python3对url编解码

import urllib.parse
# Python3 url编码
print(urllib.parse.quote("天安门"))
# Python3 url解码
print(urllib.parse.unquote("%E5%A4%A9%E5%AE%89%E9%97%A8"))

my_web.py(修改)

import pymysql
import time
import os
import re
import sys
# ------- 添加 --------
from urllib.parse import unquote
template_root = "./templates"
# 用来存放url路由映射
# url_route = {
# "/index.py":index_func,
# "/center.py":center_func
# }
g_url_route = dict()
def route(url):
 def func1(func):
 # 添加键值对，key是需要访问的url，value是当这个url需要访问的时候，需要调用的函数引用
 g_url_route[url]=func
 def func2(file_name):
 return func(file_name)
 return func2
 return func1
@route(r"/index.html")
def index(file_name, url=None):
 """返回index.py需要的页面内容"""
 # return "hahha" + os.getcwd() # for test 路径问题
 try:
 file_name = file_name.replace(".py", ".html")
 f = open(template_root + file_name)
 except Exception as ret:
 return "%s" % ret
 else:
 content = f.read()
 f.close()
 # data_from_mysql = "暂时没有数据，请等待学习mysql吧，学习完mysql之后，这里就可以放入mysql查询到的数据了"
 db = pymysql.connect(host='localhost',port=3306,user='root',password='mysql',database='stock_db',charset='utf8')
 cursor = db.cursor()
 sql = """select * from info;"""
 cursor.execute(sql)
 data_from_mysql = cursor.fetchall()
 cursor.close()
 db.close()
 html_template = """
 <tr>
 <td>%d</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>
 <input type="button" value="添加" id="toAdd" name="toAdd" systemidvaule="%s">
 </td>
 </tr>"""
 html = ""
 for info in data_from_mysql:
 html += html_template % (info[0], info[1], info[2], info[3], info[4], info[5], info[6], info[7], info[1])
 content = re.sub(r"\{%content%\}", html, content)
 return content
@route(r"/center.html")
def center(file_name, url=None):
 """返回center.py需要的页面内容"""
 # return "hahha" + os.getcwd() # for test 路径问题
 try:
 file_name = file_name.replace(".py", ".html")
 f = open(template_root + file_name)
 except Exception as ret:
 return "%s" % ret
 else:
 content = f.read()
 f.close()
 # data_from_mysql = "暂时没有数据,,,,~~~~(>_<)~~~~ "
 db = pymysql.connect(host='localhost',port=3306,user='root',password='mysql',database='stock_db',charset='utf8')
 cursor = db.cursor()
 sql = """select i.code,i.short,i.chg,i.turnover,i.price,i.highs,j.note_info from info as i inner join focus as j on i.id=j.info_id;"""
 cursor.execute(sql)
 data_from_mysql = cursor.fetchall()
 cursor.close()
 db.close()
 html_template = """
 <tr>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>%s</td>
 <td>
 <a type="button" class="btn btn-default btn-xs" href="/update/%s.html"> <span class="glyphicon glyphicon-star" aria-hidden="true"></span> 修改 </a>
 </td>
 <td>
 <input type="button" value="删除" id="toDel" name="toDel" systemidvaule="%s">
 </td>
 </tr>
 """
 html = ""
 for info in data_from_mysql:
 html += html_template % (info[0], info[1], info[2], info[3], info[4], info[5], info[6], info[0], info[0])
 content = re.sub(r"\{%content%\}", html, content)
 return content
@route(r"/update/(\d*)\.html")
def update(file_name, url):
 """显示 更新页面的内容"""
 try:
 template_file_name = template_root + "/update.html"
 f = open(template_file_name)
 except Exception as ret:
 return "%s,,,没有找到%s" % (ret, template_file_name)
 else:
 content = f.read()
 f.close()
 ret = re.match(url, file_name)
 if ret:
 stock_code = ret.group(1)
 else:
 stock_code = 0
 db = pymysql.connect(host='localhost',port=3306,user='root',password='mysql',database='stock_db',charset='utf8')
 cursor = db.cursor()
 # 会出现sql注入，怎样修改呢？ 参数化
 sql = """select focus.note_info from focus inner join info on focus.info_id=info.id where info.code=%s;""" % stock_code
 cursor.execute(sql)
 stock_note_info = cursor.fetchone()
 cursor.close()
 db.close()
 content = re.sub(r"\{%code%\}", stock_code, content)
 content = re.sub(r"\{%note_info%\}", str(stock_note_info[0]), content)
 return content
@route(r"/update/(\d*)/(.*)\.html")
def update_note_info(file_name, url):
 """进行数据的真正更新"""
 stock_code = 0
 stock_note_info = ""
 ret = re.match(url, file_name)
 if ret:
 stock_code = ret.group(1)
 stock_note_info = ret.group(2)
 stock_note_info = unquote(stock_note_info) # ------ 添加 -------
 db = pymysql.connect(host='localhost',port=3306,user='root',password='mysql',database='stock_db',charset='utf8')
 cursor = db.cursor()
 # 会出现sql注入，怎样修改呢？ 参数化
 sql = """update focus inner join info on focus.info_id=info.id set focus.note_info="%s" where info.code=%s;""" % (stock_note_info, stock_code)
 cursor.execute(sql)
 db.commit()
 cursor.close()
 db.close()
 return "修改成功"
def app(environ, start_response):
 status = '200 OK'
 response_headers = [('Content-Type', 'text/html')]
 start_response(status, response_headers)
 file_name = environ['PATH_INFO']
 try:
 for url, call_func in g_url_route.items():
 print(url)
 ret = re.match(url, file_name)
 if ret:
 return call_func(file_name, url)
 break
 else:
 return "没有访问的页面--->%s" % file_name
 except Exception as ret:
 return "%s" % ret
 else:
 return str(environ) + '-----404--->%s\n'