What's wrong with my code?

A Former User

@VRonin i want to block inputs if username or password is not existing in my database i try to use isActive but behaves the same then if i remove the "not" function it executes when i type the correct query

VRonin

its if(self.query.next()): that checks if the username and password exists or not

A Former User

@VRonin i try to remove the if(self.query.exec_()) and modify with .next() but still not showing my print statement account doesn't exist

VRonin

no, you don't have to modify anything.

 if(!self.query.exec()):
            print "Database query failed"
            return False

checks that the database ran the query correctly, it says nothing on the data inside it. the next block

 if(self.query.next()):
                if USERNAME == "admin":
                    print "Login as Administrator"
                else:
                    print "Log is as User"
                return True

here we check if the username and passwords were in the database

A Former User

@VRonin i understand now Thank you very much! i remove the "not" function and it works

A Former User

@Gelo but the problem is everytime i input a correct query for example the admin account it prints the "login as admin" and but after it print the admin mode "Database query failed" shows up first

VRonin

could you post your current code?

A Former User

@VRonin

def Submit_btn(self):
    USERNAME = self.username.text()
    PASSWORD = self.password.text()
    
    self.query = QSqlQuery()
    self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
    self.query.addBindValue(USERNAME)    
    self.query.addBindValue(PASSWORD)
    
    if(self.query.exec_()):
        print "Database query failed"
        self.ctr += 1
        print self.ctr
    if self.ctr >= 3:
        print "3 wrong attemps will terminate in a second!"
        time.sleep(2)
        sys.exit()
        return False
    if(self.query.next()):
            if USERNAME == "admin":
                print "Login as Administrator"
                print self.query.exec_()
                subprocess.Popen("__init__.py",shell=True)
                sys.exit()
            else:
                print "View Mode!"
                sys.exit()
            return True

VRonin

@Gelo said in Whats wrong with my code!:

self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))

http://www.w3schools.com/sql/sql_injection.asp

if(self.query.exec_()):

why did you remove the not? it should be if(not self.query.exec_()):

print "3 wrong attemps will terminate in a second!"

you are not checking the attempts in the in the right place

print self.query.exec_()

why are you executing the query again?

if(not self.query.exec_()):
	print "Database query failed"
else:
	if(self.query.next()):
		if USERNAME == "admin":
			print "Login as Administrator"
			print self.query.exec_()
			subprocess.Popen("__init__.py",shell=True)
			sys.exit()
		else:
			print "View Mode!"
			sys.exit()
		return True
	else:
		self.ctr += 1
		print self.ctr
		if self.ctr >= 3:
			print "3 wrong attemps will terminate in a second!"
			time.sleep(2)
			sys.exit()
		return False

A Former User

@VRonin i remove the not function because it does not print the message if i enter wrong inputs

VRonin

if(not self.query.exec()): checks that the query did run correctly, it does not check your input.
The input is checked by if(self.query.next()): if that is true then username and password were found in the database.

Please do not overlook the SQL injection bug:

self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
http://www.w3schools.com/sql/sql_injection.asp

the_

@Gelo said in Whats wrong with my code!:

    self.query = QSqlQuery()
    self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
    self.query.addBindValue(USERNAME)    
    self.query.addBindValue(PASSWORD)

I just wonder this works... did you read http://pyqt.sourceforge.net/Docs/PyQt4/qsqlquery.html for how to use prepare statement and binding values?

To bind values to a prepared statement you need placeholders.
According to the examples on http://pyqt.sourceforge.net/Docs/PyQt4/qsqlquery.html it should be done like this:

Named binding using named placeholders:

 QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (:id, :forename, :surname)");
 query.bindValue(":id", 1001);
 query.bindValue(":forename", "Bart");
 query.bindValue(":surname", "Simpson");
 query.exec();

Positional binding using named placeholders:

 QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (:id, :forename, :surname)");
 query.bindValue(0, 1001);
 query.bindValue(1, "Bart");
 query.bindValue(2, "Simpson");
 query.exec();

Binding values using positional placeholders (version 1):

 QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (?, ?, ?)");
 query.bindValue(0, 1001);
 query.bindValue(1, "Bart");
 query.bindValue(2, "Simpson");
 query.exec();

Binding values using positional placeholders (version 2):

 QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (?, ?, ?)");
 query.addBindValue(1001);
 query.addBindValue("Bart");
 query.addBindValue("Simpson");
 query.exec();