Advanced Tornado TWENTYONE. 21.1 Advanced Tornado. 21.2 Accessing MySQL from Python LAB



Similar documents
HELP DESK MANUAL INSTALLATION GUIDE

5. At the Windows Component panel, select the Internet Information Services (IIS) checkbox, and then hit Next.

How to test and debug an ASP.NET application

Short notes on webpage programming languages

LAB 1: Getting started with WebMatrix. Introduction. Creating a new database. M1G505190: Introduction to Database Development

CSCI110 Exercise 4: Database - MySQL

Migrating helpdesk to a new server

Add in Guide for Microsoft Dynamics CRM May 2012

SQL Injection Attack Lab Using Collabtive

Project 2: Web Security Pitfalls

CEFNS Web Hosting a Guide for CS212

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

How to Setup, Install & Run a Website on your Local Computer. For WordPress - on an Offline Server - WAMP

MASTERTAG DEVELOPER GUIDE

Connecting to Manage Your MS SQL Database

Manage. Help Documentation. This document was auto-created from web content and is subject to change at any time. Copyright (c) 2016 SmarterTools Inc.

The full setup includes the server itself, the server control panel, Firebird Database Server, and three sample applications with source code.

MiraCosta College now offers two ways to access your student virtual desktop.

Create a GAME PERFORMANCE Portfolio with Microsoft Word

SQL Injection Vulnerabilities in Desktop Applications

Unbranded Partner Site Customization Guide

Toad for Data Analysts, Tips n Tricks

CSc 230 Software System Engineering FINAL REPORT. Project Management System. Prof.: Doan Nguyen. Submitted By: Parita Shah Ajinkya Ladkhedkar

Active Directory Integration for Greentree

Nintex Workflow for Project Server 2010 Help

How To Use Query Console

Quick Start Guide. Installation and Setup

Getting Started with Dynamic Web Sites

Enterprise Asset Management System

UCL INFORMATION SERVICES DIVISION INFORMATION SYSTEMS. Silva. Introduction to Silva. Document No. IS-130

SIMIAN systems. Setting up a Sitellite development environment on Windows. Sitellite Content Management System

Your First Web Page. It all starts with an idea. Create an Azure Web App

G563 Quantitative Paleontology. SQL databases. An introduction. Department of Geological Sciences Indiana University. (c) 2012, P.

ConvincingMail.com Marketing Solution Manual. Contents

Advanced Web Security, Lab

CPM release notes

Single Property Website Quickstart Guide

Umbraco v4 Editors Manual

Training module 2 Installing VMware View

How do I Install and Configure MS Remote Desktop for the Haas Terminal Server on my Mac?

Two new DB2 Web Query options expand Microsoft integration As printed in the September 2009 edition of the IBM Systems Magazine

SECURE MOBILE ACCESS MODULE USER GUIDE EFT 2013

Perceptive Intelligent Capture Solution Configration Manager

WebSpy Vantage Ultimate 2.2 Web Module Administrators Guide

Chapter 5 Configuring the Remote Access Web Portal

Online shopping store

Microsoft FrontPage 2003

Tutorial: How to Use SQL Server Management Studio from Home

Website in a box 2.0 Users Guide. Contact: enquiries@healthwatch.co.uk Website:

Working with RD Web Access in Windows Server 2012

Insert Survey Data into a Database: Dreamweaver & Access 2007

Microsoft Expression Web

Webmail Access. Contents

NJCU WEBSITE TRAINING MANUAL

How To Change Your Site On Drupal Cloud On A Pcode On A Microsoft Powerstone On A Macbook Or Ipad (For Free) On A Freebie (For A Free Download) On An Ipad Or Ipa (For

CS412 Interactive Lab Creating a Simple Web Form

Publish Joomla! Article

PORTAL ADMINISTRATION

MySQL Quick Start Guide

Handling of "Dynamically-Exchanged Session Parameters"

Installation Guide. Before We Begin: Please verify your practice management system is compatible with Dental Collect Enterprise.

Welcome to EMP Monitor (Employee monitoring system):

Basic Web Fullerton College

Web+Center Version 7.x Windows Quick Install Guide 2 Tech Free Version Rev March 7, 2012

Chapter 10 Encryption Service

Tutorial #1: Getting Started with ASP.NET

USING MYWEBSQL FIGURE 1: FIRST AUTHENTICATION LAYER (ENTER YOUR REGULAR SIMMONS USERNAME AND PASSWORD)

There are numerous ways to access monitors:

Direct Mail Tutorial

2Creating Reports: Basic Techniques. Chapter

The goal with this tutorial is to show how to implement and use the Selenium testing framework.

Selector, Multi Selector, and Item Display

Xtreeme Search Engine Studio Help Xtreeme

Jet Data Manager 2012 User Guide

CMS Training Manual. A brief overview of your website s content management system (CMS) with screenshots. CMS Manual

Webapps Vulnerability Report

The data between TC Monitor and remote devices is exchanged using HTTP protocol. Monitored devices operate either as server or client mode.

VP-ASP Shopping Cart Quick Start (Free Version) Guide Version 6.50 March

SQL Injection for newbie

Configuring your client to connect to your Exchange mailbox

HTML Code Generator V 1.0 For Simatic IT Modules CP IT, IT, IT

Cloud Elements ecommerce Hub Provisioning Guide API Version 2.0 BETA

Advanced Event Viewer Manual

Developing SQL and PL/SQL with JDeveloper

Google Sites: Site Creation and Home Page Design

General principles and architecture of Adlib and Adlib API. Petra Otten Manager Customer Support

Further web design: HTML forms

Web Development on the SOEN 6011 Server

7 The Shopping Cart Module

Weston Public Schools Virtual Desktop Access Instructions

Manual English KOI Desktop App 2.0.x

Visual COBOL ASP.NET Shopping Cart Demonstration

MyOra 3.0. User Guide. SQL Tool for Oracle. Jayam Systems, LLC

Logi Ad Hoc Reporting System Administration Guide

Writing MySQL Scripts With Python's DB-API Interface

Results CRM 2012 User Manual

UQC103S1 UFCE Systems Development. uqc103s/ufce PHP-mySQL 1

Team Foundation Server 2013 Installation Guide

ISI ACADEMY Web applications Programming Diploma using PHP& MySQL

Transcription:

21.1 Advanced Tornado Advanced Tornado One of the main reasons we might want to use a web framework like Tornado is that they hide a lot of the boilerplate stuff that we don t really care about, like escaping and unescaping parameters and decoding HTTP headers so that we can focus on the business of writing webapps (although having an idea of how they work is certainly useful). In this tutorial we re going to see how some of these features let us make webapps which interact with databases, interact with users in more meaningful ways and perform various functions such as user authentication. For this tutorial and for your assignment you will be using an instance of MySQL which is on your local PC. You can get a copy of MySQL server from http://dev.mysql.com/downloads/mysql/. 21.2 Accessing MySQL from Python The MySQLdb module supports connections to local and remote MySQL servers, and running queries across the connections. We will not be using all of the functionality of the MySQLdb module, but will only be using the cursors interface. MySQLdb supports full transaction processing too including commits and rollbacks, but by default, the cursors use autocommit mode where every single query immediately changes the database. In order to complete this section, we re assuming that you re MySQL has already been set up with a username and password and that the bank database has been loaded. To refresh your memory check Lab 08: Introduction to SQL. We start by importing the MySQLdb module: 1 >>> import MySQLdb The next step is to create a Connection object which handles the connection to the server. To do so we must set up a number of parameters for the constructor. We recommend firstly creating some constants to hold these values: 1 >>> HOST = 'localhost' 2 >>> USER = '<username>' 3 >>> PASSWD = '<password>' 4 >>> DB = 'bank' We can then create a Connection object using connect: 1 >>> connection = MySQLdb.connect(host=HOST, user=user, passwd=passwd, db=db) 2 >>> connection 3 <_mysql.connection open to 'db.ask.it.usyd.edu.au' at 81af574> 4 >>> The next step is to create a cursor which simplifies our access to the database. Using the Cursor object involves two steps: executing a query on the database fetching the rows of the result We create a cursor using the cursor method of the Connection: 1

1 >>> cursor = connection.cursor() 2 >>> cursor 3 <MySQLdb.cursors.Cursor object at 0x402e4ccc> 4 >>> You will notice that the Cursor class is in a separate module under MySQLdb whereas the Connection class is in the _mysql module, which is an internal module written in C that does the heavy lifting of connecting to the MySQL server. The MySQLdb module provides a friendly wrapper (including cursors) over the top. Queries are executed using the execute method: 1 >>> nrows = cursor.execute("select emp_id, fname, lname FROM employee WHERE fname LIKE 'J '") 2 >>> nrows 3 3L The result of calling execute is the number of rows selected by the query. We can then get access to these rows using various fetch methods. fetchone returns a single row at a time: 1 >>> cursor.fetchone() 2 ('5', 'John', 'Gooding') 3 >>> cursor.fetchone() 4 ('9', 'Jane', 'Grossman') 5 >>> cursor.fetchone() 6 ('13', John', 'Blake') When it has run out of rows it returns None: 1 >>> cursor.fetchone() 2 >>> The fetchall method returns all of the results: 1 >>> nrows = cursor.execute("select emp_id, fname, lname FROM employee WHERE fname LIKE 'J '") 2 >>> cursor.fetchall() 3 (('5', 'John', 'Gooding'), ('9', 'Jane', 'Grossman'), ('13', John', 'Blake')) 4 >>> The fetchmany method takes an argument which says how many results you want to fetch at one time. This can be useful if the query result is very large, which shouldn t be the case in this assignment. Additionally, you can iterate through all the resultant rows using the standard Python for loop: 1 >>> nrows = cursor.execute("select emp_id, fname, lname FROM employee WHERE fname LIKE 'J '") 2 >>> for row in cursor: 3... print row 4... 5 ('5', 'John', 'Gooding') 6 ('9', 'Jane', 'Grossman') 7 ('13', John', 'Blake') James Curran and Tara Murphy 2

21.3 Injection Attacks One very common security risk that many database driven web applications suffer from is SQL injection attacks. Basically, the user enters text into one or more text boxes on the HTML form, the web server accepts this text via a CGI script, which then forms a query to an SQL server using the entered text. If the user is clever they can insert SQL into the text box which may allow them to run any queries they like against the database! To avoid that, we must use a second argument to execute which specifies the format string variables to substitute rather than build the SQL command up directly ourselves: 1 >>> cursor.execute('select * FROM employee WHERE lname = %s', ('Gooding',)) 2 1L 3 >>> This form checks the arguments do not contain special characters which may allow the user access to our database backend. 21.3.1 Exercise: Setting up a simple query system Create a python program that allows you to query an employee from the database. The program should prompt the user for a name and return the record for that employee formatted in a human readable fashion. For example: Enter a name: John Gooding Employee ID: 5 First Name: John Last Name: Gooding Title: Loan Manager Start Date: 04/11/2003 Superior: Susan Hawthorne Branch: Woburn Branch Note: You may want to use a more complicated SQL statement in order to join together various bits of data. Alternatively, you can achieve the same thing in Python. Which method is better? 21.4 XKCD 327... http://xkcd.com/327/ James Curran and Tara Murphy 3

21.5 Connecting a Database to Tornado In this walkthrough we are going to go through setting up a database to work with the tornado framework. When developing web applications, it is almost always the case that you will want to connect to some form of database to store user data. Although different frameworks will have slightly different ways of making this connection, if you understand the process for Tornado you shouldn t have too much trouble adapting this method to other frameworks. 1. Download the database file TornadoDB.sql from elearning and import it into an SQL database. You will have had to set up a username and password earlier. Check Lab 8: Introduction to SQL for more info. 2. Next, we can import the data from the sample database. At an SQL prompt, run the following command. 1 mysql> SOURCE U:\Downloads\TornadoDB.sql You may have to change the path to point to the file you just downloaded. Check that the data has been correctly imported using your knowledge of SQL. The database implements a simple Notes application. 3. Next, we need to set up tornado to use our new database. Set up the tornado skeleton as we did in the previous tornado tutorial (or use the same setup). We ll put our configuration info the config.py file. Put the following code in the bottom of your tornado script. 1 #MySQL Configuration 2 mysql_config = { 3 'host': 'localhost', 4 'user': '<username>', 5 'passwd': '<password>', 6 'db': 'notes', 7 } You ll need to replace the username and password details with the ones you ve set up earlier. 4. We re now going to create a single page to list notes in the database. First, we need to create a template to display the results. Save the following as notes.html 1 <!DOCTYPE html> 2 <html> 3 <head> 4 <title>notes</title> 5 </head> 6 <body> 7 <h1>notes</h1> 8 <table> 9 <tr> 10 <th>title</th> 11 <th>note</th> 12 <th>creator</th> 13 </tr> 14 {% if notes %} 15 {% for note in notes %} 16 <tr> 17 <td>{{ note[0] }}</td> 18 <td>{{ note[1] }}</td> 19 <td>{{ note[2] }}</td> 20 </tr> 21 {% end %} 22 {% else %} 23 <tr><td colspan=3>no notes here!</td></tr> 24 {% end %} 25 </table> 26 </body> 27 </html> 5. Next, create the handler to go with it. Put something like the following into the app.py file. James Curran and Tara Murphy 4

1 class NoteListHandler(tornado.web.RequestHandler): 2 def get(self): 3 # Connect to the server and open a cursor 4 connection = MySQLdb.connect(**config.mysql_config) 5 cursor = connection.cursor() 6 7 # Retrieve all notes 8 cursor.execute("""select n.title, n.note, u.name FROM notes n 9 INNER JOIN users u ON n.creator = u.id""") 10 notes = cursor.fetchall() 11 12 # Render them into a template 13 self.render("notes.html", notes=notes) Important: Remember to import the MySQLdb module at the top of your app.py file. 6. Finally, add the handler into the application object. 1 handlers = [ 2... 3 ("/notes/", NoteListHandler), 4... 5 ] 7. Now when you start the server, you should be able to navigate to http://localhost:8888/notes/ and view a list of notes. Manually add one in using the mysql command line tool and check that it should up in your output. 21.5.1 Exercise: Prettifying your output At the moment all of our output is rather plain. One thing that makes a table much easier to read is highlighting every second row a different color. Using a combinator of CSS and the Tornado, highlight every second row a different shade, and apply some styling to the table to make rows and columns stand out. 21.6 Exercises These exercises combine even more SQL with everything we have done in Tornado so far. 21.6.1 Exercise 1: Extending our Notes App At the moment our notes app is pretty useless, all it can do is list notes but we don t have the ability to add or edit notes. Extend the notes app so that it has the ability to add, edit and delete notes. 1. Add an add page for notes. This should be accessible at http://localhost:8888/notes/add. 2. Add a view page for existing notes. This should be accessible at http://localhost:8888/notes/ view/<id>, where id is the value of the id field in the database. 3. Add an edit page for existing notes. This should be accessible at http://localhost:8888/notes/ edit/<id>. 4. Add a delete page. This should be accessible at http://localhost:8888/notes/del/<id>. 5. Add some CSS to your website to make it look presentable. Think carefully about which parameters should be passed in the URL, and which ones should be passed as GET or POST requests. Hint: As a first pass, fill in the created id as 1. We will deal with authentication in exercise 2. James Curran and Tara Murphy 5

21.6.2 Exercise 2: Logins Add an authentication page which sets a name which will then be tied to any notes that are created. Once a user is authenticated, a cookie should be set in their browser which contains their user-id. The authentication page should show a list of users in a drop down menu, and a submit button to log them in. For now, we won t worry about passwords. If a user has not been authenticated, redirect them to a login page. Hint: You can use return self.redirect("/url/") to redirect a user to a given URL. 21.6.3 Exercise 3: Pokédex You can find a database of Pokémon on the course website in tsv format. Create a table in MySQL to store all these values, and insert the values into the database. Create a table using tornado which lists all the Pokémon in the database with all their relevant statistics. Extension: Highlight each row of Pokémon with a color corresponding to the type of Pokémon. For example Charizard is a fire type Pokémon, hence his row in the table might be highlighted in red. This will require the use of CSS. 21.7 Capability checklist When you ve finished this lab, check that you know how to... 1. Connect a database to Python using MySQLdb 2. Write a web application in Tornado that connects to a database. 3. Use control statements such as for and if in templates to present output. If you don t know how to do any of these things once you have completed the lab, please come and ask us. James Curran and Tara Murphy 6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information