In [None]:
11 exception handling
What to Do When
Things Go Wrong
I’ve tested this rope to
destruction...what can
possibly go wrong?
Things go wrong, all the time—no matter how good your code is. 
You’ve successfully executed all of the examples in this book, and you’re likely confident all
of the code presented thus far works. But does this mean the code is robust? Probably not.
Writing code based on the assumption that nothing bad ever happens is (at best) naive. At
worst, it’s dangerous, as unforeseen things do (and will) happen. It’s much better if you’re
wary while coding, as opposed to trusting. Care is needed to ensure your code does what
you want it to, as well as reacts properly when things go south. In this chapter, you’ll not only
see what can go wrong, but also learn what to do when (and, oftentimes, before) things do.
this is a new chapter   413

In [None]:
for issues
We’re starting this chapter by diving right in. Presented below is the latest code to the
vsearch4web.py webapp. As you’ll see, we’ve updated this code to use the check_
logged_in decorator from the last chapter to control when the information presented by the
/viewlog URL is (and isn’t) visible to users.
Take as long as you need to read this code, then use a pencil to circle and annotate the parts
you think might cause problems when operating within a production environment. Highlight
everything that you think might cause an issue, not just potential runtime issues or errors.
from flask import Flask, render_template, request, escape, session
from vsearch import search4letters
from DBcm import UseDatabase
from checker import check_logged_in
app = Flask(__name__)
app.config['dbconfig'] = {'host': '127.0.0.1',
'user': 'vsearch',
'password': 'vsearchpasswd',
'database': 'vsearchlogDB', }
@app.route('/login')
def do_login() -> str:
session['logged_in'] = True
return 'You are now logged in.'
@app.route('/logout')
def do_logout() -> str:
session.pop('logged_in')
return 'You are now logged out.'
def log_request(req: 'flask_request', res: str) -> None:
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """insert into log
(phrase, letters, ip, browser_string, results)
values
(%s, %s, %s, %s, %s)"""
cursor.execute(_SQL, (req.form['phrase'],
req.form['letters'],
req.remote_addr,
req.user_agent.browser,
res, ))
414   Chapter 11

In [None]:
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
log_request(request, results)
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
@app.route('/')
@app.route('/entry')
def entry_page() -> 'html':
return render_template('entry.html',
the_title='Welcome to search4letters on the web!')
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """select phrase, letters, ip, browser_string, results
from log"""
cursor.execute(_SQL)
contents = cursor.fetchall()
titles = ('Phrase', 'Letters', 'Remote_addr', 'User_agent', 'Results')
return render_template('viewlog.html',
the_title='View Log',
the_row_titles=titles,
the_data=contents,)
app.secret_key = 'YouWillNeverGuessMySecretKey'
if __name__ == '__main__':
app.run(debug=True)
you are here 4   415

In [None]:
ng issues
You were to take as long as you needed to read the code shown below (which is an updated
version of the vsearch4web.py webapp). Then, using a pencil, you were to circle and
annotate the parts you thought might cause problems when operating within a production
environment. You were to highlight everything you thought might cause an issue, not just
potential runtime issues or errors. (We’ve numbered our annotations for ease of reference.)
from flask import Flask, render_template, request, escape, session
from vsearch import search4letters
from DBcm import UseDatabase
from checker import check_logged_in
app = Flask(__name__)
2. Are these SQL statements
protected from nasty web-base
attacks such as SQL injection or d
Cross-site scripting?
app.config['dbconfig'] = {'host': '127.0.0.1',
'user': 'vsearch',
1. What happens
'password': 'vsearchpasswd',
if the database
'database': 'vsearchlogDB', }
connection fails?
@app.route('/login')
def do_login() -> str:
session['logged_in'] = True
return 'You are now logged in.'
@app.route('/logout')
def do_logout() -> str:
session.pop('logged_in')
return 'You are now logged out.'
executing
3. What happens if ents takes
these SQL statem
a long time?
def log_request(req: 'flask_request', res: str) -> None:
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """insert into log
(phrase, letters, ip, browser_string, results)
values
(%s, %s, %s, %s, %s)"""
cursor.execute(_SQL, (req.form['phrase'],
req.form['letters'],
req.remote_addr,
req.user_agent.browser,
res, ))
416   Chapter 11

In [None]:
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
log_request(request, results)
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
4. What happens
if this call fails?
@app.route('/')
@app.route('/entry')
def entry_page() -> 'html':
return render_template('entry.html',
the_title='Welcome to search4letters on the web!')
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """select phrase, letters, ip, browser_string, results
from log"""
cursor.execute(_SQL)
contents = cursor.fetchall()
titles = ('Phrase', 'Letters', 'Remote_addr', 'User_agent', 'Results')
return render_template('viewlog.html',
the_title='View Log',
the_row_titles=titles,
the_data=contents,)
app.secret_key = 'YouWillNeverGuessMySecretKey'
if __name__ == '__main__':
app.run(debug=True)
you are here 4   417

In [None]:
Databases Aren’t Always Available
We’ve identified four potential issues with the vsearch4web.py code, and we
concede that there may be many more, but we’ll worry about these four issues for now.
Let’s consider each of the four issues in more detail (which we do here and on the next
few pages, by simply describing the problems; we’ll work on solutions later in this chapter).
First up is worrying about the backend database:
1
What happens if the database connection fails?
Our webapp blissfully assumes that the backend database is always
operational and available, but it may not be (for any number of reasons).
At the moment, it is unclear what happens when the database is down,
as our code does not consider this eventuality.
Let’s see what happens if we temporarily switch off the backend database. As you can
see below, our webapp loads fine, but as soon as we do anything, an intimidating error
message appears:
Everything
looks OK
here...
...but, when you click
on the “Do it!” button,
the webapp crashes with
an “InterfaceError”.
418   Chapter 11

In [None]:
Web At tacks Are a Re al Pain
As well as worrying about issues with your backend database, you also need to
worry about nasty individuals trying to do nasty things to your webapp, which
brings us to the second issue:
2
Is our webapp protected from web attacks?
The phrases SQL injection (SQLi) and Cross-site scripting (XSS) should
strike fear in the heart of every web developer. The former allows
attackers to exploit your backend database, while the latter allows them
to exploit your website. There are other web exploits that you’ll need to
worry about, but these are the “big two.”
As with the first issue, let’s see what happens when we try to simulate these exploits
against our webapp. As you can see, it appears we’re ready for both of them:
If you try to inject SQL int
the web interface, it has no o
effect (other than the exp
“search4letters” output). ected
pt
Any attempt to exploit XSS by feeding JavaScri
ct.
effe
to the webapp has no
The JavaScript isn’t executed (th
treated just like any other textua ankfully); it’s
l data sent to the
webapp.
you are here 4   419

In [None]:
Input-Output Is (Some times) Slow
At the moment, our webapp communicates with our backend database in an
almost instantaneous manner, and users of our webapp notice little or no delay as
the webapp interacts with the database. But imagine if the interactions with the
backend database took some time, perhaps seconds:
3
What happens if something takes a long time?
Perhaps the backend database is on another machine, in another
building, on another continent...what would happen then?
Communications with the backend database may take time. In fact, whenever
your code has to interact with something that’s external to it (for example: a file, a
database, a network, or whatever), the interaction can take any amount of time,
the determination of which is usually beyond your control. Despite this lack of
control, you do have to be cognizant that some operations may be lengthy.
To demonstrate this issue, let’s add an artificial delay to our webapp (using the
sleep function, which is part of the standard library’s time module). Add this
line of code to the top of your webapp (near the other import statements):
from time import sleep
With the above import statement inserted, edit the log_request function
and insert this line of code before the with statement:
sleep(15)
If you restart your webapp, then initiate a search, there’s a very distinct delay
while your web browser waits for your webapp to catch up. As web delays go, 15
seconds will feel like a lifetime, which will prompt most users of your webapp to
believe something has crashed:
o
After clicking on the “D
b
it!” button, your we its...
browser waits...and wa ...
and waits...and waits
420   Chapter 11

In [None]:
Your Function Calls Can Fail
The final issue identified during this chapter’s opening exercise relates to the
function call to log_request within the do_search function:
4
What happens if a function call fails?
There’s never a guarantee that a function call will succeed, especially if
the function in question interacts with something external to your code.
We’ve already seen what can happen when the backend database is unavailable—
the webapp crashes with an InterfaceError:
There’s no
database, so
your webapp
crashes.
Other problems can surface, too. To simulate another error, find the sleep(15)
line you added from the Issue 3 discussion, and replace it with a single statement:
raise. When executed by the interpreter, raise forces a runtime error. If you
try your webapp again, a different error occurs this time:
Something
else went
wrong, and
your webapp
crashes again.
Before flipping the
page, remove that
call to “raise” from
your code to ensure
the webapp starts
working again.
you are here 4   421

In [None]:
Considering the Identified Problems
We’ve identified four issues with the vsearch4web.py code. Let’s revisit each
and consider our next steps.
1. Your database connection fails
Errors occur whenever an external system your code relies on is unavailable. The
interpreter reported an InterfaceError when this happened. It’s possible to
spot, then react to, these types of errors using Python’s built-in exception-handling
mechanism. If you can spot when an error occurs, you’re then in a position to do
something about it.
2. Your application is subjected to an at tack
Although a case can be made that worrying about attacks on your application
is only of concern to web developers, developing practices that improve
the robustness of the code you write are always worth considering. With
vsearch4web.py, dealing with the “big two” web attack vectors, SQL injection
(SQLi) and Cross-site scripting (XSS), appears to be well in hand. This is more of
a happy accident than by design on your part, as the Jinja2 library is built to
guard against XSS by default, escaping any potentially problematic strings (recall
that the JavaScript we tried to trick our webapp into executing had no effect). As
regards SQLi, our use of DB-API’s parameterized SQL strings (with all those ?
placeholders) ensures—again, thanks to the way these modules were designed—
that your code is protected from this entire class of attack.
3. Your code take s a long time to e xecute
If your code takes a long time to execute, you have to consider the impact on your
user’s experience. If your user doesn’t notice, then you’re likely OK. However, if
your user has to wait, you may have to do something about it (otherwise, your user
may decide the wait isn’t worth it, and go elsewhere).
4. Your function call fails
It’s not just external systems that generate exceptions in the interpreter—your
code can raise exceptions, too. When this happens, you need to be ready to spot
the exception, then recover as needed. The mechanism you use to enable this
behavior is the same one hinted at in the discussion of issue 1, above.
So...where do we start when dealing with these four issues? It’s possible to use the
same mechanism to deal with issues 1 and 4, so that’s where we’ll begin.
422   Chapter 11

In [None]:
Always Tr y to Execute Error-Prone Code
When something goes wrong with your code, Python raises a runtime exception.
Think of an exception as a controlled program crash triggered by the interpreter.
As you’ve seen with issues 1 and 4, exceptions can be raised under many different
circumstances. In fact, the interpreter comes with a whole host of built-in
exception types, of which RuntimeError (from issue 4) is only one example.
As well as the built-in exception types, it’s possible to define your own custom
exceptions, and you’ve seen an example of this too: the InterfaceError
exception (from issue 1) is defined by the MySQL Connector module.
To spot (and, hopefully, recover from) a runtime exception, deploy Python’s try
statement, which can help you manage exceptions as they occur at runtime.
For a complete list of the
built-in exceptions, see
https://docs.python.org/3/
library/exceptions.html.
To see try in action, let’s first consider a snippet of code that might fail when
executed. Here are three innocent-looking, but potentially problematic, lines of
code for you to consider:
l
There’s nothing weird or wonde is rfu
file
ed
nam
going on here: the
and
opened, and its data is obtained
.
een
scr
then displayed on
There’s nothing wrong with these three lines of code and—as currently written—
they will execute. However, this code might fail if it can’t access myfile.txt.
Perhaps the file is missing, or your code doesn’t have the necessary file-reading
permissions. When the code fails, an exception is raised:
When a runtime error
occurs, Python displays
a “traceback”, which
details what went
wrong, and where.
In this case, the
interpreter thinks the
problem is on line 2.
Whoops!
Let’s start learning what try can do by adjusting the above code snippet to
protect against this FileNotFoundError exception.
Despite being ugly to look
at, the traceback message is
useful.
you are here 4   423

In [None]:
Catching an Error Is Not Enough
When a runtime error occurs, an exception is raised. If you ignore a raised exception
it is referred to as uncaught, and the interpreter will terminate your code, then
display a runtime error message (as shown in the example from the bottom of the last
page). That said, raised exceptions can also be caught (i.e., dealt with) with the try
statement. Note that it’s not enough to catch runtime errors, you also have to decide
what you’re going to do next.
Perhaps you’ll decide to deliberately ignore the raised exception, and keep going...with
your fingers firmly crossed. Or maybe you’ll try to run some other code in place of the
code that crashed, and keep going. Or perhaps the best thing to do is to log the error
before terminating your application as cleanly as possible. Whatever you decide to do,
the try statement can help.
In its most basic form, the try statement allows you to react whenever the execution
of your code results in a raised exception. To protect code with try, put the code
within try’s suite. If an exception occurs, the code in the try’s suite terminates, and
then the code in the try’s except suite runs. The except suite is where you define
what you want to happen next.
Let’s update the code snippet from the last page to display a short message whenever
the FileNotFoundError exception is raised. The code on the left is what you had
previously, while the code on the right has been amended to take advantage of what
try and except have to offer:
When a runtime
error is raised, it
can be caught or
uncaught: “try”
lets you catch a
raised error, and
“except” lets you
do something
about it.
Note how the entire code
snippet is indented under
the “try” statement.
The “except” statement is
indented to the same level
as its associated “try”,
and has its own suite.
Note that what was three lines of code is now six, which may seem wasteful, but isn’t.
The original snippet of code still exists as an entity; it makes up the suite associated
with the try statement. The except statement and its suite is new code. Let’s see
what difference these amendments make.
424   Chapter 11
This code is indented
under the “except” clause
and only executes if
the “FileNotFoundErr

In [None]:
Page NO--424

In [None]:
Test Drive
Let’s take the try...except version of your code snippet for a spin. If myfile.txt exists and
is readable by your code, its contents will appear on screen. If not, a run-time exception is raised.
We already know that myfile.txt does not exist, but now, instead of seeing the ugly traceback
message from earlier, the exception-handling code fires and we’re presented with a friendlier
message (even though our code snippet still crashed):
snippet, the
The first time you ran the code tra
ack.
interpreter generated this ugly ceb
The new version of the code produces
a much friendlier messages thanks to
“try” and “except”.
There can be more than one e xception raised...
This new behavior is better, but what happens if myfile.txt exists but your
code does not have permission to read from it? To see what happens, we created
the file, then set its permissions to simulate this eventuality. Rerunning the new
code produces this output:
Yikes! We’re back to seeing
an ugly traceback message,
as a “PermissionError” was
raised.
you are here 4   425

In [None]:
tr y Once, but e xcept Many Time s
To protect against another exception being raised, simply add another except
suite to your try statement, identifying the exception you’re interested in and
providing whatever code you deem necessary in the new except’s suite. Here’s
another updated version of the code that handles the PermissionError
exception (should it be raised):
In addition to
“FileNotFoundError”
exceptions, this code also
handles a “PermissionError”.
Executing this amended code still results in the PermissionError exception
being raised. However, unlike before, the ugly traceback has been replaced by a much
friendlier message:
This is much better.
This is looking good: you’ve managed to adjust what happens whenever the file you’re
hoping to work with isn’t there (it doesn’t exist), or is inaccessible (you don’t have the
correct permissions). But what happens if an exception is raised that you weren’t
expecting?
426   Chapter 11

In [None]:
A Lot of Things Can Go Wrong
Before answering the question posed at the bottom of the last page—what happens if
an exception is raised that you weren’t expecting?—take a look at some of Python 3’s built-
in exceptions (which are copied directly from the Python documentation). Don’t be
surprised if you’re struck by just how many there are:
All the built-
in exceptions
inherit from
a class called
“Exception”.
There
are an
awful lot
of these,
aren’t
there?
...
Exception
+-- StopIteration
+-- StopAsyncIteration
+-- ArithmeticError
|
+-- FloatingPointError
|
+-- OverflowError
|
+-- ZeroDivisionError
+-- AssertionError
+-- AttributeError
+-- BufferError
+-- EOFError
+-- ImportError
+-- LookupError
|
+-- IndexError
|
+-- KeyError
+-- MemoryError
+-- NameError
|
+-- UnboundLocalError
+-- OSError
|
+-- BlockingIOError
|
+-- ChildProcessError
|
+-- ConnectionError
|
|
+-- BrokenPipeError
|
|
+-- ConnectionAbortedError
|
|
+-- ConnectionRefusedError
|
|
+-- ConnectionResetError
|
+-- FileExistsError
|
+-- FileNotFoundError
|
+-- InterruptedError
|
+-- IsADirectoryError
|
+-- NotADirectoryError
|
+-- PermissionError
|
+-- ProcessLookupError
|
+-- TimeoutError
			...
Here’s the two
exceptions that our
code currently handles.
It would be crazy to try to write a separate except suite for each of these runtime
exceptions, as some of them may never occur. That said, some might occur, so you
do need to worry about them a little bit. Rather than try to handle each exception
individually, Python lets you define a catch-all except suite, which fires whenever a
runtime exception occurs that you haven’t specifically identified.
you are here 4   427

In [None]:
The Catch-All Exception Handler
Let’s see what happens when some other error occurs. To simulate just such an
occurrence, we’ve changed myfile.txt from a file into a folder. Let’s see what
happens when we run the code now:
Another exception is raised. You could create an extra except suite that fires when
this IsADirectoryError exception occurs, but let’s specify a catch-all runtime
error instead, which fires whenever any exception (other than the two we’ve already
specified) occurs. To do this, add a catch-all except statement to the end of the
existing code:
This “except”
statement
is “bare”: it
does not refer
to a specific
exception.
Running this amended version of your code gets rid of the ugly traceback, displaying
a friendly message instead. No matter what other exception occurs, this code handles it
thanks to the addition of the catch-all except statement:
428   Chapter 11

In [None]:
Haven’t We Just Lost Some thing?
OK. I get what’s going on here. But
does this code not now hide the fact that
we just had an “IsADirectoryError”? Isn’t
it important to know exactly which error
you’ve encountered?
Ah, yes...good catch.
This latest code has tidied up the output (in
that the ugly traceback is gone), but you’ve
also lost some important information: you no
longer know what the specific issue with your
code was.
Knowing what exception was raised is often
important, so Python lets you get at the data
associated with the most-recent exception
information as it’s being handled. There are two
ways to do this: using the facilities of the sys
module, and using an extension to the try/
except syntax.
Let’s look at both of these techniques.
Q:
A:
Is it possible to create a catch-all exception handler that does nothing?
Yes. It is often tempting to add this except suite to the bottom of a try statement:
		except:
		
pass
Please try not to do this. This except suite implements a catch-all that ignores any other exception (presumedly in the misguided hope
that if something is ignored it might go away). This is a dangerous practice, as—at the very least—an unexpected exception should result in an
error message appearing on screen. So, be sure to always write error-checking code that handles exceptions, as opposed to ignores them.
you are here 4   429

In [None]:
Le arning About Exceptions f rom “sys”
The standard library comes with a module called sys that provides access to the
interpreters, internals (a set of variables and functions available at runtime).
One such function is exc_info, which provides information on the exception
currently being handled. When invoked, exc_info returns a three-valued
tuple where the first value indicates the exception’s type, the second details the
exception’s value, and the third contains a traceback object that provides
access to the traceback message (should you need it). When there is no currently
available exception, exc_info returns the Python null value for each of the
tuple values, which looks like this:(None, None, None).
Knowing all of this, let’s experiment at the >>> shell. In the IDLE session that
follows, we’ve written some code that’s always going to fail (as dividing by zero is
never a good idea). A catch-all except suite uses the sys.exc_info function to
extract and display data relating to the currently firing exception:
To learn more
about “sys”, see
https://docs.
python.org/3/
library/sys.html.
Be sure to import the “sys” module.
Dividing by zero is *never* a good idea...and when your code
divides by zero an exception occurs
Let’s extract and display the data associated
with the currently occurring exception.
Here’s the data associated with the
exception, which confirms that we
have an issue with divide-by-zero.
It’s possible to delve deeper into the traceback object to learn more about what
just happened, but this already feels like too much work, doesn’t it? All we really
want to know is what type of exception occurred.
To make this (and your life) easier, Python extends the try/except syntax to
make it convenient to get at the information returned by the sys.exc_info
function, and it does this without you having to remember to import the sys
module, or wrangle with the tuple returned by that function.
Recall from a few pages back that the interpreter arranges exceptions in a
hierarchy, with each exception inheriting from one called Exception. Let’s take
advantage of this hierarchical arrangement as we rewrite our catch-all exception
handler.
430   Chapter 11
Recall the
exception hierarchy
from earlier.
...
Exception
+--
+--
+--
|
|
|
+--
+--
+--
+--
StopIteration
StopAsyncIteration
ArithmeticError
+-- FloatingPointError
+-- OverflowError
+-- ZeroDivisionError
AssertionError
AttributeError
BufferError

In [None]:
The Catch-All Exception Handler, Revisited
Consider your current code, which explicitly identifies the two exceptions you
want to handle (FileNotFoundError and PermissionError), as well as
provides a generic catch-all except suite (to handle everything else):
This code works, but
doesn’t really tell
you much when some
unexpected exception
occurs.
Note how, when referring to a specific exception, we’ve identified the exception by
name after the except keyword. As well as identifying specific exceptions after
except, it’s also possible to identify classes of exceptions using any of the names
in the hierarchy.
For instance, if you’re only interested in knowing that an arithmetic error
has occurred (as opposed to—specifically—a divide-by-zero error), you
could specify except ArithmeticError, which would then catch a
FloatingPointError, an OverflowError, and a ZeroDivisionError
should they occur. Similarly, if you specify except Exception, you’ll catch
any error.
But how does this help...surely you’re already catching all errors with a “bare”
except statement? It’s true: you are. But you can extend the except
Exception statement with the as keyword, which allows you to assign the
current exception object to a variable (with err being a very popular name in
this situation) and create more informative error message. Take a look at another
version of the code, which uses except Exception as:
Recall that all the
exceptions inherit
from “Exception”.
...
Exception
+--
+--
+--
|
|
|
+--
+--
+--
+--
StopIteration
StopAsyncIteration
ArithmeticError
+-- FloatingPointError
+-- OverflowError
+-- ZeroDivisionError
AssertionError
AttributeError
BufferError
EOFError
...
Unlike the “bare” except
catch-all shown above, this one
arranges for the exception
object to be assigned to the
“err” variable.
The value of “err” is then ly
used as part of the friend d
message (as it’s always a goo s).
idea to report all exception
you are here 4   431

In [None]:
Page No--431

In [None]:
Test Drive
With this—the last of the changes to your try/except code—applied, let’s confirm that everything
is working as expected before returning to vsearch4web.py and applying what you now know
about exceptions to your webapp.
Let’s start with confirming that the code displays the correct message when the file is missing:
“myfile.txt”
doesn’t exist.
If the file exists, but you don’t have permission to access it, a different exception is raised:
The file
exists, but
you can’t
read it.
Any other exception is handled by the catch-all, which displays a friendly message:
Some other
exception has
occurred. In this
case, what you
thought was a file
is in fact a folder.
Finally, if all is OK, the try suite runs without error, and the file’s contents appear on screen:
Success! No
exceptions
occur, so the
“try” suite runs
to completion.
432   Chapter 11

In [None]:
Page No--432

In [None]:
Ge t ting Back to Our Webapp Code
Recall from the start of this chapter that we identified an issue with the call to
log_request within vsearch4web.py’s do_search function. Specifically,
we’re concerned about what to do when the call to log_request fails:
...
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
log_request(request, results)
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
...
4. What happens
if this call fails?
Based on our investigations, we learned that this call might fail if the backend
database is unavailable, or if some other error occurs. When an error (of any
type) occurs, the webapp responds with an unfriendly error page, which is likely to
confuse (rather than enlighten) your webapp’s users:
This is not
something you
want your
webapp users
to see.
Although it is important to us, the logging of each web request is not something
that our webapp users really care about; all they want to see is the results of their
search. Consequently, let’s adjust the webapp’s code so that it deals with errors
within log_request by handling any raised exceptions silently.
you are here 4   433

In [None]:
Page NO--433

In [None]:
Silently Handling Exceptions
Seriously? You’re planning to handle
exceptions raised by “log_request” silently?
Isn’t that just another variant of ignoring
exceptions and hoping they’ll go away?
No: “silently” does not mean “ignore.”
When we suggest handling exceptions silently in this
context, we’re referring to handling any exceptions
raised in such a way that your webapp users don’t
notice. At the moment, your users do notice, as
the webapp crashes with a confusing and—let’s be
honest—scary error page.
Your webapp users don’t need to worry about
log_request failing, but you do. So let’s adjust
your code so that exceptions raised by log_
request aren’t noticed by your users (i.e., they
are silenced), but are noticed by you.
Q:
A:
Doesn’t all this try / except stuff just make my code harder to read and understand?
It’s true that the example code in this chapter started out as three easy-to-understand lines of Python code, and then we added seven
lines of code, which—on the face of things—have nothing to do with what the first three lines of code are doing. However, it is important to
protect code that can potentially raise an exception, and try / except is generally regarded as the best way to do this. Over time, your
brain will learn to spot the important stuff (the code actually doing the work) that lives in the try suite, and filter out the except suites that
are there to handle exceptions. When trying to understand code that uses try / except , always read the try suite first to learn what the
code does, then look at the except suites if you need to understand what happens when things go wrong.
434   Chapter 11

In [None]:
Page No--434

In [None]:
Let’s add some try / except code to do_search ’s invocation of the
log_request function. To keep things straightforward, let’s add a catch-
all exception handler around the call to log_request , which, when it
fires, displays a helpful message on standard output (using a call to the
print BIF). In defining a catch-all exception handler, you can suppress
your webapp’s standard exception-handling behavior, which currently
displays the unfriendly error page.
Here’s log_request ’s code as it’s currently written:
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
log_request(request, results)
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
This line of code needs
to be protected in
case it fails (raising a
runtime error).
In the spaces below, provide the code that implements a catch-all
exception handler around the call to log_request :
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
Don’t forget to call
“log_request” as part d.
of the code you ad
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
you are here 4   435

In [None]:
The plan was to add some try / except code to do_search ’s
invocation of the log_request function. To keep things
straightforward, we decided to add a catch-all exception handler around
the call to log_request , which, when it fires, displays a helpful
message on standard output (using a call to the print BIF).
Here’s log_request ’s code as currently written:
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
log_request(request, results)
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
In the spaces below, you were to provide the code that implements a
catch-all exception handler around the call to log_request :
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
results = str(search4letters(phrase, letters))
This is the
catch-all.
try:
The call to “log_request
moved into the suite asso ” is
with a new “try” statem ciated
ent.
log_request(request, results)
except Exception as err:
print(‘***** Logging failed with this error:’, str(err))
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
the_results=results,)
436   Chapter 11
s
When a runtime error occurs, thi
for
een
scr
on
message is displayed
the admin only. Your user sees
nothing.

In [None]:
Page No--

In [None]:
(Extended) Test Drive, 1 of 3
With the catch-all exception-handling code added to vsearch4web.py, let’s take your webapp for an
extended spin (over the next few pages) to see the difference this new code makes. Previously, when
something went wrong, your user was greeted with an unfriendly error page. Now, however, the error is
handled “silently” by the catch-all code. If you haven’t done so already, run vsearch4web.py, then
use any browser to surf to your webapp’s home page:
$ python3 vsearch4web.py
* Running on http://127.0.0.1:5000/ (Press CTRL+C to quit)
* Restarting with fsevents reloader
* Debugger is active!
* Debugger pin code: 184-855-980
Your webapp is up and runnin
waiting to hear fom a browse g, r...
Go ahead
and surf on
over to your
webapp’s home
page.
On the terminal that’s running your code, you should see something like this:
...
* Debugger
127.0.0.1 -
127.0.0.1 -
127.0.0.1 -
pin code: 184-855-980
- [14/Jul/2016 10:54:31] "GET / HTTP/1.1" 200 -
- [14/Jul/2016 10:54:31] "GET /static/hf.css HTTP/1.1" 200 -
- [14/Jul/2016 10:54:32] "GET /favicon.ico HTTP/1.1" 404 -
r webapp
These 200s confirm that you
its
g
is up and running (and servin s up point.
thi
home page). All is good at
BTW: Don’t worry about this 40
4...we haven’t
defined a “favicon.ico” file for
our
(so it gets reported as not found webapp
when your
browser asks for it).
you are here 4   437

In [None]:
Page NO--437

In [None]:
(Extended) Test Drive, 2 of 3
In order to simulate an error, we’ve switched off our backend database, which should result in an error
occurring whenever the webapp tries to interact with the database. As our code silently catches all errors
generated by log_request, the webapp user isn’t aware that the logging hasn’t occurred. The catch-
all code has arranged to generate a message on screen describing the problem. Sure enough, when
you enter a phrase and click on the “Do it!” button, the webapp displays the results of your search in the
browser, whereas the webapp’s terminal screen displays the “silenced” error message. Note that, despite
the runtime error, the webapp continues to execute and successfully services the call to /search:
...
127.0.0.1 - - [14/Jul/2016 10:54:32] "GET /favicon.ico HTTP/1.1" 404 -
***** Logging failed with this error: 2003: Can't connect to MySQL server on '127.0.0.1:3306'
(61 Connection refused)
127.0.0.1 - - [14/Jul/2016 10:55:55] "POST /search4 HTTP/1.1" 200 -
r catch-all
This message is generated by e you
app user
web
exception-handling code. Th
doesn’t see it.
438   Chapter 11
Even though an error occurr
crash. In other words, the sea ed, rch the webapp didn’t
webapp user isn’t aware that the worked (but the
logging failed).

In [None]:
Page NO--438

In [None]:
(Extended) Test Drive, 3 of 3
In fact, no matter what error occurs when log_request runs, the catch-all code handles it.
We restarted our backend database, then tried to connect with an incorrect username. You can raise this
error by changing the dbconfig dictionary in vsearch4web.py to use vsearchwrong as the
value for user:
...
app.config['dbconfig'] = {'host': '127.0.0.1',
'user': 'vsearchwrong',
'password': 'vsearchpasswd',
'database': 'vsearchlogDB', }
....
When your webapp reloads and you perform a search, you’ll see a message like this in your terminal:
...
***** Logging failed with this error: 1045 (28000): Access denied for user 'vsearchwrong'@
'localhost' (using password: YES)
Change the value for user back to vsearch, and then let’s try to access a nonexistent table,
by changing the name of the table in the SQL query used in the log_request function to be
logwrong (instead of log):
def log_request(req: 'flask_request', res: str) -> None:
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """insert into logwrong
(phrase, letters, ip, browser_string, results)
values
(%s, %s, %s, %s, %s)"""
...
When your webapp reloads and you perform a search, you’ll see a message like this in your terminal:
...
***** Logging failed with this error: 1146 (42S02): Table 'vsearchlogdb.logwrong' doesn't exist
Change the name of the table back to log and then, as a final example, let’s add a raise statement to
the log_request function (just before the with statement), which generates a custom exception:
def log_request(req: 'flask_request', res: str) -> None:
raise Exception("Something awful just happened.")
with UseDatabase(app.config['dbconfig']) as cursor:
...
When your webapp reloads one last time, and you perform one last search, you’ll see the following
message in your terminal:
...
***** Logging failed with this error: Something awful just happened.
you are here 4   439

In [None]:
Handling Other Database Errors
The log_request function makes use of the UseDatabase context manager (as
provided by the DBcm module). Now that you’ve protected the call to log_request,
you can rest easy, safe in the knowledge that any issues relating to problems with the
database will be caught (and handled) by your catch-all exception-handling code.
However, the log_request function isn’t the only place where your webapp
interacts with the database. The view_the_log function grabs the logging data
from the database prior to displaying it on screen.
Recall the code for the view_the_log function:
...
All of this code
needs to be
protected, too.
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """select phrase, letters, ip, browser_string, results
from log"""
cursor.execute(_SQL)
contents = cursor.fetchall()
titles = ('Phrase', 'Letters', 'Remote_addr', 'User_agent', 'Results')
return render_template('viewlog.html',
the_title='View Log',
the_row_titles=titles,
the_data=contents,)
...
This code can fail, too, as it interacts with the backend database. However, unlike
log_request, the view_the_log function is not called from the code in
vsearch4web.py; it’s invoked by Flask on your behalf. This means you can’t write
code to protect the invocation of view_the_log, as it’s the Flask framework that
calls the function, not you.
If you can’t protect the invocation of view_the_log, the next best thing is to
protect the code in its suite, specifically the use of the UseDatabase context
manager. Before considering how to do this, let’s consider what can go wrong:
• The backend database may be unavailable.
• You may not be able to log in to a working database.
• After a successful login, your database query might fail.
• Something else (unexpected) might happen.
This list of problems is similar to those you had to worry about with log_request.
440   Chapter 11

In [None]:
Does “More Errors” Me an “More e xcepts”?
Knowing what we now know about try/except, we could add some code to the
view_the_log function to protect the use of the UseDatabase context manager:
...
Another
catch-all
exception
handler
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
try:
with UseDatabase(app.config['dbconfig']) as cursor:
		...
The rest of
the function’s
code goes
here.
except Exception as err:
print('Something went wrong:', str(err))
This catch-all strategy certainly works (after all, that’s what you used with log_
request). However, things can get complicated if you decide to do something other
than implement a catch-all exception handler. What if you decide you need to react
to a specific database error, such as “Database not found”? Recall from the beginning
of this chapter that MySQL reports an InterfaceError exception when this
happens:
This exception
is raised when
your code
can’t find
the backend
database.
You could add an except statement that targets the InterfaceError exception,
but to do this your code also has to import the mysql.connector module, which
defines this particular exception.
On the face of things, this doesn’t seem like a big deal. But it is.
you are here 4   441

In [None]:
Avoid Tightly Coupled Code
Let’s assume you’ve decided to create an except statement that protects against your
backend database being unavailable. You could adjust the code in view_the_log to
look something like this:
...
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
try:
with UseDatabase(app.config['dbconfig']) as cursor:
		...
The rest of
the function’s
code still goes
in here.
except mysql.connector.errors.InterfaceError as err:
print('Is your database switched on? Error:', str(err))
except Exception as err:
print('Something went wrong:', str(err))
...
If you also remember to add import mysql.connector to the top of your code,
this additional except statement works. When your backend database can’t be found,
this additional code allows your webapp to remind you to check that your database is
switched on.
This new code works, and you can see what’s going on here...what’s not to like?
The issue with approaching the problem in this way is that the code in
vsearch4web.py is now very tightly coupled to the MySQL database, and
specifically the use of the MySQL Connector module. Prior to adding this second
except statement, your vsearch4web.py code interacted with your backend
database via the DBcm module (developed earlier in this book). Specifically, the
UseDatabase context manager provides a convenient abstraction that decouples
the code in vsearch4web.py from the backend database. If, at some time in the
future, you needed to replace MySQL with PostgreSQL, the only changes you’d need
to make would be to the DBcm module, not to all the code that uses UseDatabase.
However, when you create code like that shown above, you tightly bind (i.e., couple)
your webapp code to the MySQL backend database because of that import
mysql.connector statement, in addition to your new except statement’s
reference to mysql.connector.errors.InterfaceError.
If you need to write code that tightly couples to your backend database, always
consider putting that code in the DBcm module. This way, your webapp can be written
to use the generic interface provided by DBcm, as opposed to a specific interface that
targets (and locks you into) a specific backend database.
Let’s now consider what moving the above except code into DBcm does for our
webapp.
442   Chapter 11

In [None]:
The DBcm Module, Revisited
You last looked at DBcm in Chapter 9, when you created that module in order to
provide a hook into the with statement when working with a MySQL database. Back
then, we sidestepped any discussion of error handling (by conveniently ignoring the
issue). Now that you’ve seen what the sys.exc_info function does, you should have
a better idea of what the arguments to UseDatabase’s __exit__ method mean:
import mysql.connector
This is the
context
manager code
in “DBcm.py”.
class UseDatabase:
def __init__(self, config: dict) -> None:
self.configuration = config
def __enter__(self) -> 'cursor':
self.conn = mysql.connector.connect(**self.configuration)
self.cursor = self.conn.cursor()
return self.cursor
def __exit__(self, exc_type, exc_value, exc_trace) -> None:
self.conn.commit()
self.cursor.close()
Now
self.conn.close()
Recall that UseDatabase implements three methods:
• __init__ provides a configuration opportunity prior to with executing,
• __enter__ executes as the with statement starts, and
• __exit__ is guaranteed to execute whenever the with’s suite terminates.
that you’ve
seen “exc_info”,
it should be clear
what these method
arguments refer to:
exception data.
At least, that’s the expected behavior whenever everything goes to plan. When things
go wrong, this behavior changes.
For instance, if an exception is raised while __enter__ is executing, the with
statement terminates, and any subsequent processing of __exit__ is cancelled. This
makes sense: if __enter__ runs into trouble, __exit__ can no longer assume that
the execution context is initialized and configured correctly (so it’s prudent not to run
the __exit__ method’s code).
The big issue with the __enter__ method’s code is that the backend database may
not be available, so let’s take some time to adjust __enter__ for this possibility,
generating a custom exception when the database connection cannot be established.
Once we’ve done this, we’ll adjust view_the_log to check for our custom
exception instead of the highly database-specific mysql.connector.errors.
InterfaceError.
you are here 4   443

In [None]:
Cre ating Custom Exceptions
Creating your own custom exceptions couldn’t be any easier: decide on an appropriate
name, then define an empty class that inherits from Python’s built-in Exception
class. Once you’ve defined a custom exception, it can be raised with the raise
keyword. And once an exception is raised, it’s caught (and dealt with) by try/
except.
A quick trip to IDLE’s >>> prompt demonstrates custom exceptions in action. In this
example, we’re creating a custom exception called ConnectionError, which we
then raise (with raise), before catching with try/except. Read the annotations in
numbered order, and (if you’re following along) enter the code we’ve typed at the >>>
prompt:
1. Create a
new class called
“ConnectionError”
that inherits from
the “Exception”
class.
2. “pass” is Python’s empty
that creates the empty class. statement
3. Raising our new
exception (with
“raise”) results
in a traceback
message.
4. Catch the
“ConnectionError”
exception using
“try/except”.
5. The “ConnectionError” was caught, allowing
us to customize the error message.
The empt y class isn’t quite empt y...
In describing the ConnectionError class as “empty,” we told a little lie.
Granted, the use of pass ensures that there’s no new code associated with the
ConnectionError class, but the fact that ConnectionError inherits from
Python’s built-in Exception class means that all of the attributes and behaviors
of Exception are available in ConnectionError too (making it anything but
empty). This explains why ConnectionError works just as you’d expect it to with
raise and try/except.
444   Chapter 11

In [None]:
Let’s adjust the DBcm module to raise a custom ConnectionError
whenever a connection to the backend database fails.
Here’s the current code to DBcm.py . In the spaces provided, add in the
code required to raise a ConnectionError .
import mysql.connector
class UseDatabase:
def __init__(self, config: dict) -> None:
self.configuration = config
def __enter__(self) -> 'cursor':
Add code
to “raise” a
“ConnnectionError”.
self.conn = mysql.connector.connect(**self.configuration)
self.cursor = self.conn.cursor()
return self.cursor
def __exit__(self, exc_type, exc_value, exc_trace) -> None:
self.conn.commit()
self.cursor.close()
self.conn.close()
2
With the code in the DBcm module amended, use your pencil to detail any
changes you’d make to this code from vsearch4web.py in order to
take advantage of the newly defined ConnectionError exception:
Use your pencil to from DBcm import UseDatabase
show the changes import mysql.connector
you’d make to this
...
code now that the
the_row_titles=titles,
“ConnectionError”
exception exists.
the_data=contents,)
except mysql.connector.errors.InterfaceError as err:
print('Is your database switched on? Error:', str(err))
except Exception as err:
print('Something went wrong:', str(err))
return 'Error'
you are here 4   445

In [None]:
ou were to adjust the DBcm module to raise a custom
ConnectionError whenever a connection to the backend database
fails. You were to adjust the current code to DBcm.py to add in the code
required to raise a ConnectionError .
1
Define the
custom exception
as an “empty”
class that
import mysql.connector
inherits from
class ConnectionError(Exception):
“Exception”.
pass
class UseDatabase:
def __init__(self, config: dict) -> None:
self.configuration = config
def __enter__(self) -> 'cursor':
A new “try/
except”
construct
protects the
database
connection code.
try:
self.conn = mysql.connector.connect(**self.configuration)
self.cursor = self.conn.cursor()
return self.cursor
except mysql.connector.errors.InterfaceError as err:
raise ConnectionError(err)
2
With the code in the DBcm module amended, you were to detail any
changes you’d make to this code from vsearch4web.py in order to
take advantage of the newly defined ConnectionError exception:
DBcm import UseDatabase ,
import mysql.connector
...
446   Chapter 11
Raise the custom
exception.
def __exit__(self, exc_type, exc_value, exc_trace) -> None:
self.conn.commit()
self.cursor.close()
self.conn.close()
You don’t need
to import
“mysql.connector”
anymore (as
“DBcm” does
this for you). from
Change the first
“except” statement
to look for a
“ConnectionError”
as opposed to an
“InterfaceError”.
Within the “DBcm.py” code,
refer to the backend
database-specific exceptions
by their full name.
ConnectionError
ConnectionError
the_row_titles=titles,
the_data=contents,)
Be sure to
import the
“ConnectionError”
exception from
“DBcm”.
except mysql.connector.errors.InterfaceError as err:
print('Is your database switched on? Error:', str(err))
except Exception as err:
print('Something went wrong:', str(err))
return 'Error'

In [None]:
Test Drive
Let’s see what difference this new code makes. Recall that you’ve moved the MySQL-specific
exception-handling code from vsearch4web.py into DBcm.py (and replaced it with code that
looks for your custom ConnectionError exception). Has this made any difference?
Here are the messages that the previous version of vsearch4web.py generated whenever the
backend database couldn’t be found:
...
Is your database switched on? Error: 2003: Can't connect to MySQL server on '127.0.0.1:3306'
(61 Connection refused)
127.0.0.1 - - [16/Jul/2016 21:21:51] "GET /viewlog HTTP/1.1" 200 -
And here are the messages that the most recent version of vsearch4web.py generates whenever
the backend database can’t be found:
...
Is your database switched on? Error: 2003: Can't connect to MySQL server on '127.0.0.1:3306'
(61 Connection refused)
127.0.0.1 - - [16/Jul/2016 21:22:58] "GET /viewlog HTTP/1.1" 200 -
You’re trying to
trick me, aren’t you?
These error messages
are the same!
Yes. On the face of things, these are the same.
However, although the output from the current and previous
versions of vsearch4web.py appears identical, behind the
scenes things are very different.
If you decide to change the backend database from MySQL to
PostgreSQL, you no longer have to worry about changing any
of the code in vsearch4web.py, as all of your database-
specific code resides in DBcm.py. As long as the changes you
make to DBcm.py maintain the same interface as previous
versions of the module, you can change SQL databases as
often as you like. This may not seem like a big deal now, but if
vsearch4web.py grows to hundreds, thousands, or tens of
thousands of lines of code, its really is a big deal.
you are here 4   447

In [None]:
What Else Can Go Wrong with “DBcm”?
Even if your backend database is up and running, things can still go wrong.
For example, the credentials used to access the database may be incorrect. If
they are, the __enter__ method will fail again, this time with a mysql.
connector.errors.ProgrammingError.
Or, the suite of code associated with your UseDatabase context manager
may raise an exception, as there’s never a guarantee that it executes correctly. A
mysql.connector.errors.ProgrammingError is also raised whenever
your database query (the SQL you’re executing) contains an error.
The error message associated with an SQL query error is different than the
message associated with the credentials error, but the exception raised is the same:
mysql.connector.errors.ProgrammingError. Unlike with credentials
errors, errors in your SQL results in an exception being raised while the with
statement is executing. This means that you’ll need to consider protecting against
this exception in more than one place. The question is: where?
To answer this question, let’s take another look at DBcm’s code:
import mysql.connector
class ConnectionError(Exception):
pass
class UseDatabase:
def __init__(self, config: dict):
self.configuration = config
This code
can raise a
“ProgrammingError”
exception.
def __enter__(self) -> 'cursor':
try:
self.conn = mysql.connector.connect(**self.configuration)
self.cursor = self.conn.cursor()
return self.cursor
except mysql.connector.errors.InterfaceError as err:
raise ConnectionError(err)
def __exit__(self, exc_type, exc_value, exc_traceback):
self.conn.commit()
self.cursor.close()
self.conn.close()
ur
But what about exceptions that occ
pen
hap
se
The
e?
suit
within the “with”
ends
*after* the “__enter__” method
but *before* the “__exit__” method
starts.
448   Chapter 11
You might be tempted to suggest that exceptions raised within the
with suite should be handled with a try/except statement
within the with, but such a strategy gets you right back to writing
tightly coupled code. But consider this: when an exception is
raised within with’s suite and not caught, the with statement
arranges to pass details of the uncaught exception into your
context manager’s __exit__ method, where you have the
option of doing something about it.

In [None]:
Cre ating More Custom Exceptions
Let’s extend DBcm.py to report two additional, custom exceptions.
The first is called CredentialsError and is raised when a ProgrammingError
occurs within the __enter__ method. The second is called SQLError and is raised
when a ProgrammingError is reported to the __exit__ method.
Defining these new exceptions is easy: add two new, empty exception classes to the top
of DBcm.py:
import mysql.connector
class ConnectionError(Exception):
pass
class CredentialsError(Exception):
pass
class SQLError(Exception):
pass
Two additional
classes define your
two new exceptions.
class UseDatabase:
def __init__(self, configuration: dict):
self.config = configuration
		...
A CredentialsError can occur during __enter__, so let’s adjust that method’s
code to reflect this. Recall that an incorrect MySQL username or password results in a
ProgrammingError being raised:
		...
try:
self.conn = mysql.connector.connect(**self.config)
Add this code to
self.cursor = self.conn.cursor()
the “__enter__”
return self.cursor
l
dea
to
d
metho
except
mysql.connector.errors.InterfaceError as err:
es.
issu
in
log
with any
raise ConnectionError(err)
except mysql.connector.errors.ProgrammingError as err:
raise CredentialsError(err)
def __exit__(self, exc_type, exc_value, exc_traceback):
self.conn.commit()
self.cursor.close()
self.conn.close()
These code changes adjust DBcm.py to raise a CredentialsError exception
when you provide either an incorrect username or password from your code to your
backend database (MySQL). Adjusting vsearch4web.py’s code is your next task.
you are here 4   449

In [None]:
Are Your Database Credentials Correct?
With these latest changes made to DBcm.py, let’s now adjust the code in
vsearch4web.py, paying particular attention to the view_the_log function.
However, before doing anything else, add CredentialsError to the list of
imports from DBcm at the top of your vsearch4web.py code:
Be sure to
import your
new exception.
...
from DBcm import UseDatabase, ConnectionError, CredentialsError
...
With the import line amended, you next need to add a new except
suite to the view_the_log function. As when you added support for a
ConnectionError, this is a straightforward edit:
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
try:
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """select phrase, letters, ip, browser_string, results
from log"""
cursor.execute(_SQL)
contents = cursor.fetchall()
titles = ('Phrase', 'Letters', 'Remote_addr', 'User_agent', 'Results')
return render_template('viewlog.html',
the_title='View Log',
the_row_titles=titles,
the_data=contents,)
except ConnectionError as err:
print('Is your database switched on? Error:', str(err))
except CredentialsError as err:
print('User-id/Password issues. Error:', str(err))
except Exception as err:
print('Something went wrong:', str(err))
return 'Error'
There’s really nothing new here, as all you’re doing is repeating what you did
for ConnectionError. Sure enough, if you try to connect to your backend
database with an incorrect username (or password), your webapp now displays an
appropriate message, like this:
”
Add this code to “view_the_ s log
use
e
to catch when your cod
the wrong username or password
with MySQL.
...
User-id/Password issues. Error: 1045 (28000): Access denied for user 'vsearcherror'@'localhost'
(using password: YES)
127.0.0.1 - - [25/Jul/2016 16:29:37] "GET /viewlog HTTP/1.1" 200 -
450   Chapter 11
Now that your code knows all about
“CredentialsError”, you generate an exception-
specific error message.

In [None]:
Handling SQLError Is Dif ferent
Both ConnectionError and CredentialsError are raised due to
problems with the __enter__ method’s code executing. When either exception
is raised, the corresponding with statement’s suite is not executed.
If all is well, your with suite executes as normal.
Recall this with statement from the log_request function, which uses the
UseDatabase context manager (provided by DBcm) to insert data into the
backend database:
We need to worry
about what happens
if something goes
wrong with this
code )i.e., the code
within the “with”
suite).
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """insert into log
(phrase, letters, ip, browser_string, results)
values
(%s, %s, %s, %s, %s)"""
cursor.execute(_SQL, (req.form['phrase'],
req.form['letters'],
req.remote_addr,
req.user_agent.browser,
res, ))
If (for some reason) your SQL query contains an error, the MySQL Connector
module generates a ProgrammingError, just like the one raised during your
context manager’s __enter__ method. However, as this exception occurs within
your context manager (i.e., within the with statement) and is not caught there, the
exception is passed back to the __exit__ method as three arguments: the type
of the exception, the value of the exception, and the traceback associated with the
exception.
If you take a quick look at DBcm’s existing code for __exit__, you’ll see that the
three arguments are ready and waiting to be used:
The three
exception
arguments are
ready for use.
def __exit__(self, exc_type, exc_value, exc_traceback):
self.conn.commit()
self.cursor.close()
self.conn.close()
When an exception is raised within the with suite and not caught, the context
manager terminates the with suite’s code, and jumps to the __exit__
method, which then executes. Knowing this, you can write code that checks for
exceptions of interest to your application. However, if no exception is raised, the
three arguments (exc_type, exc_value, and exc_traceback) are all set to
None. Otherwise, they are populated with details of the raised exception.
Let’s exploit this behavior to raise an SQLError whenever something goes wrong
within the UseDatabase context manager’s with suite.
“None” is
Python’s
null value.
you are here 4   451

In [None]:
Be Careful with Code Positioning
To check whether an uncaught exception has occurred within your code’s with
statement, check the exc_type argument to the __exit__ method within __
exit__’s suite, being careful to consider exactly where you add your new code.
You’re not about to tell me that it
makes a difference where I put my
“exc_type” checking code, are you?
Yes, it does make a difference.
To understand why, consider that your context
manager’s __exit__ method provides a place
where you can put code that is guaranteed to
execute after your with suite ends. That behavior is
part of the context manager protocol, after all.
This behavior needs to hold even when exceptions
are raised within your context manager’s with
suite. Which means that if you plan to add code
to the __exit__ method, it’s best to put it after
any existing code in __exit__, as that way you’ll
still guarantee the method’s existing code executes
(and preserve the semantics of the context manager
protocol).
Let’s take another look at the existing code in the __exit__ method in light of
this code placement discussion. Consider that any code we add needs to raise an
SQLError exception if exc_type indicates a ProgrammingError has occurred:
If you add code in here,
and that code raises
an exception, the three
existing lines of code
won’t be executed.
452   Chapter 11
def __exit__(self, exc_type, exc_value, exc_traceback):
self.conn.commit()
self.cursor.close()
self.conn.close()
Adding code *after* the ee
existing lines
of code ensures “__exit__” thr
doe
s
*before* any passed-in except its thing
ion is dealt
with.

In [None]:
Raising an SQLError
At this stage, you’ve already added the SQLError exception class to the top of the
DBcm.py file:
import mysql.connector
class ConnectionError(Exception):
pass
class CredentialsError(Exception):
pass
class SQLError(Exception):
pass
Here’s where
you added in
the “SQLError”
exception.
class UseDatabase:
def __init__(self, config: dict):
self.configuration = config
		...
With the SQLError exception class defined, all you need to do now is add some
code to the __exit__ method to check whether exc_type is the exception you’re
interested in, and if it is, raise an SQLError. This is so straightforward that
we are resisting the usual Head First urge to turn creating the required code into an
exercise, as no one wants to insult anyone’s intelligence at this stage in this book. So,
here’s the code you need to append to the __exit__ method:
If a “ProgrammingError”
occurs, raise an
“SQLError”.
def __exit__(self, exc_type, exc_value, exc_traceback):
self.conn.commit()
self.cursor.close()
self.conn.close()
if exc_type is mysql.connector.errors.ProgrammingError:
raise SQLError(exc_value)
If you want to be extra safe, and do something sensible with any other, unexpected
exception sent to __exit__, you can add an elif suite to the end of the
__exit__ method that reraises the unexpected exception to the calling code:
		...
self.conn.close()
if exc_type is mysql.connector.errors.ProgrammingError:
raise SQLError(exc_value)
This “elif” raises
elif exc_type:
any other exception
raise exc_type(exc_value)
that might occur.
you are here 4   453

In [None]:
Test Drive
With support for the SQLError exception added to DBcm.py, add another except suite to your
view_the_log function to catch any SQLErrors that occur:
Add this code
into the “view_
the_log” function
within your
“vsearch4web.py”
webapp.
		...
except ConnectionError as err:
print('Is your database switched on? Error:', str(err))
except CredentialsError as err:
print('User-id/Password issues. Error:', str(err))
except SQLError as err:
print('Is your query correct? Error:', str(err))
except Exception as err:
print('Something went wrong:', str(err))
return 'Error'
Once you save vsearch4web.py, your webapp should reload and be ready for testing. If you try
to execute an SQL query that contains errors, the exception is handled by the above code:
...
Is your query correct? Error: 1146 (42S02): Table 'vsearchlogdb.logerror' doesn't exist
127.0.0.1 - - [25/Jul/2016 21:38:25] "GET /viewlog HTTP/1.1" 200 -
No more generic “ProgrammingError” exceptions from code
MySQL Connector, as your custom exception-handling
catches these errors now.
Equally, if something unexpected happens, your webapp’s catch-all code kicks into gear, displaying
an appropriate message:
...
Something went wrong: Some unknown exception.
127.0.0.1 - - [25/Jul/2016 21:43:14] "GET /viewlog HTTP/1.1" 200 -
If something unexpected
happens, your code
handles it.
With exception-handling code added to your webapp, no matter what runtime error occurs, your
webapp continues to function without displaying a scary or confusing error page to your users.
And the really nice thing about
this is that this code takes the generic
“ProgrammingError” exception provided by
the MySQL Connector module and turns
it into two custom exceptions that have
specific meaning for our webapp.
Yes, it does. And this is very powerful.
454   Chapter 11

In [None]:
A Quick Recap: Adding Robustne ss
Let’s take a minute to remind ourselves of what we set out to do in this chapter.
In attempting to make our webapp code more robust, we had to answer four
questions relating to four identified issues. Let’s review each question and note
how we did:
1 What happens if the database connection fails?
You created a new exception called ConnectionError that is raised whenever
your backend database can’t be found. You then used try/except to handle a
ConnectionError were it to occur.
2 Is our webapp protected from web attacks?
It was a “happy accident,” but your choice of Flask plus Jinja2, together with Python’s
DB-API specification, protects your webapp from the most notorious of web attacks. So,
yes, your webapp is protected from some web attacks (but not all).
3 What happens if something takes a long time?
We still haven’t answered this question, other than to demonstrate what happens when
your webapp takes 15 seconds to respond to a user request: your web user has to wait (or,
more likely, your web user gets fed up waiting and leaves).
4 What happens if a function call fails?
You used try/except to protect the function call, which allowed you to control what
the user of your webapp sees when something goes wrong.
What happens if some thing takes a long time?
When you did the initial exercise at the start of this chapter, this question resulted
from our examination of the cursor.execute calls that occurred in the
log_request and view_the_log functions. Although you’ve already worked
with both of these functions in answering questions 1 and 4, above, you’re not
done with them quite yet.
Both log_request and view_the_log use the UseDatabase context
manager to execute an SQL query. The log_request function writes the
details of the submitted search to the backend database, whereas the view_
the_log function reads from the database.
The question is: what do you do if this write or read takes a long time?
Well, as with a lot of things in the programming world, it depends.
you are here 4   455

In [None]:
How to De al with Wait? It Depends...
How you decide to deal with code that makes your users wait—either on a read, or
on a write—can get complex. So we’re going to pause this discussion and defer a
solution until the next, short chapter.
In fact, the next chapter is so short that it doesn’t warrant its own chapter number
(as you’ll see), but the material it presents is complex enough to justify splitting it
off from this chapter’s main discussion, which presented Python’s try/except
mechanism. So, let’s hang on for a bit before putting to rest issue 3: what happens if
something takes a long time?
You do realize you’re
asking us to wait to deal
with code that waits?
Yes. The irony is not lost on us.
We’re asking you to wait to learn how to
handle “waits” in your code.
But you’ve already learned a lot in this
chapter, and we think it’s important to
take a bit of time to let the try/except
material sink into your brain.
So, we’d like you to pause, and take a short
break...after you’ve cast your eye over the
code seen thus far in this chapter.
456   Chapter 11

In [None]:
Chapter 11’s Code, 1 of 3
try:
This is “try_example.py”.
with open('myfile.txt') as fh:
file_data = fh.read()
print(file_data)
except FileNotFoundError:
print('The data file is missing.')
except PermissionError:
print('This is not allowed.')
except Exception as err:
print('Some other error occurred:', str(err))
import mysql.connector
class ConnectionError(Exception):
pass
class CredentialsError(Exception):
pass
class SQLError(Exception):
pass
class UseDatabase:
def __init__(self, config: dict):
self.configuration = config
def __enter__(self) -> 'cursor':
try:
self.conn = mysql.connector.connect(**self.configuration)
self.cursor = self.conn.cursor()
return self.cursor
except mysql.connector.errors.InterfaceError as err:
raise ConnectionError(err)
except mysql.connector.errors.ProgrammingError as err:
raise CredentialsError(err)
This is the
exception-
savvy
version of
“DBcm.py”.
def __exit__(self, exc_type, exc_value, exc_traceback):
self.conn.commit()
self.cursor.close()
self.conn.close()
if exc_type is mysql.connector.errors.ProgrammingError:
raise SQLError(exc_value)
elif exc_type:
raise exc_type(exc_value)
you are here 4   457

In [None]:
Chapter 11’s Code, 2 of 3
This is the version of “vsearch4
that makes your users wait... web.py”
from flask import Flask, render_template, request, escape, session
from flask import copy_current_request_context
from vsearch import search4letters
from DBcm import UseDatabase, ConnectionError, CredentialsError, SQLError
from checker import check_logged_in
from time import sleep
app = Flask(__name__)
app.config['dbconfig'] = {'host': '127.0.0.1',
'user': 'vsearch',
'password': 'vsearchpasswd',
'database': 'vsearchlogDB', }
@app.route('/login')
def do_login() -> str:
session['logged_in'] = True
return 'You are now logged in.'
@app.route('/logout')
def do_logout() -> str:
session.pop('logged_in')
return 'You are now logged out.'
It’s probably a good idea to ent
protect this “with” statem
in much the same way as
you protected the “with” ”
statement in “view_the_log
(on the next page).
@app.route('/search4', methods=['POST'])
def do_search() -> 'html':
@copy_current_request_context
def log_request(req: 'flask_request', res: str) -> None:
sleep(15) # This makes log_request really slow...
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """insert into log
(phrase, letters, ip, browser_string, results)
values
(%s, %s, %s, %s, %s)"""
cursor.execute(_SQL, (req.form['phrase'],
req.form['letters'],
req.remote_addr,
req.user_agent.browser,
res, ))
phrase = request.form['phrase']
letters = request.form['letters']
title = 'Here are your results:'
458   Chapter 11

In [None]:
Chapter 11’s Code, 3 of 3
results = str(search4letters(phrase, letters))
try:
log_request(request, results))
except Exception as err:
print('***** Logging failed with this error:', str(err))
return render_template('results.html',
the_title=title,
the_phrase=phrase,
the_letters=letters,
This is
the_results=results,)
the
rest of the
“do_search”
function.
@app.route('/')
@app.route('/entry')
def entry_page() -> 'html':
return render_template('entry.html',
the_title='Welcome to search4letters on the web!')
@app.route('/viewlog')
@check_logged_in
def view_the_log() -> 'html':
try:
with UseDatabase(app.config['dbconfig']) as cursor:
_SQL = """select phrase, letters, ip, browser_string, results
from log"""
cursor.execute(_SQL)
contents = cursor.fetchall()
# raise Exception("Some unknown exception.")
titles = ('Phrase', 'Letters', 'Remote_addr', 'User_agent', 'Results')
return render_template('viewlog.html',
the_title='View Log',
the_row_titles=titles,
the_data=contents,)
except ConnectionError as err:
print('Is your database switched on? Error:', str(err))
except CredentialsError as err:
print('User-id/Password issues. Error:', str(err))
except SQLError as err:
print('Is your query correct? Error:', str(err))
except Exception as err:
print('Something went wrong:', str(err))
return 'Error'
app.secret_key = 'YouWillNeverGuessMySecretKey'
if __name__ == '__main__':
app.run(debug=True)
you are here 4   459