Nav apraksta

adminestudiantes.py 3.3KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112
  1. # from sqlalchemy import metadata
  2. import sqlalchemy as db
  3. #########################
  4. # stack overflow:
  5. # Python sanitizing html from a string
  6. def escape(htmlstring):
  7. escapes = {'\"': '"',
  8. '\'': ''',
  9. '<': '&lt;',
  10. '>': '&gt;'}
  11. # This is done first to prevent escaping other escapes.
  12. htmlstring = htmlstring.replace('&', '&amp;')
  13. for seq, esc in escapes.iteritems():
  14. htmlstring = htmlstring.replace(seq, esc)
  15. return htmlstring
  16. #########################
  17. # connect to server
  18. engine = db.create_engine('mysql+pymysql://root:@0.0.0.0/registro_escolar_1')
  19. connection = engine.connect()
  20. # estudiantes = db.Table('estudiantes', metadata, autoload=True, autoload_with=engine)
  21. # usuarios = db.Table('usuarios', metadata, autoload=True, autoload_with=engine)
  22. def estudiantes():
  23. query = 'SELECT u.id, u.nombres, u.apellidos, u.email FROM usuarios u, estudiantes m WHERE u.id = m.user_id'
  24. result_db = connection.execute(query).fetchall()
  25. ###### headers
  26. headers = '['
  27. headers += '{"nombre":"Nombre"}'
  28. headers += ','
  29. headers += '{"nombre":"Grado"}'
  30. headers += ','
  31. headers += '{"nombre":"Email"}'
  32. headers += ','
  33. headers += '{"nombre":"Informacion"}'
  34. headers += ','
  35. headers += '{"nombre":"Editar"}'
  36. headers += ']'
  37. # headers = '[{"nombre":"Nombre"},{"nombre":"Posicion"},{"nombre":"Informacion"},{"nombre":"Editar"}]'
  38. ###### tabla
  39. tabla = '['
  40. modal_content = '['
  41. i = 0
  42. len_result = len(result_db)
  43. for q in result_db:
  44. i = i+1
  45. tabla += '{'
  46. modal_content += '{'
  47. tabla += '"Nombre":"'+escape(q[1])+' '+escape(q[2])+'"'
  48. modal_content += '"Nombre":"'+escape(q[1])+' '+escape(q[2])+'"'
  49. tabla += ','
  50. modal_content += ','
  51. query = 'SELECT grado FROM estudiantes e WHERE e.user_id = ' + str(q[0])
  52. total_hijos = connection.execute(query).fetchall()
  53. tabla += '"Hijos Matriculados":"'+str(total_hijos[0][0])+'"'
  54. modal_content += '"Hijos Matriculados":"'+str(total_hijos[0][0])+'"'
  55. tabla += ','
  56. modal_content += ','
  57. tabla += '"Email":"'+escape(q[3])+'"'
  58. modal_content += '"Email":"'+escape(q[3])+'"'
  59. tabla += ','
  60. modal_content += ','
  61. tabla += '"user_id":"'+str(q[0])+'"'
  62. modal_content += '"user_id":"'+str(q[0])+'"'
  63. tabla += '}'
  64. modal_content += '}'
  65. if i < len_result:
  66. tabla += ','
  67. modal_content += ','
  68. tabla += ']'
  69. modal_content += ']'
  70. ###### info
  71. info = '{'
  72. info += '"dash_name":"Manejar Estudiantes"'
  73. info += ','
  74. info += '"dash_link":"/admin/ver/"'
  75. info += ','
  76. info += '"dash_sub_name":"Estudiantes Registrados"'
  77. info += ','
  78. info += '"add":"Anadir Estudiantes"'
  79. info += ','
  80. info += '"add_link":"/admin/forma/add/estudiante/"'
  81. info += ','
  82. info += '"dir1":"#"'
  83. info += ','
  84. info += '"dir2":"/admin/forma/edit/estudiante/"'
  85. info += '}'
  86. ###### modal
  87. modal = '{'
  88. modal += '"infoName":"Ver informacion"'
  89. modal += ','
  90. modal += '"editName":"/admin/ver/"'
  91. modal += '}'
  92. result = '{"headers":'+headers+',"tabla":'+tabla+',"modal_content":'+modal_content+',"info":'+info+',"modal":'+modal+'}'
  93. # print(result)
  94. return(result)