1 @post('/api/product/')
2 def callback():
3 """
4 新增记录
5 """
6 name = web_helper.get_form('name', '产品名称')
7 code = web_helper.get_form('code', '产品编码')
8 product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
9 standard = web_helper.get_form('standard', '产品规格')
10 quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
11 place_of_origin = web_helper.get_form('place_of_origin', '产地')
12 front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
13 content = web_helper.get_form('content', '产品描述', is_check_special_char=False)
14 # 防sql注入攻击处理
15 content = string_helper.filter_str(content, "'")
16 # 防xss攻击处理
17 content = string_helper.clear_xss(content)
18 is_enable = convert_helper.to_int0(web_helper.get_form('is_enable', '是否启用'))
19
20 # 添加记录(使用returning这个函数能返回指定的字段值,这里要求返回新添加记录的自增id值)
21 sql = """insert into product (name, code, product_class_id, standard, quality_guarantee_period,
22 place_of_origin, front_cover_img, content, is_enable)
23 values (%s, %s, %s, %s, %s, %s, %s, %s, %s) returning id"""
24 vars = (name, code, product_class_id, standard, quality_guarantee_period, place_of_origin, front_cover_img, content, is_enable)
25 # 写入数据库
26 result = db_helper.write(sql, vars)
27 # 判断是否提交成功
28 if result and result[0].get('id'):
29 return web_helper.return_msg(0, '成功')
30 else:
31 return web_helper.return_msg(-1, "提交失败")
32
33
34 @put('/api/product/<id:int>/')
35 def callback(id):
36 """
37 修改记录
38 """
39
40 name = web_helper.get_form('name', '产品名称')
41 code = web_helper.get_form('code', '产品编码')
42 product_class_id = convert_helper.to_int0(web_helper.get_form('product_class_id', '产品分类'))
43 standard = web_helper.get_form('standard', '产品规格')
44 quality_guarantee_period = web_helper.get_form('quality_guarantee_period', '保质期')
45 place_of_origin = web_helper.get_form('place_of_origin', '产地')
46 front_cover_img = web_helper.get_form('front_cover_img', '封面图片')
47 content = web_helper.get_form('content 
