时间戳

首页 > 解决方案 > TypeError: get_bind() 得到了一个意外的关键字参数

python - TypeError: get_bind() 得到了一个意外的关键字参数

问题描述

我正在尝试在烧瓶中使用数据库

from sqlalchemy import create_engine
from sqlalchemy.orm import scoped_session, sessionmaker

在其中我创建了一个基本的登录页面和一个注册页面,当我尝试使用 html 代码时:

<form action="/login" method="post">
        <input autocomplete="off" autofocus name="username" placeholder="Username" type="text">
        <input class="form-control" name="password" placeholder="Password" type="password">
    <button class="btn btn-primary" type="submit">Log In</button>
            <li style="list-style-type:none;"><a href="/register">Register</a></li>
</form>

在这个 python 烧瓶代码上:

# This is the log in page
@app.route("/login", methods=["GET", "POST"])
def login():
    """Log user in"""

    # Forget any user_id
    session.clear()

    # User reached route via POST (as by submitting a form via POST)
    if request.method == "POST":

        # Ensure username was submitted
        if not request.form.get("username"):
            return "must provide username", 403

        # Ensure password was submitted
        elif not request.form.get("password"):
            return "must provide password", 403

        # Query database for username
        rows = db.execute("SELECT * FROM users WHERE username = :username",
                          username=request.form.get("username"))

        # Ensure username exists and password is correct
        if len(rows) != 1 or not check_password_hash(rows[0]["hash"], request.form.get("password")):
            return "invalid username and/or password", 403

        # Remember which user has logged in
        session["user_id"] = rows[0]["id"]

        # Redirect user to home page
        return redirect("/")

    # User reached route via GET (as by clicking a link or via redirect)
    else:
        return render_template("login.html")

我收到此错误:

TypeError: get_bind() got an unexpected keyword argument 'username'

我连接了数据库,并设置了所有其他变量,包括 flask_debug。我不确定出了什么问题或如何测试它。谁能帮我弄清楚为什么我会收到这个错误?

标签: pythonpostgresqlflaskflask-sqlalchemy

解决方案

postgresql 查询的语法有错误。更具体地说,是对数据进行清理以避免 sql 注入。

正确的语法是

db.execute("SELECT * FROM users WHERE username = :username", {"username": request.form.get("username")})

此代码中还有更多错误。例如

if len(rows) != 1:

您无法提取查询的 len。但是,可以使用函数检查查询的行数.rowcount(),如果 0 表示搜索返回为空。

推荐阅读