def add_numbers():
search = request.args.get('s')
if not search or ':' not in search or "'" in search:
return redirect('/')
page = request.args.get('p', 1, type=int)
page = page if page > 0 else 1
limits = '{},{}'.format((page-1)*show_cnt, show_cnt)
order = 'id desc'
search_str = search.split(' ')
params = {}
for param in search_str:
name, value = param.split(':')
if name not in ['host', 'port', 'status_code','method', 'type', 'content_type', 'scheme', 'extension']:
return redirect('/')
params[name] = value
condition = comma = ''
glue = ' AND '
for key, value in params.iteritems():
if ',' in value and key in ['port','status_code','method','type']:
values = [escape_string(x) for x in value.split(',')]
condition += "{}`{}` in ('{}')".format(comma, key, "', '".join(values))
elif key in ['host']:
condition += "{}`{}` like '%{}'".format(comma, key, escape_string(value))
else:
condition += "{}`{}` = '{}'".format(comma, key, escape_string(value))
comma = glue
dbconn = connect_db()
count_sql = 'select count(*) as cnt from capture where {}'.format(condition)
record_size = int(dbconn.query(count_sql, fetchone=True).get('cnt'))
max_page = record_size/show_cnt + 1
records = dbconn.fetch_rows(
table='capture',
condition=condition,
order=order,
limit=limits)
return render_template(
'index.html',
records=records,
page=page,
search=search,
max_page=max_page)
评论列表
文章目录
