[Flask] Passing MySQL values to different webpages

Anthony Ford ford.anthonyj at gmail.com
Fri Mar 11 20:40:00 EST 2016


Hey Adam,

When you are passing values back and forth, consider the application.

Hidden input fields can (and will) be modified by the end-user. So don't
use it if that can be a problem (like the price of an item, or identifiers).

A session uses a signed cookie, which is not user modifiable (at least not
without invalidating the signature or stealing your secret key).

The issue with both approaches is that the values can be seen by the end
user. This can be a problem in certain situations (though I can't think of
an example off the top of my head). One solution to this is to use
server-side sessions (the flask-session extension can make this easy to set
up: https://pythonhosted.org/Flask-Session/), with a data store like redis
or your DB.

Just some things to keep in mind. Enjoy flask!


Anthony Ford,
KF5IBN,
ford.anthonyj at gmail.com

On Fri, Mar 11, 2016 at 8:12 PM, Adam Steer <Adam.Steer at anu.edu.au> wrote:

> Thanks everyone, this discussion has also been useful for me - I’ve got
> some variables passing from form to form too (using the request object, and
> hidden form fields) - and was just starting to look at how Flask sessions
> work, to try and tidy things up.
>
> cheers
> Adam
>
> > On 12 Mar 2016, at 7:33 AM, Mazzei, Stephen Andrew <
> Stephen.Mazzei at asrcfederal.com> wrote:
> >
> > Thank you Anthony and Brian. I was able to solve both my variable
> passing issues both inside of flask and from html to flask.
> >
> > J
> >
> >
> > ---
> > Stephen A. Mazzei
> > Systems Administrator | AFDS, ASRC Federal Data Solutions - P&G HPC
> Account | 513-634-9965
> >
> > From: Anthony Ford [mailto:ford.anthonyj at gmail.com]
> > Sent: Friday, March 11, 2016 2:58 PM
> > To: Mazzei, Stephen Andrew <Stephen.Mazzei at asrcfederal.com>
> > Cc: Brian Kim <bk at breadtech.com>; flask at python.org
> > Subject: Re: [Flask] Passing MySQL values to different webpages
> >
> > Hey Stephen,
> >
> > You would use the `request.args` MultiDict. It works in the same manner
> as `request.form`, but accesses the values in the query string.
> >
> > In your example, you could access the value of your argument via
> `request.args.get('myVar1')`. It is also aMultiDict, so you can do things
> like fetch all the keys with `.keys()`, or use `.getlist('foo')`.
> >
> > For more info, see the Quickstart (Request Object). A short example is
> seen in the last 1/3 of that section.
> >
> > Anthony Ford,
> > KF5IBN,
> > ford.anthonyj at gmail.com
> >
> > On Fri, Mar 11, 2016 at 3:23 PM, Mazzei, Stephen Andrew <
> Stephen.Mazzei at asrcfederal.com> wrote:
> > Maybe you can answer this, (being completely new to flask/html/etc) the
> session helped pass variables through the flask program inside the python
> scripts. How can I pass variables from the html template? Would that be
> more the method you originally sent?
> >
> > I am trying to build a basic template that can be reused depending on
> what http link was clicked from the previous page.
> >
> > Example:
> >
> > Page 1
> > “link to apple”
> > “link to orange”
> >
> > Page 2
> >                 You chose (VARIABLE)
> >
> > Looking online it looks like I could do
> >
> > Page 1
> > <a href='template.html?myVar1=apple'>Apple</a>
> > <a href='template.html?myVar1=apple'>Orange</a>
> >
> > Page 2
> >                 You chose (myVar1) è You chose Apple
> >
> > Not sure on the python/flask side how to capture the ?myVar1?
> >
> >
> > ---
> > Stephen A. Mazzei
> > Systems Administrator | AFDS, ASRC Federal Data Solutions - P&G HPC
> Account | 513-634-9965
> >
> > From: Brian Kim [mailto:bk at breadtech.com]
> > Sent: Friday, March 11, 2016 2:16 PM
> >
> > To: Mazzei, Stephen Andrew <Stephen.Mazzei at asrcfederal.com>
> > Cc: flask at python.org
> > Subject: Re: [Flask] Passing MySQL values to different webpages
> >
> > Nice! Using a session variable is definitely a better solution than what
> I was suggesting.
> >
> > On Mar 11, 2016, at 1:52 PM, Mazzei, Stephen Andrew <
> Stephen.Mazzei at asrcfederal.com> wrote:
> >
> > Thanks Brian, but I was able to do this using Flask/session.
> >
> > @app.route(‘/page1’)
> > def page1():
> >     session[‘var1’] = “Some value”
> >     return redirect(url_for(app.page2))
> >
> > @app.route(‘/page2’)
> > def page2():
> >     return render_template(“template.html”, value2=session.get('val1',
> None))
> >
> >
> > ---
> > Stephen A. Mazzei
> > Systems Administrator | AFDS, ASRC Federal Data Solutions - P&G HPC
> Account | 513-634-9965
> >
> > From: Brian Kim [mailto:bk at breadtech.com]
> > Sent: Friday, March 11, 2016 11:36 AM
> > To: Mazzei, Stephen Andrew <Stephen.Mazzei at asrcfederal.com>
> > Cc: flask at python.org
> > Subject: Re: [Flask] Passing MySQL values to different webpages
> >
> > Hi Stephen,
> >
> > I believe that the best way to solve your problem will be to pass the
> data from page1 into page2 through the URI via GET request. In order to
> dynamically set the values, you will probably need to use Javascript. For
> example (with JQuery for syntactic convenience...)
> >
> > mypage1.html:
> > <button id="go">Go to Page 2</button>
> > <script>
> >   $("#go").click( function() {
> >      target = "/mypage2?" + "key1=" + mydata[0] + "&key2=" + mydata[1];
> // build the URI
> >      location.href = target; // redirect the page to that URL
> >    }
> > </script>
> >
> > myapp.py:
> > @app.route("/mypage2")
> > def mypage2():
> >   data1 = request.args.get("key1")
> >   data2 = request.args.get("key2")
> >   return render_template("mypage2.html", key1=data1, key2=data2)
> >
> > This isn't a complete by any means but hopefully gives enough to get you
> started... Let me know if you would like a better example and I'll try to
> put something up on github for you.
> >
> > BK
> >
> > On Fri, Mar 11, 2016 at 10:30 AM, Mazzei, Stephen Andrew <
> Stephen.Mazzei at asrcfederal.com> wrote:
> > Good morning,
> >
> > I am looking for help on a MySQL issue. I am currently running an query
> over a database and populating a table. The table contains items group
> units and then their values. I currently have the group unit as a link to
> that units own webpage.
> >
> > On this webpage I would like to repost the same table information, per
> the unit, and then some additional information. How can I pass the query
> from the previous webpage to the next page without having to re-run the
> same query over and over again.
> >
> > Thank you
> >
> >
> > ---
> > Stephen A. Mazzei
> > Systems Administrator | AFDS, ASRC Federal Data Solutions - P&G HPC
> Account | 513-634-9965
> >
> >
> >
> > The preceding message (including attachments) is covered by the
> Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is
> intended only for the person or entity to which it is addressed, and may
> contain information that is confidential, protected by attorney-client or
> other privilege, or otherwise protected from disclosure by law. If you are
> not the intended recipient, you are hereby notified that any retention,
> dissemination, distribution, or copying of this communication is strictly
> prohibited. Please reply to the sender that you have received the message
> in error and destroy the original message and all copies.
> >
> > _______________________________________________
> > Flask mailing list
> > Flask at python.org
> > https://mail.python.org/mailman/listinfo/flask
> >
> >
> >
> >
> > The preceding message (including attachments) is covered by the
> Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is
> intended only for the person or entity to which it is addressed, and may
> contain information that is confidential, protected by attorney-client or
> other privilege, or otherwise protected from disclosure by law. If you are
> not the intended recipient, you are hereby notified that any retention,
> dissemination, distribution, or copying of this communication is strictly
> prohibited. Please reply to the sender that you have received the message
> in error and destroy the original message and all copies.
> >
> >
> > The preceding message (including attachments) is covered by the
> Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is
> intended only for the person or entity to which it is addressed, and may
> contain information that is confidential, protected by attorney-client or
> other privilege, or otherwise protected from disclosure by law. If you are
> not the intended recipient, you are hereby notified that any retention,
> dissemination, distribution, or copying of this communication is strictly
> prohibited. Please reply to the sender that you have received the message
> in error and destroy the original message and all copies.
> >
> > _______________________________________________
> > Flask mailing list
> > Flask at python.org
> > https://mail.python.org/mailman/listinfo/flask
> >
> >
> >
> >
> > The preceding message (including attachments) is covered by the
> Electronic Communication Privacy Act, 18 U.S.C. sections 2510-2512, is
> intended only for the person or entity to which it is addressed, and may
> contain information that is confidential, protected by attorney-client or
> other privilege, or otherwise protected from disclosure by law. If you are
> not the intended recipient, you are hereby notified that any retention,
> dissemination, distribution, or copying of this communication is strictly
> prohibited. Please reply to the sender that you have received the message
> in error and destroy the original message and all copies.
> > _______________________________________________
> > Flask mailing list
> > Flask at python.org
> > https://mail.python.org/mailman/listinfo/flask
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/flask/attachments/20160311/71b93179/attachment.html>


More information about the Flask mailing list