一个PYTHON的CGI
本来想用mod_python的,但是老是装不上,就直接用CGI了,这个程序的目的是从数据中查询校友的名字并显示出链接相片(很YY啊),被他们拿来寻找美女了……呵呵
#!/usr/bin/python
# -*-coding:UTF-8-*-#
import MySQLdb
import urllib
import cgi
print "Content-type: text/html\n\n";
db = MySQLdb.connect(user="xxx",host="xxx",port=3306,passwd="xxx",db="xxx")
db.charset='utf-8'
c = db.cursor()
c.execute("SET NAMES 'utf8'")
#header
print '''<html>
<head>
<title>xxx学生名单速查
</title>
</head>
<style>
#content
{
padding: 10px 0px 10px 0px;
width: 80%;
margin: 0px 10% 0px 10%;
border-left-width: 3px;
border-left-style: solid;
border-left-color: Red;
border-top-width: 1px;
border-top-style: solid;
border-top-color: Red;
font-size: medium;
font-family: Verdana, Geneva, Arial, Sans-Serif;
}
#title
{
padding: 10px 10px 10px 10px;
font-weight:bold;
margin: 10px 0 30px 5%;
border-left-width: 2px;
border-bottom-width: 1px;
border-left-style: solid;
border-bottom-style: solid;
border-left-color: Red;
border-bottom-color: Red;
}
.post
{
padding: 5px;
margin: 0px 0px 10px 5%;
border-top-width: 1px;
border-bottom-width: 1px;
border-left-width: 2px;
border-top-style:dashed;
border-bottom-style:dashed;
border-left-style: solid;
border-top-color: Red;
border-bottom-color: Red;
border-left-color: Red;
display: block;
}
.post .headitem
{
margin: 0px 0px 5px 5px;
display:block;
}
.item
{
margin: 0px 0px 0px 5px;
display: inline;
}
a
{
text-decoration:none;
border:solid Red 1px;
color:Red;
}
a:hover
{
color:White;
background-color:Red;
}
</style>
</head>
<body>
<div id='content'>
<div id='title'><h1>
<a href='http://xxx_student.py'>
xxx学生名单速查</a></h1>
本程序为本人学习作品,部分资料从网上收集得来,供各位同学学习之用。由此带来的一切法律责任和版权纠纷,本人盖不负责。如果您认为该程序侵犯了您的合法权利,请与<a href='mailto: anewrer@gmail.com'>本人</a>联系。
</div>'''
#content_table
print '''<hr /><br /><div class='post'>
<form method="post" action="xxx_student.py" name="insertForm">
<fieldset>
<legend><em>或</em> 执行“按例查询”(通配符:“%”)</legend>
<table>
<thead>
<tr>
<th>查询</th>
<th>请输入查询的值</th>
</tr>
</thead>
<tbody>
<tr>
<th>学号</th>
<td><input name="xh" size="40" type="text"></td>
</tr>
<tr>
<th>姓名</th>
<td><input name="xm" size="40" type="text"></td>
</tr>
<tr>
<th>生日</th>
<td><input name="bd" size="40" type="text"></td>
</tr>
</tbody>
</table>
</fieldset>
<fieldset>
<input name="submit" value="查询" type="submit">
</fieldset>
</form></div><br /><hr /><div class='post'><fieldset>'''
#content_return value
bs = ['\'','\/','\\']
form = cgi.FieldStorage()
err = 0
if not (form.has_key("xh") or form.has_key("xm") or form.has_key("bd")):
print "等待您的查询
"
else:
strsql = 'select xh,xm,bd from student where '
strsep = ''
if form.has_key("xh"):
for strbs in bs:
if(form["xh"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__("xh like '")
strsql = strsql.__add__(form["xh"].value)
strsql = strsql.__add__("'")
strsep = ' and '
if form.has_key("xm"):
for strbs in bs:
if(form["xm"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__(strsep)
strsql = strsql.__add__("xm like '")
strsql = strsql.__add__(form["xm"].value)
strsql = strsql.__add__("'")
strsep = ' and '
if form.has_key("bd"):
for strbs in bs:
if(form["bd"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__(strsep)
strsql = strsql.__add__("bd like '")
strsql = strsql.__add__(form["bd"].value)
strsql = strsql.__add__("'")
strsql = strsql.__add__(' limit 0,30')
if(err==0):
c.execute(strsql)
stulist = c.fetchall()
print '</fieldset>'
for xh,xm,bd in stulist:
print "<img src='http://xxx/img/%s.jpg' alt='此人神圣而不可见' ><br />" % xh
print "学号:%s" % xh
print '<br />'
print "姓名:%s" % xm
print '<br />'
print "出生日期:%s" % bd
print '<br />'
print '<fieldset>'
else:
print '你要干嘛?'
c.close()
db.close()
print ''
print '''</fieldset></div><hr /><div class='post'><div class='item'>powered by qinchuan</div></div>
</div>
</body>
</html>'''
# -*-coding:UTF-8-*-#
import MySQLdb
import urllib
import cgi
print "Content-type: text/html\n\n";
db = MySQLdb.connect(user="xxx",host="xxx",port=3306,passwd="xxx",db="xxx")
db.charset='utf-8'
c = db.cursor()
c.execute("SET NAMES 'utf8'")
#header
print '''<html>
<head>
<title>xxx学生名单速查
</title>
</head>
<style>
#content
{
padding: 10px 0px 10px 0px;
width: 80%;
margin: 0px 10% 0px 10%;
border-left-width: 3px;
border-left-style: solid;
border-left-color: Red;
border-top-width: 1px;
border-top-style: solid;
border-top-color: Red;
font-size: medium;
font-family: Verdana, Geneva, Arial, Sans-Serif;
}
#title
{
padding: 10px 10px 10px 10px;
font-weight:bold;
margin: 10px 0 30px 5%;
border-left-width: 2px;
border-bottom-width: 1px;
border-left-style: solid;
border-bottom-style: solid;
border-left-color: Red;
border-bottom-color: Red;
}
.post
{
padding: 5px;
margin: 0px 0px 10px 5%;
border-top-width: 1px;
border-bottom-width: 1px;
border-left-width: 2px;
border-top-style:dashed;
border-bottom-style:dashed;
border-left-style: solid;
border-top-color: Red;
border-bottom-color: Red;
border-left-color: Red;
display: block;
}
.post .headitem
{
margin: 0px 0px 5px 5px;
display:block;
}
.item
{
margin: 0px 0px 0px 5px;
display: inline;
}
a
{
text-decoration:none;
border:solid Red 1px;
color:Red;
}
a:hover
{
color:White;
background-color:Red;
}
</style>
</head>
<body>
<div id='content'>
<div id='title'><h1>
<a href='http://xxx_student.py'>
xxx学生名单速查</a></h1>
本程序为本人学习作品,部分资料从网上收集得来,供各位同学学习之用。由此带来的一切法律责任和版权纠纷,本人盖不负责。如果您认为该程序侵犯了您的合法权利,请与<a href='mailto: anewrer@gmail.com'>本人</a>联系。
</div>'''
#content_table
print '''<hr /><br /><div class='post'>
<form method="post" action="xxx_student.py" name="insertForm">
<fieldset>
<legend><em>或</em> 执行“按例查询”(通配符:“%”)</legend>
<table>
<thead>
<tr>
<th>查询</th>
<th>请输入查询的值</th>
</tr>
</thead>
<tbody>
<tr>
<th>学号</th>
<td><input name="xh" size="40" type="text"></td>
</tr>
<tr>
<th>姓名</th>
<td><input name="xm" size="40" type="text"></td>
</tr>
<tr>
<th>生日</th>
<td><input name="bd" size="40" type="text"></td>
</tr>
</tbody>
</table>
</fieldset>
<fieldset>
<input name="submit" value="查询" type="submit">
</fieldset>
</form></div><br /><hr /><div class='post'><fieldset>'''
#content_return value
bs = ['\'','\/','\\']
form = cgi.FieldStorage()
err = 0
if not (form.has_key("xh") or form.has_key("xm") or form.has_key("bd")):
print "等待您的查询
"else:
strsql = 'select xh,xm,bd from student where '
strsep = ''
if form.has_key("xh"):
for strbs in bs:
if(form["xh"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__("xh like '")
strsql = strsql.__add__(form["xh"].value)
strsql = strsql.__add__("'")
strsep = ' and '
if form.has_key("xm"):
for strbs in bs:
if(form["xm"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__(strsep)
strsql = strsql.__add__("xm like '")
strsql = strsql.__add__(form["xm"].value)
strsql = strsql.__add__("'")
strsep = ' and '
if form.has_key("bd"):
for strbs in bs:
if(form["bd"].value.find(strbs)!=-1):
err = 1
break
strsql = strsql.__add__(strsep)
strsql = strsql.__add__("bd like '")
strsql = strsql.__add__(form["bd"].value)
strsql = strsql.__add__("'")
strsql = strsql.__add__(' limit 0,30')
if(err==0):
c.execute(strsql)
stulist = c.fetchall()
print '</fieldset>'
for xh,xm,bd in stulist:
print "<img src='http://xxx/img/%s.jpg' alt='此人神圣而不可见' ><br />" % xh
print "学号:%s" % xh
print '<br />'
print "姓名:%s" % xm
print '<br />'
print "出生日期:%s" % bd
print '<br />'
print '<fieldset>'
else:
print '你要干嘛?'
c.close()
db.close()
print ''
print '''</fieldset></div><hr /><div class='post'><div class='item'>powered by qinchuan</div></div>
</div>
</body>
</html>'''
浙公网安备 33010602011771号