submissions werken nu.

bonus feature: sql injection mogelijk

web/app.py

@@ -12,23 +12,27 @@ def get_db():
 
 @app.route("/", methods = ['GET', 'POST'])
 def root():
-    request
+    db = get_db()
     user_cookie = request.cookies.get("userid")
+    if user_cookie is None:
+        user_cookie = str(random.randint(100000, 999999))
+        print(f"Userid was None, nieuw UID: {user_cookie}")
+
     if request.method == "POST":
-        print(str(request.form))
-    if request.method == "GET":
-        posts = get_db().cursor().execute(f"select * from posts").fetchall()
+        new_submission = request.form.get("text")
+        print(f"insert into posts values ({user_cookie},'{new_submission}');")
+        db.cursor().execute(f"insert into posts values ({user_cookie},'{new_submission}');")
+        db.commit()
 
-        resp = make_response(render_template('./index.html', posts=posts))
-        if user_cookie is None:
-            resp.set_cookie("userid", str(random.randint(100000, 999999)))
-        return resp
 
-    return "YES"
+    posts = db.cursor().execute(f"select * from posts where userid = {user_cookie};").fetchall()
+    resp = make_response(render_template('./index.html', posts=posts))
+    resp.set_cookie("userid",str(user_cookie))
+    return resp
+
 
 @app.teardown_appcontext
 def close_connection(exception):
     db = getattr(g, '_database', None)
     if db is not None:
         db.close()
-

web/templates/index.html

@@ -9,7 +9,8 @@
 </head>
 <body>
     <form method="POST">
-        <input type="text"/>
+        <label for="text">Enter new submission:</label>
+        <input type="text" name="text" />
         <input type="submit"/>
         
     </form>
@@ -18,4 +19,4 @@
         {% endfor %}
 </body>
 </html>
-{% endautoescape %}
+{% endautoescape %}