一个PYTHON的CGI
本来想用mod_python的,但是老是装不上,就直接用CGI了,这个程序的目的是从数据中查询校友的名字并显示出链接相片(很YY啊),被他们拿来寻找美女了……呵呵#!/usr/bin/python
# -*-coding:UTF-8-*-#
import MySQLdb
import urllib
import cgi
print "Content-type: text/html\n\n";
db = MySQLdb.connect(user="xxx",host="xxx",port=3306,passwd="xxx",db="xxx")
db.charset='utf-8'
c = db.cursor()
c.execute("SET NAMES 'utf8'")
#header
print '''
xxx学生名单速查
#content
{
padding: 10px 0px 10px 0px;
width: 80%;
margin: 0px 10% 0px 10%;
border-left-width: 3px;
border-left-style: solid;
border-left-color: Red;
border-top-width: 1px;
border-top-style: solid;
border-top-color: Red;
font-size: medium;
font-family: Verdana, Geneva, Arial, Sans-Serif;
}
#title
{
padding: 10px 10px 10px 10px;
font-weight:bold;
margin: 10px 0 30px 5%;
border-left-width: 2px;
border-bottom-width: 1px;
border-left-style: solid;
border-bottom-style: solid;
border-left-color: Red;
border-bottom-color: Red;
}
.post
{
padding: 5px;
margin: 0px 0px 10px 5%;
border-top-width: 1px;
border-bottom-width: 1px;
border-left-width: 2px;
border-top-style:dashed;
border-bottom-style:dashed;
border-left-style: solid;
border-top-color: Red;
border-bottom-color: Red;
border-left-color: Red;
display: block;
}
.post .headitem
{
margin: 0px 0px 5px 5px;
display:block;
}
.item
{
margin: 0px 0px 0px 5px;
display: inline;
}
a
{
text-decoration:none;
border:solid Red 1px;
color:Red;
}
a:hover
{
color:White;
background-color:Red;
}
xxx学生名单速查
本程序为本人学习作品,部分资料从网上收集得来,供各位同学学习之用。由此带来的一切法律责任和版权纠纷,本人盖不负责。如果您认为该程序侵犯了您的合法权利,请与本人联系。
'''
#content_table
print '''
或 执行“按例查询”(通配符:“%”)
查询
请输入查询的值
学号
姓名
生日
'''
#content_return value
bs = ['\'','\/','\\']
form = cgi.FieldStorage()
err = 0
if not (form.has_key("xh") or form.has_key("xm") or form.has_key("bd")):
print "等待您的查询"
else:
strsql = 'select xh,xm,bd from student where '
strsep = ''
if form.has_key("xh"):
for strbs in bs:
if(form["xh"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__("xh like '")
strsql = strsql.__add__(form["xh"].value)
strsql = strsql.__add__("'")
strsep = ' and '
if form.has_key("xm"):
for strbs in bs:
if(form["xm"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__(strsep)
strsql = strsql.__add__("xm like '")
strsql = strsql.__add__(form["xm"].value)
strsql = strsql.__add__("'")
strsep = ' and '
if form.has_key("bd"):
for strbs in bs:
if(form["bd"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__(strsep)
strsql = strsql.__add__("bd like '")
strsql = strsql.__add__(form["bd"].value)
strsql = strsql.__add__("'")
strsql = strsql.__add__(' limit 0,30')
if(err==0):
c.execute(strsql)
stulist = c.fetchall()
print ''
for xh,xm,bd in stulist:
print "" % xh
print "学号:%s" % xh
print ''
print "姓名:%s" % xm
print ''
print "出生日期:%s" % bd
print ''
print ''
else:
print '你要干嘛?'
c.close()
db.close()
print ''
print '''powered by qinchuan
'''
页:
[1]