fix queries for single values

shop.py

@@ -165,8 +165,8 @@ def add_items():
     if not session.get('logged_in'):
         abort(401)
     shopid=int(request.form['shopid'])
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
-    shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
+    shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     ownername=get_username(ownerid)
     data_dir=os.path.join(DATADIR, ownername)
     data_file=os.path.join(data_dir, shopname+".md")
@@ -186,8 +186,8 @@ def edit_md():
     if not session.get('logged_in'):
         abort(401)
     shopid=int(request.form['shopid'])
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
-    shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
+    shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     ownername=get_username(ownerid)
     data_dir=os.path.join(DATADIR, ownername)
     data_file=os.path.join(data_dir, shopname+".md")
@@ -205,8 +205,8 @@ def restore_md():
     if not session.get('logged_in'):
         abort(401)
     shopid=int(request.form['shopid'])
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
-    shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
+    shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     ownername=get_username(ownerid)
     data_dir=os.path.join(DATADIR, ownername)
     data_file=os.path.join(data_dir, shopname+".md")
@@ -228,8 +228,8 @@ def toggle_item():
     if not session.get('logged_in'):
         abort(401)
     shopid=int(request.form['shopid'])
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
-    shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
+    shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     ownername=get_username(ownerid)
     req_row=None
     for key in request.form:
@@ -264,8 +264,8 @@ def remove_toggled():
     if not session.get('logged_in'):
         abort(401)
     shopid=int(request.form['shopid'])
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
-    shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
+    shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     ownername=get_username(ownerid)
     data_dir=os.path.join(DATADIR, ownername)
     data_file=os.path.join(data_dir, shopname+".md")
@@ -328,7 +328,7 @@ def add_share():
     if userid==None:
         flash('No such user!')
         return redirect(url_for('show_shop',shopid=shopid))
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     if session.get('user')!=ownerid:
         flash('Not your shop!')
         return redirect(url_for('show_shop',shopid=shopid))
@@ -353,7 +353,7 @@ def remove_share():
     if userid==None:
         flash('No such user!')
         return redirect(url_for('show_shop',shopid=shopid))
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     if session.get('user')!=ownerid:
         flash('Not your shop!')
         return redirect(url_for('show_shop',shopid=shopid))
@@ -368,8 +368,8 @@ def remove_shop():
     if not session.get('logged_in'):
         abort(401)
     shopid=int(request.form['shopid'])
-    ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0]
-    shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0]
+    ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
+    shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0]
     ownername=get_username(ownerid)
     data_dir=os.path.join(DATADIR, ownername)
     data_file=os.path.join(data_dir, shopname+".md")  

templates/show_shop.html

@@ -51,7 +51,7 @@
   </dl></form>
   <form id="disp_delete" class=hidden action="{{ url_for('remove_shop') }}" method=post class=add-entry>
       <dl>Delete shop permanently. Can not be restored.</dl>
-    <dl><input type=hidden name=shopid value={{ shopid }}><input class=submit type=submit value=Remove onclick="return confirm('Do you really want to remove shop {{ shop }}?');">
+    <dl><input type=hidden name=shopid value={{ shopid }}><input class=submit type=submit value=Delete onclick="return confirm('Do you really want to remove shop {{ shop }}?');">
   </dl></form>
 
 {% endblock %}