mod_python and getting the QUERY_STRING using env_vars()

0
votes

I am having some problems with some code, trying to get the QUERY_STRING but when I look at the errors in the console its coming back with an internal Error 500 which seems to be caused by the line getReqStr = env_vars['QUERY_STRING']

Anyone any ideas how to fix this please? 

import MySQLdb
import cgi, cgitb
from urlparse import urlparse

def index(req):

    req.add_common_vars()
    env_vars = req.subprocess_env
    getReqStr = env_vars['QUERY_STRING']           
    getReqArr = getReqStr.split('&')               
    getReqDict = {}

    for item in getReqArr:                          
       tempArr = item.split('=')                    
       getReqDict[tempArr[0]] = tempArr[1]
 
    dtbox = getReqDict['dt']
    tmbox = getReqDict['tm']

    con = MySQLdb.connect('localhost', 'root', '', 'mydb')

    with con:
        cur = con.cursor(MySQLdb.cursors.DictCursor)
        st = "SELECT tmp, watts FROM currentcost WHERE dt ='" + dtbox + "' and tm like '" + tmbox + "%'"
        cur.execute (s)
        rows = cur.fetchall()

        x=""
        y=""
        for row in rows:
            x=x+row["watts"]+","
            y=y+row["tmp"]+","

    x="data:["+x+"]"
    y="data:["+y+"]"

    con.close()

    req.write(st)

EDIT.

Here is the response I'm getting back through Chrome's console:

MOD_PYTHON ERRORProcessId: 3424Interpreter: '127.0.1.1'ServerName: '127.0.1.1'DocumentRoot: '/var/www'URI: '/currentcost.py'Location: NoneDirectory: '/var/www/'Filename: '/var/www/currentcost.py'PathInfo: ''Phase: 'PythonHandler'Handler: 'mod_python.publisher'Traceback (most recent call last): File "/usr/lib/python2.7/dist-packages/mod_python/importer.py", line 1537, in HandlerDispatch default=default_handler, arg=req, silent=hlist.silent) File "/usr/lib/python2.7/dist-packages/mod_python/importer.py", line 1229, in _process_target result = _execute_target(config, req, object, arg) File "/usr/lib/python2.7/dist-packages/mod_python/importer.py", line 1128, in _execute_target result = object(arg) File "/usr/lib/python2.7/dist-packages/mod_python/publisher.py", line 204, in handler module = page_cache[req] File "/usr/lib/python2.7/dist-packages/mod_python/importer.py", line 1059, in getitem return import_module(req.filename) File "/usr/lib/python2.7/dist-packages/mod_python/importer.py", line 296, in import_module log, import_path) File "/usr/lib/python2.7/dist-packages/mod_python/importer.py", line 680, in import_module execfile(file, module.dict) File "/var/www/currentcost.py", line 17 getReqStr = env_vars['QUERY_STRING'] ' the url after the ? ^SyntaxError: EOL while scanning string literalMODULE CACHE DETAILSAccessed: Thu Sep 26 09:18:30 2013Generation: 0_mp_545c0d0056a74a40503ad1da7dbb26e2 { FileName: '/var/www/currentcost.py' Instance: 1 [IMPORT] Generation: 0 [ERROR] Modified: Thu Sep 26 09:10:57 2013}

1
pythonquery-stringmod-python
QUERY_STRING may not even exist in env_vars which probably raises a KeyError exception... can we have the full traceback ?user2629998
@Andre I've updated the post with the full traceCHRIS LEONARD

1 Answers

2
votes

If you are using mod_python, then req.args probably has all your data.

You can also get query_string using the req.parsed_uri[apache.URI_QUERY]

If you need to handle GET and POST without thinking about it, then you better parse it using FieldStorage class bundled with mod_python. Should be something like this:

from mod_python import util

getReqDict = util.FieldStorage(req)
dtbox = getReqDict['dt']
tmbox = getReqDict['tm']

As an additional observation of your code: the way you build your SQL query is not secure and vulnerable to SQL injection. Do not forget to escape your data before passing to SQL query, or use query parameter binding (preferred method) instead.