本人的python是3.5,由于3.0后用的是pymysql,就不能用tornado自带的torndb来进行简单的连接操作。
Application这个类是初始化一些全局变量,按照道理说里边的self.db 也应该能够被其他类或者派生类调用的,但是
db这个属性就是不行,无奈只好创建了一个全局的db句柄,然后在HouseHandler类中根据这个db初始化一个实例。
当然要在Aplication中传入这个字典参数:dict(db=db)
# -*- coding: utf-8 -*-
"""
Created on Wed Mar 21 16:49:24 2018
@author: ming
"""
# coding:utf-8
import os
import tornado.web
import tornado.ioloop
import tornado.httpserver
import tornado.options
from tornado.options import options, define
from tornado.web import RequestHandler
#import torndb
import pymysql
'''
python 2用torndb
'''
define("port", default=8000, type=int, help="run server on the given port.")
db = pymysql.Connection(host='127.0.0.1', database='mysql', user='root', password='0000',charset='utf8')
class HouseHandler(RequestHandler):
def initialize(self, db):
self.db = db
print(1)
def get(self):
#db = self.db
cur=db.cursor()
print(type(cur))
try:
cur.execute("insert into houses(title, position, price, score, comments) values(%s, %s, %s, %s, %s)", ('独立装修小别 墅', '紧邻文津街', 280, 4, 128) )
except Exception as e:
return self.write('cuo wu')
db.commit()
print("success")
cur.close()
# db.close()
#self.write({"error":0,"errmsg":"db ok","data":[]})
#这个类把登录信息进行了绑定,保证连接的时候只实例化一次
class Application(tornado.web.Application):
def _init_(self,*args,**kwargs):
self.a =1;
super(Application,self)._init_(*args,**kwargs)
#img_files = files.get('img')
'''try:
self.db = pymysql.Connection(host='127.0.0.1', database='mysql', user='root', password='0000')
except Exception as e:
#发生错误就不往下执行,而是向前端返回出错信息
return self.write("haha")'''
print("hahaaa")
settings = dict(
template_path=os.path.join(os.path.dirname(__file__), "templates"),
static_path=os.path.join(os.path.dirname(__file__), "statics"),
debug=True,
)
if __name__ == "__main__":
tornado.options.parse_command_line()
app = Application([
#(r"/", IndexHandler),
(r"/house", HouseHandler,dict(db=db)),
],**settings)
http_server = tornado.httpserver.HTTPServer(app)
http_server.listen(options.port)
tornado.ioloop.IOLoop.current().start()
二:pymysql的简单操作
(1)网上有个模拟注入攻击的例子
在这个实例中不是创建一个全局的连接,而是在post方法中创建一个连接,这种做法不提倡。
一、搭建环境
1、服务端的tornado主程序app.py如下:
#!/usr/bin/env python3
# -*- coding: utf-8 -*-
import tornado.ioloop
import tornado.web
import pymysql
class LoginHandler(tornado.web.RequestHandler):
def get(self):
self.render('login.html')
def post(self, *args, **kwargs):
username = self.get_argument('username',None)
pwd = self.get_argument('pwd', None)
# 创建数据库连接
conn = pymysql.connect(host='127.0.0.1', port=3306, user='root', passwd='123456', db='shop')
cursor = conn.cursor()
# %s 要加上'' 否则会出现KeyboardInterrupt的错误
temp = "select name from userinfo where name='%s' and password='%s'" % (username, pwd)
effect_row = cursor.execute(temp)
result = cursor.fetchone()
conn.commit()
cursor.close()
conn.close()
if result:
self.write('登录成功!')
else:
self.write('登录失败!')
settings = {
'template_path':'template',
}
application = tornado.web.Application([
(r"/login", LoginHandler),
],**settings)
if __name__ == "__main__":
application.listen(8000)
tornado.ioloop.IOLoop.instance().start()
2、在template文件夹下,放入login.html文件:
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Title</title>
</head>
<body>
<form method="post" action="/login">
<input type="text" name="username" placeholder="用户名"/>
<input type="text" name="pwd" placeholder="密码"/>
<input type="submit" value="提交" />
</form>
</body>
</html>
3、在shop数据库中建立userinfo数据表,并填入数据: