buddy's hourly rate: [sorted based on cheapest price]</p>
        <form method = "GET" action = "result.html"> <!-- This means after we click submit, will go to another page called result wiht the get mehtod -->
            <input type = "text" name = "hourly-rate"/>
            <input type = "submit" value = "Search Buddy by Hourly Rate">
        </form>

        <p> Search by buddy's preference: [sorted by genre alphabetically ascendingly]  </p>
        <form method = "GET" action = "result.html"> <!-- This means after we click submit, will go to another page called result wiht the get mehtod -->
            <input type = "text" name = "interests"/>
            <input type = "submit" value = "Search Buddy by Interests">
        </form>

        <p> Note, if you want to search multiple interests (not recommended), you need to : </p>
        <ul>
            <li>sort them alphabetically, for example 'Running|Cooking'</li>
            <li> You would need to separate it by a | sign (no space) </li> </ul>

<br>

<p> Want to express your gratitude or misery in your experience? Do rate your buddy! Hope your 1st date went well :D [1 to 5] </p>
<form method="POST" action="rate.html"> {% csrf_token %}
<input type="text" placeholder= "Who do you want to rate? (email)" name="email" required><br>
<input type="number" placeholder= "What's the rating? (1-5)" name="rating" 
min = '1' max = '5'  
oninvalid="this.setCustomValidity('Your rating can only be from 1 to 5')" oninput="this.setCustomValidity('')"required><br>
                <input type="submit" value="Rate this person!"> </form>         
            <font color = 'red'> {{email}} <br>
            {{err}}

    </body>
</html>

我目前正在尝试让登录页面识别登录的用户,之后它将使用我将在 [=44] 中执行的查询以 table 的形式显示他们的信息=].我不确定为什么会出现错误。

我试图在您的代码中添加注释,本质上您的错误意味着您没有在所有可能的代码路径中定义 query。您的代码令人困惑,我只是强制用户在访问您的主页之前先登录,而不是尝试让主页登录您的用户。

您还存储 plain-text 密码,这是一种非常糟糕的做法。

def mainpage(request):
    if 'your-email' not in request.session:
        if request.method == "POST":
            email = request.POST['your-email']
            password = request.POST['your-password']
            if email!='' and password!='':
                verification = "SELECT * FROM users WHERE email = '" + email + "' AND password = '" + password + "';"
                c = connection.cursor()
                c.execute(verification)
                account_exist = c.fetchall()
                results_dict = {}
                if not account_exist:
                    results_dict = {'error':'Please try again. Entered username or password is wrong'}
                    return render(request, 'login.html',results_dict)
                request.session['your-email'] = email
                # You would need to set your query here so it can be used below
                query = "SELECT email, display_name, age, phone_number, vaccination_status, rating, count_rate FROM users WHERE email = '" + request.session['your-email'] + "';"
            else:
                # If email=='' and password=='' you need to render your login template
                return render(request, 'login.html')
        else:
            # If request.method == "GET" you need to render your login template
            return render(request, 'login.html')
    else:
        query = "SELECT email, display_name, age, phone_number, vaccination_status, rating, count_rate FROM users WHERE email = '" + request.session['your-email'] + "';"
    c = connection.cursor()
    c.execute(query)    # this is line 40 the error message
    results = c.fetchall()
    result_dict = {'records': results}
    return render(request, 'mainpage.html', result_dict)