mirror of
https://github.com/Steffo99/estus.git
synced 2024-11-25 00:54:18 +00:00
Create manual query page
This commit is contained in:
parent
84e2d230ed
commit
888024b361
3 changed files with 76 additions and 4 deletions
25
server.py
25
server.py
|
@ -671,6 +671,25 @@ def page_user_add():
|
|||
return redirect(url_for('page_user_list'))
|
||||
|
||||
|
||||
@app.route('/query', methods=['GET', 'POST'])
|
||||
def page_query():
|
||||
"""Pagina delle query manuali:
|
||||
in GET visualizza la pagina per fare una query,
|
||||
mentre in POST visualizza i risultati."""
|
||||
if 'username' not in session:
|
||||
return abort(403)
|
||||
if request.method == 'GET':
|
||||
return render_template("query.htm", user=session["username"], type="query")
|
||||
else:
|
||||
try:
|
||||
result = db.engine.execute("SELECT" + request.form["query"] + ";")
|
||||
except Exception as e:
|
||||
return render_template("query.htm", query=request.form["query"], error=repr(e), user=session["username"],
|
||||
type="query")
|
||||
return render_template("query.htm", query=request.form["query"], result=result, user=session["username"],
|
||||
type="query")
|
||||
|
||||
|
||||
@app.route('/smecds', methods=['GET'])
|
||||
def page_smecds():
|
||||
"""Pagina che visualizza i credits del sito"""
|
||||
|
@ -682,17 +701,17 @@ def page_smecds():
|
|||
|
||||
@app.errorhandler(403)
|
||||
def page_403(_):
|
||||
return render_template('403.htm')
|
||||
return render_template('403.htm', user=session["username"])
|
||||
|
||||
|
||||
@app.errorhandler(404)
|
||||
def page_404(_):
|
||||
return render_template('404.htm')
|
||||
return render_template('404.htm', user=session["username"])
|
||||
|
||||
|
||||
@app.errorhandler(500)
|
||||
def page_500(e):
|
||||
return render_template('500.htm', e=e)
|
||||
return render_template('500.htm', e=e, user=session["username"])
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
|
|
|
@ -16,7 +16,8 @@
|
|||
<li class="{% if type is equalto "net" %}active{% endif %}"><a href="/net_list">Reti</a></li>
|
||||
</ul>
|
||||
<ul class="nav navbar-nav navbar-right">
|
||||
<li class="{% if type is equalto "user" %}active{% endif %}"><a href="/user_list">Amministrazione</a></li>
|
||||
<li class="{% if type is equalto "user" %}active{% endif %}"><a href="/user_list">Utenti</a></li>
|
||||
<li class="{% if type is equalto "query" %}active{% endif %}"><a href="/query">Query</a></li>
|
||||
<li class="navbar-text">
|
||||
Sei connesso come <b>{{user}}</b>
|
||||
</li>
|
||||
|
|
52
templates/query.htm
Normal file
52
templates/query.htm
Normal file
|
@ -0,0 +1,52 @@
|
|||
{% extends 'base.htm' %}
|
||||
{% block title %}Query • estus{% endblock %}
|
||||
{% block content %}
|
||||
<div class="alert alert-warning">
|
||||
<b>Attenzione!</b> In questa pagina non è presente alcuna misura per prevenire SQL Injection. Eseguite le query a vostro rischio e pericolo!
|
||||
</div>
|
||||
<form action="/query" method="post">
|
||||
<div class="input-group">
|
||||
<span class="input-group-addon">SELECT</span>
|
||||
<input type="text" class="form-control" placeholder="Scrivi qui la tua query!" name="query" {% if query %}value="{{ query }}{% endif %}">
|
||||
<span class="input-group-addon">;</span>
|
||||
</div>
|
||||
</form>
|
||||
{% if result %}
|
||||
<div class="panel panel-success">
|
||||
<div class="panel-heading">
|
||||
Risultati della query
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
<table class="table table-hover">
|
||||
<thead>
|
||||
<tr>
|
||||
{% for row in result.keys() %}
|
||||
<th>
|
||||
{{ row }}
|
||||
</th>
|
||||
{% endfor %}
|
||||
</tr>
|
||||
</thead>
|
||||
<tbody>
|
||||
{% for row in result %}
|
||||
<tr>
|
||||
{% for column in row %}
|
||||
<td>{{ column }}</td>
|
||||
{% endfor %}
|
||||
</tr>
|
||||
{% endfor %}
|
||||
</tbody>
|
||||
</table>
|
||||
</div>
|
||||
</div>
|
||||
{% elif error %}
|
||||
<div class="panel panel-danger">
|
||||
<div class="panel-heading">
|
||||
Errore nell'esecuzione della query
|
||||
</div>
|
||||
<div class="panel-body">
|
||||
{{ error }}
|
||||
</div>
|
||||
</div>
|
||||
{% endif %}
|
||||
{% endblock %}
|
Loading…
Reference in a new issue