#!/usr/bin/python2
#Fri Feb 27 10:41:59 MST 2004
import cgi
import string
import sys
import os
import os.path
import MySQLdb
#-------------
#-------------MIME type statement:
print "Content-type: text/html\n\n"
#-------------Header:
print "
Student Database Administration Section\n"
print "\n"
print "\n"
#-------------End header.
print "Administration
\n"
#-------------Create field storage object:
form = cgi.FieldStorage()
#-------------Form input error and session type handling:
#IF THE SENDING FORM HAS NOT SENT THE CORRECT KEYS THEN THIS SCRIPT WILL NOT BE
#PARSED BEYOND THE FOLLOWING IF STATEMENT:
if not form.has_key("password"):
print "\n"
#Footer:
print "\n"
sys.exit()
#-------------End form input error and session type handling.
#-------------Check password and allow editing of students:
if (form["password"].value == "XXXXX"): #Password is hard coded here. Bad design but may have time later to fix.
print '\n'
else:
print "Incorrect password. \n"
print "Try again. \n"
sys.exit()
#-------------End check password and allow editing of students.
#-------------Editing of students and student table structure:
#set up database connection:
#Password is hard coded here. Bad design but may have time later to fix:
db = MySQLdb.connect(host="localhost", user="feltc", passwd="xxxxxx", db="feltc")
# CREATE A CURSOR
cursor = db.cursor()
#Show all students and structure for editing:
cursor.execute("describe student_assignment3;") #Find field types.
column_names = cursor.fetchall() # GET THE RESULT SET AS A TUPLE
print "\n"
print ""
for heading in column_names:
print "" + heading[0] + " | "
print "Grade Students: | "
print "
\n"
cursor.execute("select * from student_assignment3;");
all_students = cursor.fetchall();
for student_row in all_students:
print ""
for student_value in student_row:
if not student_value:
print "0 | "
else:
print ""
print student_value
print " | "
print ""
print ""
print " | "
print "
\n"
print "
\n"
print '\n'
print "\n"
print "\n"
print "\n"
print " | \n"
print "\n"
print "\n"
print " | \n"
print "\n"
print "\n"
print " | \n"
print "
\n"
print "
\n"
print '\n'
print "\n"
print "\n"
print "\n"
print " | \n"
print "
\n"
print "
\n"
#todo items (editing a student or adding an assignment column):
if form.has_key("todo"):
#if we are editing a student then execute the needed sql from post:
if form["todo"].value == "edit_student":
if form.has_key("todo_also") and form["todo_also"].value == "complete_edit_student":
queryListFields = []
queryListFieldResults = []
queryListChecks = []
queryListChecksResults = []
updateFields = []
keyList = form.keys()
for keyName in keyList:
if keyName.startswith("field"):
queryListFields.append(keyName)
if keyName.startswith("check"):
queryListChecks.append(keyName)
for member in queryListFields:
#print member
queryListFieldResults.append(member[5:len(member)])
for member in queryListChecks:
#print member
queryListChecksResults.append(member[5:len(member)])
#print queryListFieldResults,queryListChecksResults
for matcher in queryListFieldResults:
for realMatcher in queryListChecksResults:
if matcher == realMatcher:
updateFields.append(matcher)
#print "results:",updateFields
if not updateFields:
print "Eror: please enter student data and check boxes you wish to change.
"
else:
sql_statement = 'update student_assignment3 set '
for queryString in updateFields:
#print queryString
arrayIndex = "field" + queryString
sql_statement = sql_statement + queryString + "=" + "'" +form[arrayIndex].value + "', "
sql_statement = sql_statement[0:len(sql_statement)-2] + " where "
sql_statement = sql_statement + 'lname=' + "'" + form["oldlname"].value + "'" + ' and '
sql_statement = sql_statement + 'fname=' + "'" + form["oldfname"].value + "'" + ';'
#print sql_statement
cursor.execute(sql_statement)
print "Database change made. To prevent errors, please refresh before continuing:
\n"
print '\n'
else:
sql_string = "select * from student_assignment3 where lname ='"
sql_string = sql_string + form['lname'].value
sql_string = sql_string + "' and " + "fname ='"
sql_string = sql_string + form['fname'].value + "';"
print "Check boxes for values you wish to edit:
"
print "\n"
#elseif we are adding a student, execute sql to add:
else:
if form["todo"].value == "add_new_student":
if form.has_key("todo_also") and not form.has_key("fieldlname"):
print "You must enter a first name, last name and password to add a student.
"
form["todo_also"] = "failed"
if form.has_key("todo_also") and not form.has_key("fieldfname"):
print "You must enter a first name, last name and password to add a student.
"
form["todo_also"] = "failed"
if form.has_key("todo_also") and not form.has_key("fieldpassword"):
print "You must enter a first name, last name and password to add a student.
"
form["todo_also"] = "failed"
if form.has_key("todo_also") and form["todo_also"].value == "complete_add_new_student":
#print form
resultTuples = []
keyList = form.keys()
columnString = ""
valueString = ""
for keyName in keyList:
if keyName.startswith("field"):
columnString = keyName[5:len(keyName)]
#print columnString
valueString = form[keyName].value
#print valueString
resultTuples.append((columnString,valueString))
#print resultTuples
sql_statement = 'insert into student_assignment3 ('
for eachTuple in resultTuples:
sql_statement = sql_statement + eachTuple[0] + ','
#print sql_statement
sql_statement = sql_statement[0:len(sql_statement)-1] + ') values ('
#print sql_statement
for eachTuple in resultTuples:
sql_statement = sql_statement + "'" + eachTuple[1] + "'" + ','
sql_statement = sql_statement[0:len(sql_statement)-1] + ');'
#print sql_statement
cursor.execute(sql_statement)
print "Database change made. To prevent errors, please refresh before continuing:
\n"
print '\n'
else:
print ""
#elseif we are deleteing a student, execute sql to delete:
else:
if form["todo"].value == "delete_student":
print "Delete Students:
"
print "\n"
print ""
for heading in column_names:
print "" + heading[0] + " | "
print "Grade Students: | "
print "
\n"
cursor.execute("select * from student_assignment3;");
all_students = cursor.fetchall();
for student_row in all_students:
print ""
for student_value in student_row:
if not student_value:
print "0 | "
else:
print ""
print student_value
print " | "
print ""
print ""
print " | "
print "
\n"
print "
\n"
if form.has_key("todo_also") and form["todo_also"].value == "complete_delete_student":
sql_statement = "delete from student_assignment3 where lname='" + form["lname"].value + "' and fname='" + form["fname"].value + "';"
#print sql_statement
cursor.execute(sql_statement)
print "Database change made. To prevent errors, please refresh before continuing:
\n"
print '\n'
#elseif we are editing the structure of the table , (add or delete a column):
if form.has_key("todo"):
#add grade column:
if form["todo"].value == "add_grade_column":
sql_statement = 'alter table student_assignment3 add ' + form["grade"].value + ' smallint(6);'
#print sql_statement
cursor.execute(sql_statement)
print "Database change made. To prevent errors, please refresh before continuing:
\n"
print '\n'
#delete grade column
if form["todo"].value == "delete_grade_column":
#make change:
#ALTER TABLE t2 DROP COLUMN c;
if form.has_key("todo_also") and form["todo_also"].value == "complete_delete_grade_column":
sql_statement = "alter table student_assignment3 drop column " + form["deletion"].value + ";"
cursor.execute(sql_statement)
print "Database change made. To prevent errors, please refresh before continuing:
\n"
print '\n'
else:
cursor.execute("describe student_assignment3;")
column_names = cursor.fetchall()
print "\n"
for heading in column_names:
print ""
print "" + heading[0] + " | "
print ""
if heading[0] == "lname" or heading[0] == "fname" or heading[0] == "password":
print 'Can\'t delete'
else:
print '"
print " | "
print "
\n"
print "
"
#-------------End editing of students and table structure.
#Footer:
print "