CS50 Week 8: Notes

CS50 store demo

Cookies and sessions start off this weeks lecture notes. The important thing to remember is http protocol is a stateless protocol. This means traditionally you request a webpage, the server gives you the page data and nothing else happens. Similar to going to a store, buying an item and leaving. The cashier doesn’t remember you next time. That is what stateless means.

Cookies and sessions allow the experience to be more stateful, meaning when you request a webpage, a cookie is inside that request header giving the server some unique info about you. This returns a webpage made only for you. Back to the store analogy, if every Monday you bought eggs, and the store had a way of knowing it was you right when you walked in, someone would just bring you eggs or even have them ready for you in advance at the register.

Here is the store demo code for application.py

On line 8 setting the SESSION_PERMANENT value to False means we do not store the session after the browser has been closed. If you quit the browser program and re-open it, the cart values will not be saved. However if the browser is still open and you close just the window, or tab, the cart values will persist. The SESSION_TYPE we are using is filesystem, which means our session values are stored on the server (in a folder called flask_session).

MVC – Model View Controller

MVC is a way of organizing pieces of a web application. The model is where all the database calls are made (variables being used in SQL statements most of the time). The View is for templating, like jinja2, the look of your pages. The controller is usually a main routes page like application.py, where decisions are made based on what the user is doing.

A Simple Example

I downloaded the lecture.db file from the notes and put it in the same directory as this script:

from cs50 import SQL

db = SQL("sqlite:///lecture.db")

# Query database for all albums
rows = db.execute("SELECT * FROM Album")

# For each album in database
for row in rows:
	# Print title of album

In my terminal I got this result:

Using sys.argv[1] we can pass variables into the command line which get substituted.

like this:

rows = db.execute("SELECT * FROM Album WHERE Title = :t", t=sys.argv[1])

Its important to remember we don’t use the normal formatting syntax f”my string {variable}” in this case. Because the variables are sanitized, meaning the removal of potentially harmful characters. SQL injection is a thing attacks can use to get into our databases, so it’s important to just know we need this sanitization before running our sql statements.

Adding Flask to the mix

So with a flask application we will use the lecture.db file to show album titles on a webpage:

from flask import Flask, render_template, request

from cs50 import SQL

app = Flask(__name__)

db = SQL("sqlite:///lecture.db")

def index():
    rows = db.execute("SELECT * FROM Album")
    return render_template("index.html", albums=rows)

running this (I had to remove eprint) will show a block of text on the browser, which is all the album titles. But the cool thing is we’re using a database. So we have state, which means we can save things for later =).

Query arguments

We can also pass query arguments from the URL using a GET request type:

def index():
    query = request.args.get("q")
    rows = db.execute("SELECT * FROM Album WHERE Title LIKE :q", q=query+"%")
    return render_template("index.html", albums=rows)

Above is a modified version of the example code. Using LIKE and a % symbol which is a wildcard, you can just use a single letter and it will return whatever starts with it.

So this URL:

returns this:

So this is apparently enough for us poor online learning only souls to create an app for buying and selling stocks!

See you in the next one.

0 0 votes
Article Rating
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x