forked from advanced-security/demo-python
-
Notifications
You must be signed in to change notification settings - Fork 1
/
fixme
30 lines (22 loc) · 824 Bytes
/
fixme
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
from flask import request, render_template, make_response
from server.webapp import flaskapp, cursor
from server.models import Book
@flaskapp.route('/')
def index():
name = request.args.get('name')
author = request.args.get('author')
read = bool(request.args.get('read'))
if name:
cursor.execute(
"SELECT * FROM books WHERE name LIKE :name", {'name': f"%{name}%"}
)
books = [Book(*row) for row in cursor]
elif author:
cursor.execute(
"SELECT * FROM books WHERE author LIKE :author", {'author': f"%{author}%"}
)
books = [Book(*row) for row in cursor]
else:
cursor.execute("SELECT name, author, read FROM books")
books = [Book(*row) for row in cursor]
return render_template('books.html', books=books)