#!/usr/bin/env python # ######### CGI header ####################################### import cgi print "Content-Type: text/html\n" form = cgi.FieldStorage() ########## import modules ################################## import sys import re import pgdb ## security: delete suspicious characters in form input ####### some_security = re.compile(r"[^\w\s,\.\-]") for item in form.keys(): form[item].value = some_security.sub ("", form[item].value) ######### get form values ################################## table = form.getvalue("table") ########## HTML header ######################################## print """ Database output """ ############ are form values there? ########################## if not table: print "Please select a table." sys.exit() ########## connect to db ###################################### try: db = pgdb.connect(host="db.slis.indiana.edu:5432", user="your_username",password = "your_password") crs = db.cursor() except: print "Could not connect to database" sys.exit() ######### execute SQL and print as table ######################## crs.execute("select * from "+table) crs.rowcount if crs.rowcount < 1: print "
Your query did not find any matches. Try again
\n" else: print "" print "" for hits in range(crs.rowcount): row = crs.fetchone() print "" print "
" + crs.description[0][0] + "" +\ crs.description[1][0] + "
" + row[0] + "" + row[1]+"
" crs.close() db.close() ########### HTML footer ######################################## print """ """