Skip to content
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved
Collapse
Brand Logo
  1. Home
  2. Qt Development
  3. Language Bindings
  4. What's wrong with my code?
QtWS: Super Early Bird Tickets Available!

What's wrong with my code?

Scheduled Pinned Locked Moved Unsolved Language Bindings
python
19 Posts 3 Posters 5.6k Views
  • Oldest to Newest
  • Newest to Oldest
  • Most Votes
Reply
  • Reply as topic
Log in to reply
This topic has been deleted. Only users with topic management privileges can see it.
  • ? Offline
    ? Offline
    A Former User
    replied to VRonin on last edited by
    #10

    @VRonin i try to remove the if(self.query.exec_()) and modify with .next() but still not showing my print statement account doesn't exist

    1 Reply Last reply
    0
  • VRoninV Offline
    VRoninV Offline
    VRonin
    wrote on last edited by
    #11

    no, you don't have to modify anything.

     if(!self.query.exec()):
            print "Database query failed"
            return False

    checks that the database ran the query correctly, it says nothing on the data inside it. the next block

     if(self.query.next()):
                if USERNAME == "admin":
                    print "Login as Administrator"
                else:
                    print "Log is as User"
                return True

    here we check if the username and passwords were in the database

    "La mort n'est rien, mais vivre vaincu et sans gloire, c'est mourir tous les jours"
    ~Napoleon Bonaparte

    On a crusade to banish setIndexWidget() from the holy land of Qt

    ? 1 Reply Last reply
    3
  • ? Offline
    ? Offline
    A Former User
    replied to VRonin on last edited by
    #12

    @VRonin i understand now Thank you very much! i remove the "not" function and it works

    ? 1 Reply Last reply
    0
  • ? Offline
    ? Offline
    A Former User
    replied to A Former User on last edited by
    #13

    @Gelo but the problem is everytime i input a correct query for example the admin account it prints the "login as admin" and but after it print the admin mode "Database query failed" shows up first

    1 Reply Last reply
    0
  • VRoninV Offline
    VRoninV Offline
    VRonin
    wrote on last edited by
    #14

    could you post your current code?

    "La mort n'est rien, mais vivre vaincu et sans gloire, c'est mourir tous les jours"
    ~Napoleon Bonaparte

    On a crusade to banish setIndexWidget() from the holy land of Qt

    ? 1 Reply Last reply
    2
  • ? Offline
    ? Offline
    A Former User
    replied to VRonin on last edited by
    #15

    @VRonin

    def Submit_btn(self):
    USERNAME = self.username.text()
    PASSWORD = self.password.text()
    
    self.query = QSqlQuery()
    self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
    self.query.addBindValue(USERNAME)    
    self.query.addBindValue(PASSWORD)
    
    if(self.query.exec_()):
        print "Database query failed"
        self.ctr += 1
        print self.ctr
    if self.ctr >= 3:
        print "3 wrong attemps will terminate in a second!"
        time.sleep(2)
        sys.exit()
        return False
    if(self.query.next()):
            if USERNAME == "admin":
                print "Login as Administrator"
                print self.query.exec_()
                subprocess.Popen("__init__.py",shell=True)
                sys.exit()
            else:
                print "View Mode!"
                sys.exit()
            return True
    VRoninV the_T 2 Replies Last reply
    0
  • VRoninV Offline
    VRoninV Offline
    VRonin
    replied to A Former User on last edited by VRonin
    #16

    @Gelo said in Whats wrong with my code!:

    self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))

    http://www.w3schools.com/sql/sql_injection.asp

    if(self.query.exec_()):

    why did you remove the not? it should be if(not self.query.exec_()):

    print "3 wrong attemps will terminate in a second!"

    you are not checking the attempts in the in the right place

    print self.query.exec_()

    why are you executing the query again?

    if(not self.query.exec_()):
	print "Database query failed"
else:
	if(self.query.next()):
		if USERNAME == "admin":
			print "Login as Administrator"
			print self.query.exec_()
			subprocess.Popen("__init__.py",shell=True)
			sys.exit()
		else:
			print "View Mode!"
			sys.exit()
		return True
	else:
		self.ctr += 1
		print self.ctr
		if self.ctr >= 3:
			print "3 wrong attemps will terminate in a second!"
			time.sleep(2)
			sys.exit()
		return False

    "La mort n'est rien, mais vivre vaincu et sans gloire, c'est mourir tous les jours"
    ~Napoleon Bonaparte

    On a crusade to banish setIndexWidget() from the holy land of Qt

    ? 1 Reply Last reply
    0
  • ? Offline
    ? Offline
    A Former User
    replied to VRonin on last edited by
    #17

    @VRonin i remove the not function because it does not print the message if i enter wrong inputs

    1 Reply Last reply
    0
  • VRoninV Offline
    VRoninV Offline
    VRonin
    wrote on last edited by VRonin
    #18

    if(not self.query.exec()): checks that the query did run correctly, it does not check your input.
    The input is checked by if(self.query.next()): if that is true then username and password were found in the database.

    Please do not overlook the SQL injection bug:

    self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
    http://www.w3schools.com/sql/sql_injection.asp

    "La mort n'est rien, mais vivre vaincu et sans gloire, c'est mourir tous les jours"
    ~Napoleon Bonaparte

    On a crusade to banish setIndexWidget() from the holy land of Qt

    1 Reply Last reply
    0
  • the_T Offline
    the_T Offline
    the_
    replied to A Former User on last edited by
    #19

    @Gelo said in Whats wrong with my code!:

        self.query = QSqlQuery()
    self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
    self.query.addBindValue(USERNAME)    
    self.query.addBindValue(PASSWORD)

    I just wonder this works... did you read http://pyqt.sourceforge.net/Docs/PyQt4/qsqlquery.html for how to use prepare statement and binding values?

    To bind values to a prepared statement you need placeholders.
    According to the examples on http://pyqt.sourceforge.net/Docs/PyQt4/qsqlquery.html it should be done like this:

    Named binding using named placeholders:

     QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (:id, :forename, :surname)");
 query.bindValue(":id", 1001);
 query.bindValue(":forename", "Bart");
 query.bindValue(":surname", "Simpson");
 query.exec();

    Positional binding using named placeholders:

     QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (:id, :forename, :surname)");
 query.bindValue(0, 1001);
 query.bindValue(1, "Bart");
 query.bindValue(2, "Simpson");
 query.exec();

    Binding values using positional placeholders (version 1):

     QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (?, ?, ?)");
 query.bindValue(0, 1001);
 query.bindValue(1, "Bart");
 query.bindValue(2, "Simpson");
 query.exec();

    Binding values using positional placeholders (version 2):

     QSqlQuery query;
 query.prepare("INSERT INTO person (id, forename, surname) "
               "VALUES (?, ?, ?)");
 query.addBindValue(1001);
 query.addBindValue("Bart");
 query.addBindValue("Simpson");
 query.exec();

    -- No support in PM --

    1 Reply Last reply
    0

  • Login
  • Login or register to search.
  • First post
    Last post
0
  • Categories
  • Recent
  • Tags
  • Popular
  • Users
  • Groups
  • Search
  • Get Qt Extensions
  • Unsolved