2016-11-16 83 views
0

在我的程序中,我有一個sqlite數據庫,其中數據通過tkinter gui中的輸入小部件附加到數據庫。我喜歡它,所以數據只在數據庫驗證後附加到數據庫中,因爲目前沒有驗證。Python - 如何驗證tkinter輸入字段

例如,在我的功能在其下面我的數據庫追加的customerID,名,姓,地址和電話號碼,以客戶表。我喜歡它,所以customerID條目只接受整數,forename,surname和address爲NOT NULL,phoneNumberEntry只接受整數。

我看到人們使用validatecommand,但我不認爲,因爲我已經在使用一個命令來添加數據到數據庫中,我將能夠實現這一點。

def appendToCustomerTableEntry(event): 
    top = Toplevel() 
    top.title("Add to customer table") 

    Label(top, text = "customerID: ").grid(sticky = E) 

    customerIDEntry = Entry(top) 
    customerIDEntry.grid(row = 0, column = 1) 

    Label(top, text = "Forename: ").grid(row = 1, sticky = E) 

    customerForenameEntry = Entry(top) 
    customerForenameEntry.grid(row = 1, column = 1) 

    Label(top, text = "Surname: ").grid(row = 2, sticky = E) 

    customerSurnameEntry = Entry(top) 
    customerSurnameEntry.grid(row = 2, column = 1) 

    Label(top, text = "Address: ").grid(row = 3, sticky = E) 

    customerAddressEntry = Entry(top) 
    customerAddressEntry.grid(row = 3, column = 1) 

    Label(top, text = "Phone Number: ").grid(row = 4, sticky = E) 

    customerPhoneNumberEntry = Entry(top) 
    customerPhoneNumberEntry.grid(row = 4, column = 1) 

    exitButton = Button(top, text = "Exit", command = top.destroy) 
    exitButton.grid(row = 5, column = 2, sticky = W) 

    appendButton = Button(top, text = "Append", command = lambda:appendToCustomerTable 
        (customerIDEntry.get(), customerForenameEntry.get(), customerSurnameEntry.get(), 
        customerAddressEntry.get(), customerPhoneNumberEntry.get())) 
    appendButton.grid(row = 5, column = 1, sticky = E) 


def appendToCustomerTable(customerID, Forename, Surname, Address, TelephoneNumber): 
    c.execute("INSERT INTO customerTable VALUES (?, ?, ?, ?, ?);", (customerID, Forename, Surname, Address, TelephoneNumber)) 
    conn.commit() 
+0

您寫道:_I看到人們使用validatecommand,但我不認爲我將能夠實現,由於我已經在使用一個命令來將數據追加到數據庫._你是什麼意思? 'validatecommand'的使用與以後如何使用數據完全無關。它只是一種防止非法輸入的機制(如整數字段中的字母)。 –

+0

@BryanOakley是的,我現在已經想出了一些東西。剛纔我只是有點困惑,所以才衝上這篇文章。現在我已經有了一種方法,只能接受整數,以便部分問題得到解決,我只需要弄清楚其餘的驗證 – JoeW373

+0

這似乎是你的問題的答案是簡單地創建一個函數,它需要所有輸入並驗證它們,然後在將數據插入數據庫之前調用該函數。你要求什麼與此不同? –

回答

0

這是一個sql sanitation的問題,還是一個python編程的問題?

如果SQL衛生,你需要找出SQL字符串或字符來拒絕這樣做,也有可能是庫。 https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

通過編程,人們可以運行if語句,更改操作的順序並使用字符串替換。 http://bobby-tables.com/python.html

在您的代碼中,您要注意的事情是有人試圖通過您的字段發佈代碼。仔細查看最後一個鏈接。

-1

firsty嘗試「dont repeat your self

# you can declare here the input type of your argument default and the type of them 
def build(ui_title = [], int_arg = 0): 
    # on top you can also assert the input 
    # continue only if ui_title is True else give a AssertionError 
    assert (ui_title), "list is empty!!!" 

    # lets check int_arg for int 
    assert (int_arg==int), "{0} except int get {1}".format(int_arg ,type(int_arg)) 

    for row,text in enumerate(ui_title): 
     Label(top, text = str(text)).grid(sticky = E) 
     customerIDEntry = Entry(top) 
     customerIDEntry.grid(row = int(row), column = 1) 
     if text=="Exit": 
      exitButton = Button(top, text = str(text), command = top.destroy) 
      exitButton.grid(row = int(row), column = 2, sticky = W) 

ui_title = ["customerID", "Forename: ", "Surname: ", "Address: ", "Phone Number: ", "Exit"] 
build(ui_title) # will work 
build(ui_title, int_arg = "Hallo") # will not work, because int_arg get string and the build method will raise a AssertionError 
+0

請給予反饋爲什麼投票唐寧,並不真正有助於未來的讀者和我包括........ http://meta.stackexchange.com/questions/135/encouraging-people-to-explain-downvotes –

+0

這並不回答被問到的問題。問題是關於如何驗證輸入,並且此代碼不會驗證用戶在Entry小部件中輸入的數據。 –

+0

thx,是類型斷言不是檢查用戶輸入的方法嗎? –