-1

I am trying to make a login page using flask and python but I amnot able to be routed to that page it is directly going to return statement and printing Hello in my case. If I try adding else case it is going into else case and doing things in else case.And if I put main function in else case it is giving error :

werkzeug.exceptions.HTTPException.wrap..newcls: 400 Bad Request: KeyError: 'Employee_ID'

code:

from flask import Flask, render_template, request, redirect,flash
from flask_mysqldb import MySQL
app = Flask(__name__)
app.config['MYSQL_HOST'] = "127.1.1.0"
app.config['MYSQL_USER'] = "root"
app.config['MYSQL_PASSWORD'] = "***"
app.config['MYSQL_DB'] ="users"

mysql = MySQL(app)
@app.route('/login', methods=['GET', 'POST'])
def login():
    if request.method == 'POST':
        userDetails = request.form
        Employee_ID = userDetails['Employee_ID']
        password = userDetails['password']
        cur = mysql.connection.cursor()
        cur.execute("select * from user where Employee_ID=%s",(Employee_ID))
        EmpDetails=cur.fetchone()
        cur.close()
        if EmpDetails== password:
            flash('You have logged in successfully !!')
            return 0
    return "Hello"

if __name__ == '__main__':
    app.run(debug=True)

HTML Template: 

</head>
<h1><center>Sign In!</center></h1>

<body>

<div class="login-page">
    <div class="form" >
<form class="register-form" method="post" action="login.html">
    <input type="text" id="Employee_ID" placeholder="Employee ID" />
    <input type="password" id="password" placeholder="password"/>

    <button>Enter</button>
        </form>
    </div>    

</div>

</body>


</html>
idk
  • 85
  • 1
  • 11
  • I am planning for production.Please let me know how to get rid of injection issue? – idk May 15 '19 at 11:38

2 Answers2

1

You are missing the name field in the html inputs. The form elements are fetched using the input name field. You are trying to get the element values using the id field due to which the KeyError is being raised, as no element in the form with that key is being found.

Change your HTML file as:

</head>
<h1><center>Sign In!</center></h1>

<body>

<div class="login-page">
    <div class="form" >
<form class="register-form" method="post" action="login.html">
    <input type="text" id="Employee_ID" name="Employee_ID" placeholder="Employee ID" /> <-- add name field
    <input type="password" id="password" name="password" placeholder="password"/> <--add name field

    <button>Enter</button>
        </form>
    </div>    

</div>

</body>


</html>

Hope it helps you.

Sanip
  • 1,772
  • 1
  • 14
  • 29
0

You are doing wrong wtith html code to run a python function and you need to define in html form to trigger your action like this..

Corrected solution:

<form class="register-form" method="post" action="/login">
<input type="text" id="Employee_ID" placeholder="Employee ID" />
<input type="password" id="password" placeholder="password"/>
 <input type="submit"/>
    </form>
Rahul Rawat
  • 52
  • 5