Python - 如何验证tkinter输入字段

Question

在我的程序中，我有一个sqlite数据库，其中数据通过tkinter gui中的输入小部件附加到数据库。我喜欢它，所以数据只在数据库验证后附加到数据库中，因为目前没有验证。

例如，在我的功能在其下面我的数据库追加的customerID，名，姓，地址和电话号码，以客户表。我喜欢它，所以customerID条目只接受整数，forename，surname和address为NOT NULL，phoneNumberEntry只接受整数。

我看到人们使用validatecommand，但我不认为，因为我已经在使用一个命令来添加数据到数据库中，我将能够实现这一点。

def appendToCustomerTableEntry(event): 
    top = Toplevel() 
    top.title("Add to customer table") 

    Label(top, text = "customerID: ").grid(sticky = E) 

    customerIDEntry = Entry(top) 
    customerIDEntry.grid(row = 0, column = 1) 

    Label(top, text = "Forename: ").grid(row = 1, sticky = E) 

    customerForenameEntry = Entry(top) 
    customerForenameEntry.grid(row = 1, column = 1) 

    Label(top, text = "Surname: ").grid(row = 2, sticky = E) 

    customerSurnameEntry = Entry(top) 
    customerSurnameEntry.grid(row = 2, column = 1) 

    Label(top, text = "Address: ").grid(row = 3, sticky = E) 

    customerAddressEntry = Entry(top) 
    customerAddressEntry.grid(row = 3, column = 1) 

    Label(top, text = "Phone Number: ").grid(row = 4, sticky = E) 

    customerPhoneNumberEntry = Entry(top) 
    customerPhoneNumberEntry.grid(row = 4, column = 1) 

    exitButton = Button(top, text = "Exit", command = top.destroy) 
    exitButton.grid(row = 5, column = 2, sticky = W) 

    appendButton = Button(top, text = "Append", command = lambda:appendToCustomerTable 
        (customerIDEntry.get(), customerForenameEntry.get(), customerSurnameEntry.get(), 
        customerAddressEntry.get(), customerPhoneNumberEntry.get())) 
    appendButton.grid(row = 5, column = 1, sticky = E) 


def appendToCustomerTable(customerID, Forename, Surname, Address, TelephoneNumber): 
    c.execute("INSERT INTO customerTable VALUES (?, ?, ?, ?, ?);", (customerID, Forename, Surname, Address, TelephoneNumber)) 
    conn.commit() 

Answer 1

这是一个sql sanitation的问题，还是一个python编程的问题？

如果SQL卫生，你需要找出SQL字符串或字符来拒绝这样做，也有可能是库。 https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet

通过编程，人们可以运行if语句，更改操作的顺序并使用字符串替换。 http://bobby-tables.com/python.html

在您的代码中，您要注意的事情是有人试图通过您的字段发布代码。仔细查看最后一个链接。

Answer 2

firsty尝试“dont repeat your self”

# you can declare here the input type of your argument default and the type of them 
def build(ui_title = [], int_arg = 0): 
    # on top you can also assert the input 
    # continue only if ui_title is True else give a AssertionError 
    assert (ui_title), "list is empty!!!" 

    # lets check int_arg for int 
    assert (int_arg==int), "{0} except int get {1}".format(int_arg ,type(int_arg)) 

    for row,text in enumerate(ui_title): 
     Label(top, text = str(text)).grid(sticky = E) 
     customerIDEntry = Entry(top) 
     customerIDEntry.grid(row = int(row), column = 1) 
     if text=="Exit": 
      exitButton = Button(top, text = str(text), command = top.destroy) 
      exitButton.grid(row = int(row), column = 2, sticky = W) 

ui_title = ["customerID", "Forename: ", "Surname: ", "Address: ", "Phone Number: ", "Exit"] 
build(ui_title) # will work 
build(ui_title, int_arg = "Hallo") # will not work, because int_arg get string and the build method will raise a AssertionError