diff options
| author | Andrew <saintruler@gmail.com> | 2019-07-21 13:39:12 +0400 |
|---|---|---|
| committer | Andrew <saintruler@gmail.com> | 2019-07-21 13:39:12 +0400 |
| commit | 3bc79068d5d7bae4bb4ecd3a50ff1c7cade4a3a7 (patch) | |
| tree | 0b9e72a82e8d1059979cde96898d1ec2f6d5560f /day9/task5_vue/backend/database/wrappers.py | |
| parent | aa9212f3226b10976c31cdf804139d60ae655a16 (diff) | |
Добавлена валидация для всех запросов на изменение бд.
Diffstat (limited to 'day9/task5_vue/backend/database/wrappers.py')
| -rw-r--r-- | day9/task5_vue/backend/database/wrappers.py | 34 |
1 files changed, 13 insertions, 21 deletions
diff --git a/day9/task5_vue/backend/database/wrappers.py b/day9/task5_vue/backend/database/wrappers.py index 824d19e..30d34d9 100644 --- a/day9/task5_vue/backend/database/wrappers.py +++ b/day9/task5_vue/backend/database/wrappers.py @@ -16,7 +16,7 @@ class Wrapper(ABC): pass @abstractmethod - def insert_one(self, table_name, row, field_names=None): + def insert_one(self, table_name, data_row: dict): pass @abstractmethod @@ -58,32 +58,24 @@ class MySQLWrapper(Wrapper): table_headers = [field[0] for field in table_structure] return table_headers - def insert_one(self, table_name, row, field_names=None): + def insert_one(self, table_name, data_row: dict): cursor = self.connection.cursor() + scheme = self.schemes[table_name] - if field_names is not None: - field_names_formatted = [] - for name in field_names: - if name != 'NULL' or not name.isnumeric(): - name = f'`{name}`' - field_names_formatted.append(name) - field_names_formatted = f'({",".join(field_names_formatted)})' - else: - field_names_formatted = '' - - row_formatted = [] - for value in row: - if value == 'NULL' or value.isnumeric(): - row_formatted.append(value) + field_names = [] + values = [] + + for field_name, value in data_row.items(): + field_names.append(f'`{field_name}`') + if scheme.fields[field_name].data_type == str: + values.append(f'"{value}"') else: - row_formatted.append(f'"{value}"') + values.append(value) - request = "START TRANSACTION; INSERT INTO `{}` {} VALUES ({}); COMMIT;".format( - table_name, field_names_formatted, ",".join(row_formatted) + request = "START TRANSACTION; INSERT INTO `{}` ({}) VALUES ({}); COMMIT;".format( + table_name, ",".join(field_names), ",".join(values) ) - print(request) - cursor.execute(request) cursor.close() |