Flask view takes int argument, throws error if someone enters a string

StackOverflow https://stackoverflow.com/questions/17529453

  •  02-06-2022
  •  | 
  •  

Question

Here's the code

@app.route('/account/<user_id>', methods = ["GET", "POST"])
@login_required
def user(user_id):
    user = User.query.filter_by(id = user_id).first()
 ...
return render_template('template.html')

If someone manually enters
htp://localhost/user/aaa for example, it throws an error. How can I check that the user id is an int before it throws an error? On the production server, it will probably throw a server error, but it would be better just to throw a 403 forbidden error.

Thank you!

Was it helpful?

Solution

Use int converter:

@app.route('/account/<int:user_id>', methods = ["GET", "POST"])
@login_required
def user(user_id):
    user = User.query.filter_by(id = user_id).first()
    ...
    return render_template('template.html')

Also see documentation: http://werkzeug.pocoo.org/docs/routing/#builtin-converters.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top