saving to db: 1st version

cgi-bin/comex_merci_pour_les_infos.py.cgi

@@ -16,6 +16,7 @@ from ctypes      import c_int
 from re          import sub
 from jinja2      import Template, Environment, FileSystemLoader
 from sys         import stdout   # for direct buffer write of utf-8 bytes
+from sqlite3     import connect
 
 # debug
 import cgitb
@@ -61,6 +62,42 @@ def print_to_buffer(stringy):
     """
     stdout.buffer.write((stringy+'\n').encode('utf-8'))
 
+def sanitize(value_array):
+    """
+    simple and radical: leaves only alphanum and '.' '-' ':'
+
+    TODO allow more of the safe chars
+    """
+    sanitized_array = []
+    for val in value_array:
+        str_val = str(val)
+        sanitized_array.append(sub(r'[^\w@\.-:]', '', str_val))
+    return sanitized_array
+
+def save_to_db(records):
+    """
+    Expected columns:
+      FOR TESTS
+      - email
+      - initials
+
+      TODO
+      - first_name
+      - middle_name
+      - last_name
+      - jobtitle
+      - keywords
+      - institution
+      - institution city
+      - team/lab if applicable
+      - organization type
+    """
+    safe_records = sanitize(records)
+    c = connect('../data/registered.db')
+    c.execute('INSERT INTO test_table VALUES (?,?)', safe_records)
+    c.close()
+
+
 ########### MAIN ###########
 if __name__ == "__main__":
 
@@ -110,6 +147,8 @@ if __name__ == "__main__":
         # debug data keys
         # print([k for k in this_data])
 
+        # sanitize & save to DB
+        save_to_db([email, initials])
 
         # show received values in template
         template_thanks = get_template("thank_you.html")

cgi-bin/test_cgi_user.py.cgi

+#!/usr/bin/env python3
+"""
+Package: Registration page for comex app
+
+simple script to test the cgi user (apache?)
+=> to know what db permissions to set
+
+(inspired by stackoverflow.com/a/25574419)
+"""
+__author__    = "CNRS"
+__copyright__ = "Copyright 2016 ISCPIF-CNRS"
+__version__   = "1"
+__email__     = "romain.loth@iscpif.fr"
+__status__    = "Test"
+
+from os          import getegid
+from getpass     import getuser
+from sys         import stdout
+
+# debug
+import cgitb
+cgitb.enable()
+
+
+def print_to_buffer(stringy):
+    """
+    print() with utf-8 in a cgi doesn't work well because print is
+    connected to sys.stdout which has hardcoded encoding ASCII...
+    (but in reality html can of course have utf-8 bytes in cgi)
+    so to avoid print function we write to sys.stdout.buffer
+    (inspired by http://stackoverflow.com/questions/14860034)
+    """
+    stdout.buffer.write((stringy).encode('utf-8')+b'\n')
+
+
+########### MAIN ###########
+if __name__ == "__main__":
+    # any response must have this
+    print_to_buffer("Content-type: text/html")
+    print_to_buffer('')  # blank line <=> end of headers
+
+    print_to_buffer( "Env user id: %s <br/>" % getegid() )
+    print_to_buffer( "Real user: %s <br/>" % getuser() )