CODEWITHSUNDEEP
pythonmysqlcgi
Neemaximo
Neemaximo

Reputation: 20831

Using Python CGI and MySQL to save the user inputed from a form into MySQL table

I have two .cgi scripts as of right now. I am trying to have a user input a keyword on one website (the first cgi script) and then it will send that data to the next cgi script. It currently sends it to the next page fine but I also want to save the information the user types in to a MySQL table named "keywords". I am having trouble figuring out how exactly to do that. Here is my first cgi script that prompts the user for a keyword:

#!/usr/bin/env python
import cgi
import cgitb
cgitb.enable()

form = cgi.FieldStorage()
keyword = form.getvalue('keyword')

print 'Content-type: text/html\r\n\r'
print '<html>'
print '<h1>Please enter a keyword of your choice</h1>'
print '<form action="results.cgi" method="post">'
print 'Keyword: <input type="text" name="keyword">  <br />'
print '<input type="submit" value="Submit" />'
print '</form>'
print '</html>'

Here is my second .cgi file. In this I am trying to print the keyword that was typed in from the previous page (that works fine) and also send it and save it my mysql table (thats where the problem is):

cgitb.enable()

form = cgi.FieldStorage()

keyword = form.getvalue('keyword')

print 'Content-type: text/html\r\n\r'
print '<html>'
print keyword
print '</html>'

db = MySQLdb.connect(host="", user="",   passwd="", db="")
cursor = db.cursor()
sql = """INSERT INTO keywords(keywords) VALUES (keywords)"""
cursor.execute(sql)
cursor.fetchall()
db.close()

Basically I am new to MySQL in general and I'm pretty sure it comes down to my mysql code being all messed up and doing what I want it to do. It doesn't fetch any errors, just doesn't add anything to the table.

Upvotes: 0

Views: 3349

Answers (1)

Thomas Orozco
Thomas Orozco

Reputation: 55233

You're not passing any parameter to the cursor.execute method.

You'll need: 

sql = "INSERT INTO keywords (keywords) VALUES (%s)"
cursor.execute(sql, keyword)

This should work, supposing your table is called keywords and contains a column called keywords.

You can have a look at the MySQLdb user guide for more information.

Please realize that this simple app is exposed to most of the security vulnerabilities a webapp could be vulnerable to (except for SQL injection), which notably includes XSS attacks.

Upvotes: 1

Related Questions