当前位置：文江博客话题详情

当参数为空时烧瓶会返回什么

发布于 2025-01-23 01:11:35 字数 3031 浏览 5 评论 0 原文

我正在为道德黑客创建一个网站，可以在其中搜索收集数据泄露数据库的数据库。我正在制作此应用程序使用URL参数，为了使应用程序简单，我只留下我不使用空白的参数。 用户名=＆amp; password = pass ，但我的问题是有时（因为它在此之前正在工作）返回一个随机值，我不知道。

例如，假设该变量称为 var1 ，我做了一个if语句制作，确保这不是零，所以我这样做了，

if var1 != "":
    pass

但是有一些奇怪的值会经历，if语句仍在运行。

我尝试的是：

我尝试在if statement中添加多个值，也可能是空白的， var1！=“”或var1！= none或var1！=“”

这是我与Postman一起使用的确切URL，它抛出了 500 500内部服务器错误

http://localhost:6969/search/shordan?ip=&port=&domain=&formated_domain=&asn=&isp=&orginization=&tag=&product=&city=i&country=u&email=&tel=

或！= 语句在第一个If loop进行测试的情况下

> 注意，

if ip != "" or ip != None or ip != " ":
    IP = f"ip LIKE '%{ip}%' "
    andCounter += 1
    hasIP = True
else:
    IP = ""
if port != "" or port != None:
    Port = f"Port LIKE '%{port}%' "
    andCounter += 1
    hasPort = True
else:
    Port = ""
if domain != "" or domain != None:
    Domain = f"Domain LIKE '%{domain}%' "
    andCounter += 1
    hasDomain = True
else:
    Domain = ""
if formatedDomain != "" or formatedDomain != None:
    FormatedDomain = f"'FORMATED DOMAIN' LIKE '%{formatedDomain}%' "
    andCounter += 1
    hasFormatedDomain = True
else:
    formatedDomain = ""
if asn != "" or asn != None:
    print("asn: " + asn)
    Asn = f"asn LIKE '%{asn}%' "
    andCounter += 1
    hasAsn = True
else:
    Asn = ""
if isp != "" or isp != None:
    ISP = f"ISP LIKE '%{isp}%' "
    andCounter += 1
    hasISP = True
else:
    ISP = ""
if orginization != "" or orginization != None:
    Orginization = f"ORGANIZATION LIKE '%{orginization}%' "
    andCounter += 1
    hasOrginization = True
else:
    Orginization = ""
if tag != "" or tag != None:
    Tag = f"tags LIKE '%{tag}%' "
    andCounter += 1
    hasTag = True
else:
    Tag = ""
if product != "" or product != None:
    print("product: " + product)
    Product = f"product LIKE '%{product}%' "
    andCounter += 1
    hasProduct = True
else:
    Product = ""
if city != "" or city != None:
    print("city: " + city)
    City = f"city LIKE '%{city}%' "
    andCounter += 1
    hasCity = True
else:
    City = ""
if country != "" or country != None:
    Country = f"country LIKE '%{country}%' "
    andCounter += 1
    hasCountry = True
else:
    Country = ""
if email != "" or email != None:
    Email = f"email LIKE '%{email}%' "
    andCounter += 1
    hasEmail = True
else:
    Email = ""
if tel != "" or tel != None:
    Tel = f"tel LIKE '%{tel}%' "
    andCounter += 1
    hasTel = True
else:
    Tel = ""

我做了if语句制作变量 true 如果IF语句运行，则我打印出来，这些是结果

Has IP: True
has Port: True
Has Domain: True
Has Formated Domain: True
hasASN: False
hasISP: True
hasOrginization: True
hasTag: True
hasProduct: True
hasCity: True
hasCountry: True
hasEmail: True
hasTel: True

原文

I'm creating a website for ethical hackers where they can search a database of Collections 1-5' data breach. I'm Making this application use URL parameters, to make the application simple I just leave the parameters I'm not using blank ex. username=&password=pass but my issue is that sometimes (because it was working before this) returns a random value I can't figure out.

For example, let's say the variable is called var1, I make an If statement-making sure that's it's not null so I do

if var1 != "":
    pass

But there's some weird value going through and the if statement is still running.

What I've tried:

I've tried adding multiple values to the if-statement that could also be blank like,
var1 != "" or var1 != None or var1 != " "

This is the exact URL I use with postman and it throws a 500 500 INTERNAL SERVER ERROR

http://localhost:6969/search/shordan?ip=&port=&domain=&formated_domain=&asn=&isp=&orginization=&tag=&product=&city=i&country=u&email=&tel=

Note I only added the extra or != statements to the first if loop for testing which didn't work

And these are my if statements

if ip != "" or ip != None or ip != " ":
    IP = f"ip LIKE '%{ip}%' "
    andCounter += 1
    hasIP = True
else:
    IP = ""
if port != "" or port != None:
    Port = f"Port LIKE '%{port}%' "
    andCounter += 1
    hasPort = True
else:
    Port = ""
if domain != "" or domain != None:
    Domain = f"Domain LIKE '%{domain}%' "
    andCounter += 1
    hasDomain = True
else:
    Domain = ""
if formatedDomain != "" or formatedDomain != None:
    FormatedDomain = f"'FORMATED DOMAIN' LIKE '%{formatedDomain}%' "
    andCounter += 1
    hasFormatedDomain = True
else:
    formatedDomain = ""
if asn != "" or asn != None:
    print("asn: " + asn)
    Asn = f"asn LIKE '%{asn}%' "
    andCounter += 1
    hasAsn = True
else:
    Asn = ""
if isp != "" or isp != None:
    ISP = f"ISP LIKE '%{isp}%' "
    andCounter += 1
    hasISP = True
else:
    ISP = ""
if orginization != "" or orginization != None:
    Orginization = f"ORGANIZATION LIKE '%{orginization}%' "
    andCounter += 1
    hasOrginization = True
else:
    Orginization = ""
if tag != "" or tag != None:
    Tag = f"tags LIKE '%{tag}%' "
    andCounter += 1
    hasTag = True
else:
    Tag = ""
if product != "" or product != None:
    print("product: " + product)
    Product = f"product LIKE '%{product}%' "
    andCounter += 1
    hasProduct = True
else:
    Product = ""
if city != "" or city != None:
    print("city: " + city)
    City = f"city LIKE '%{city}%' "
    andCounter += 1
    hasCity = True
else:
    City = ""
if country != "" or country != None:
    Country = f"country LIKE '%{country}%' "
    andCounter += 1
    hasCountry = True
else:
    Country = ""
if email != "" or email != None:
    Email = f"email LIKE '%{email}%' "
    andCounter += 1
    hasEmail = True
else:
    Email = ""
if tel != "" or tel != None:
    Tel = f"tel LIKE '%{tel}%' "
    andCounter += 1
    hasTel = True
else:
    Tel = ""

If it helps I made the if statement make a variable True if the if statement runs then i printed that and these are the results

Has IP: True
has Port: True
Has Domain: True
Has Formated Domain: True
hasASN: False
hasISP: True
hasOrginization: True
hasTag: True
hasProduct: True
hasCity: True
hasCountry: True
hasEmail: True
hasTel: True

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

败给现实 2025-01-30 01:11:35

我试图验证param是否没有：

@app.route("/test",methods=["GET"]) 
def test():
  emptyvalues = ["", "''", " ", "' '", None, '""', '" "']
  data = request.args
  if "ip" in data and data["ip"] not in emptyvalues:
    hasIP = True
  else:
    hasIP = False
  if "port" in data and data["port"] not in emptyvalues:
    hasPort = True
  else:
    hasPort = False

  print(hasIP, hasPort)
  print(data)
  return 'hello'

我使用的

/test?ip=123&port=&domain=&formated_domain=&asn=&isp=&orginization=&tag=&product=&city=i&country=u&email=&tel=

结果是

True
False
ImmutableMultiDict([('ip', '123'), ('port', ''), ('domain', ''), ('formated_domain', ''), ('asn', ''), ('isp', ''), ('orginization', ''), ('tag', ''), ('product', ''), ('city', 'i'), ('country', 'u'), ('email', ''), ('tel', '')])

您的代码使用的结果，而不是“而不是”和“这就是为什么无效输入以true的传播

I tried to do verify if the param is none by:

@app.route("/test",methods=["GET"]) 
def test():
  emptyvalues = ["", "''", " ", "' '", None, '""', '" "']
  data = request.args
  if "ip" in data and data["ip"] not in emptyvalues:
    hasIP = True
  else:
    hasIP = False
  if "port" in data and data["port"] not in emptyvalues:
    hasPort = True
  else:
    hasPort = False

  print(hasIP, hasPort)
  print(data)
  return 'hello'

I used

/test?ip=123&port=&domain=&formated_domain=&asn=&isp=&orginization=&tag=&product=&city=i&country=u&email=&tel=

Which results to

True
False
ImmutableMultiDict([('ip', '123'), ('port', ''), ('domain', ''), ('formated_domain', ''), ('asn', ''), ('isp', ''), ('orginization', ''), ('tag', ''), ('product', ''), ('city', 'i'), ('country', 'u'), ('email', ''), ('tel', '')])

Your code uses "or" instead of "and" that's why the invalid input are passing out as True

回复收藏 0 原文

~没有更多了~