From 448f645f177b40797620a54d6ea59f61d8ab04c0 Mon Sep 17 00:00:00 2001 From: q Date: Mon, 4 Jul 2016 20:28:19 +0300 Subject: [PATCH] fix queries for single values --- shop.py | 28 ++++++++++++++-------------- templates/show_shop.html | 2 +- 2 files changed, 15 insertions(+), 15 deletions(-) diff --git a/shop.py b/shop.py index d3b5d3f..140f961 100644 --- a/shop.py +++ b/shop.py @@ -165,8 +165,8 @@ def add_items(): if not session.get('logged_in'): abort(401) shopid=int(request.form['shopid']) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] - shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] + shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] ownername=get_username(ownerid) data_dir=os.path.join(DATADIR, ownername) data_file=os.path.join(data_dir, shopname+".md") @@ -186,8 +186,8 @@ def edit_md(): if not session.get('logged_in'): abort(401) shopid=int(request.form['shopid']) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] - shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] + shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] ownername=get_username(ownerid) data_dir=os.path.join(DATADIR, ownername) data_file=os.path.join(data_dir, shopname+".md") @@ -205,8 +205,8 @@ def restore_md(): if not session.get('logged_in'): abort(401) shopid=int(request.form['shopid']) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] - shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] + shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] ownername=get_username(ownerid) data_dir=os.path.join(DATADIR, ownername) data_file=os.path.join(data_dir, shopname+".md") @@ -228,8 +228,8 @@ def toggle_item(): if not session.get('logged_in'): abort(401) shopid=int(request.form['shopid']) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] - shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] + shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] ownername=get_username(ownerid) req_row=None for key in request.form: @@ -264,8 +264,8 @@ def remove_toggled(): if not session.get('logged_in'): abort(401) shopid=int(request.form['shopid']) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] - shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] + shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] ownername=get_username(ownerid) data_dir=os.path.join(DATADIR, ownername) data_file=os.path.join(data_dir, shopname+".md") @@ -328,7 +328,7 @@ def add_share(): if userid==None: flash('No such user!') return redirect(url_for('show_shop',shopid=shopid)) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] if session.get('user')!=ownerid: flash('Not your shop!') return redirect(url_for('show_shop',shopid=shopid)) @@ -353,7 +353,7 @@ def remove_share(): if userid==None: flash('No such user!') return redirect(url_for('show_shop',shopid=shopid)) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] if session.get('user')!=ownerid: flash('Not your shop!') return redirect(url_for('show_shop',shopid=shopid)) @@ -368,8 +368,8 @@ def remove_shop(): if not session.get('logged_in'): abort(401) shopid=int(request.form['shopid']) - ownerid=g.db.execute('select owner from shops where id=?',request.form['shopid']).fetchall()[0][0] - shopname=g.db.execute('select shop from shops where id=?',request.form['shopid']).fetchall()[0][0] + ownerid=g.db.execute('select owner from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] + shopname=g.db.execute('select shop from shops where id=?',(request.form['shopid'],)).fetchall()[0][0] ownername=get_username(ownerid) data_dir=os.path.join(DATADIR, ownername) data_file=os.path.join(data_dir, shopname+".md") diff --git a/templates/show_shop.html b/templates/show_shop.html index 0a1150e..ea40784 100644 --- a/templates/show_shop.html +++ b/templates/show_shop.html @@ -51,7 +51,7 @@