#!/usr/bin/python2 #Fri Feb 27 10:41:59 MST 2004 import cgi import string import sys import os import os.path import MySQLdb #------------- #-------------MIME type statement: print "Content-type: text/html\n\n" #-------------Header: print "Student Database Administration Section\n" print "\n" print "\n" #-------------End header. print "

Administration

\n" #-------------Create field storage object: form = cgi.FieldStorage() #-------------Form input error and session type handling: #IF THE SENDING FORM HAS NOT SENT THE CORRECT KEYS THEN THIS SCRIPT WILL NOT BE #PARSED BEYOND THE FOLLOWING IF STATEMENT: if not form.has_key("password"): print "\n" #Footer: print "\n" sys.exit() #-------------End form input error and session type handling. #-------------Check password and allow editing of students: if (form["password"].value == "XXXXX"): #Password is hard coded here. Bad design but may have time later to fix. print '\n' else: print "Incorrect password.
\n" print "Try again. \n" sys.exit() #-------------End check password and allow editing of students. #-------------Editing of students and student table structure: #set up database connection: #Password is hard coded here. Bad design but may have time later to fix: db = MySQLdb.connect(host="localhost", user="feltc", passwd="xxxxxx", db="feltc") # CREATE A CURSOR cursor = db.cursor() #Show all students and structure for editing: cursor.execute("describe student_assignment3;") #Find field types. column_names = cursor.fetchall() # GET THE RESULT SET AS A TUPLE print "\n" print "" for heading in column_names: print "" print "" print "\n" cursor.execute("select * from student_assignment3;"); all_students = cursor.fetchall(); for student_row in all_students: print "" for student_value in student_row: if not student_value: print "" else: print "" print "" print "\n" print "

" + heading[0] + "	Grade Students:
0	" print student_value print "	" print " \n" print "\n" print '\n' print '\n' print "\n" print "\n" print " " print "

\n" print '\n' print "\n" print "\n" print "\n" print "\n" print "\n" print "

\n" print "\n" print "

\n" print '\n' print "\n" print "\n" print "\n" print "

\n" print "\n" print "

\n" #todo items (editing a student or adding an assignment column): if form.has_key("todo"): #if we are editing a student then execute the needed sql from post: if form["todo"].value == "edit_student": if form.has_key("todo_also") and form["todo_also"].value == "complete_edit_student": queryListFields = [] queryListFieldResults = [] queryListChecks = [] queryListChecksResults = [] updateFields = [] keyList = form.keys() for keyName in keyList: if keyName.startswith("field"): queryListFields.append(keyName) if keyName.startswith("check"): queryListChecks.append(keyName) for member in queryListFields: #print member queryListFieldResults.append(member[5:len(member)]) for member in queryListChecks: #print member queryListChecksResults.append(member[5:len(member)]) #print queryListFieldResults,queryListChecksResults for matcher in queryListFieldResults: for realMatcher in queryListChecksResults: if matcher == realMatcher: updateFields.append(matcher) #print "results:",updateFields if not updateFields: print "

Eror: please enter student data and check boxes you wish to change.

" else: sql_statement = 'update student_assignment3 set ' for queryString in updateFields: #print queryString arrayIndex = "field" + queryString sql_statement = sql_statement + queryString + "=" + "'" +form[arrayIndex].value + "', " sql_statement = sql_statement[0:len(sql_statement)-2] + " where " sql_statement = sql_statement + 'lname=' + "'" + form["oldlname"].value + "'" + ' and ' sql_statement = sql_statement + 'fname=' + "'" + form["oldfname"].value + "'" + ';' #print sql_statement cursor.execute(sql_statement) print "

Database change made. To prevent errors, please refresh before continuing:

\n" print '\n' else: sql_string = "select * from student_assignment3 where lname ='" sql_string = sql_string + form['lname'].value sql_string = sql_string + "' and " + "fname ='" sql_string = sql_string + form['fname'].value + "';" print "

Check boxes for values you wish to edit:

" print "

\n" print '\n' print '\n' print "\n" print "\n" #select * from student_assignment3 where lname = lname and fname = fname: cursor.execute(sql_string) student_info = cursor.fetchall() print "\n" column_names_list = [] for heading in column_names: print "" column_names_list.append(heading[0]) print "\n" for student_row in student_info: student_field_index = 0; for student_field in student_row: if not student_field: print '' % column_names_list[student_field_index] else: print '' % (column_names_list[student_field_index],student_field) student_field_index = student_field_index + 1 print "\n" print "\n" for heading in column_names: print '' % heading[0] print "\n" print "

" + heading[0] + "

\n" print '\n' % form["lname"].value print '\n' % form["fname"].value print "\n" print "

\n" #elseif we are adding a student, execute sql to add: else: if form["todo"].value == "add_new_student": if form.has_key("todo_also") and not form.has_key("fieldlname"): print "

You must enter a first name, last name and password to add a student.

" form["todo_also"] = "failed" if form.has_key("todo_also") and not form.has_key("fieldfname"): print "

You must enter a first name, last name and password to add a student.

" form["todo_also"] = "failed" if form.has_key("todo_also") and not form.has_key("fieldpassword"): print "

You must enter a first name, last name and password to add a student.

" form["todo_also"] = "failed" if form.has_key("todo_also") and form["todo_also"].value == "complete_add_new_student": #print form resultTuples = [] keyList = form.keys() columnString = "" valueString = "" for keyName in keyList: if keyName.startswith("field"): columnString = keyName[5:len(keyName)] #print columnString valueString = form[keyName].value #print valueString resultTuples.append((columnString,valueString)) #print resultTuples sql_statement = 'insert into student_assignment3 (' for eachTuple in resultTuples: sql_statement = sql_statement + eachTuple[0] + ',' #print sql_statement sql_statement = sql_statement[0:len(sql_statement)-1] + ') values (' #print sql_statement for eachTuple in resultTuples: sql_statement = sql_statement + "'" + eachTuple[1] + "'" + ',' sql_statement = sql_statement[0:len(sql_statement)-1] + ');' #print sql_statement cursor.execute(sql_statement) print "

Database change made. To prevent errors, please refresh before continuing:

\n" print '\n' else: print "" #elseif we are deleteing a student, execute sql to delete: else: if form["todo"].value == "delete_student": print "

Delete Students:

" print "\n" print "" for heading in column_names: print "" print "" print "\n" cursor.execute("select * from student_assignment3;"); all_students = cursor.fetchall(); for student_row in all_students: print "" for student_value in student_row: if not student_value: print "" else: print "" print "" print "\n" print "

" + heading[0] + "	Grade Students:
0	" print student_value print "	" print " \n" print "\n" print '\n' print '\n' print '\n' print "\n" print "\n" print " " print "

\n" if form.has_key("todo_also") and form["todo_also"].value == "complete_delete_student": sql_statement = "delete from student_assignment3 where lname='" + form["lname"].value + "' and fname='" + form["fname"].value + "';" #print sql_statement cursor.execute(sql_statement) print "

Database change made. To prevent errors, please refresh before continuing:

\n" print '\n' #elseif we are editing the structure of the table , (add or delete a column): if form.has_key("todo"): #add grade column: if form["todo"].value == "add_grade_column": sql_statement = 'alter table student_assignment3 add ' + form["grade"].value + ' smallint(6);' #print sql_statement cursor.execute(sql_statement) print "

Database change made. To prevent errors, please refresh before continuing:

\n" print '\n' #delete grade column if form["todo"].value == "delete_grade_column": #make change: #ALTER TABLE t2 DROP COLUMN c; if form.has_key("todo_also") and form["todo_also"].value == "complete_delete_grade_column": sql_statement = "alter table student_assignment3 drop column " + form["deletion"].value + ";" cursor.execute(sql_statement) print "

Database change made. To prevent errors, please refresh before continuing:

\n" print '\n' else: cursor.execute("describe student_assignment3;") column_names = cursor.fetchall() print "\n" for heading in column_names: print "" print "" print "" print "\n" print "

" + heading[0] + "

" if heading[0] == "lname" or heading[0] == "fname" or heading[0] == "password": print '

Can\'t delete

' else: print '" print "

" #-------------End editing of students and table structure. #Footer: print "\n"