What's wrong with my code?
-
@VRonin i try to remove the if(self.query.exec_()) and modify with .next() but still not showing my print statement account doesn't exist
-
no, you don't have to modify anything.
if(!self.query.exec()): print "Database query failed" return Falsechecks that the database ran the query correctly, it says nothing on the data inside it. the next block
if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" else: print "Log is as User" return Truehere we check if the username and passwords were in the database
-
no, you don't have to modify anything.
if(!self.query.exec()): print "Database query failed" return Falsechecks that the database ran the query correctly, it says nothing on the data inside it. the next block
if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" else: print "Log is as User" return Truehere we check if the username and passwords were in the database
@VRonin i understand now Thank you very much! i remove the "not" function and it works
-
@VRonin i understand now Thank you very much! i remove the "not" function and it works
@Gelo but the problem is everytime i input a correct query for example the admin account it prints the "login as admin" and but after it print the admin mode "Database query failed" shows up first
-
def Submit_btn(self): USERNAME = self.username.text() PASSWORD = self.password.text() self.query = QSqlQuery() self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD))) self.query.addBindValue(USERNAME) self.query.addBindValue(PASSWORD) if(self.query.exec_()): print "Database query failed" self.ctr += 1 print self.ctr if self.ctr >= 3: print "3 wrong attemps will terminate in a second!" time.sleep(2) sys.exit() return False if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" print self.query.exec_() subprocess.Popen("__init__.py",shell=True) sys.exit() else: print "View Mode!" sys.exit() return True -
def Submit_btn(self): USERNAME = self.username.text() PASSWORD = self.password.text() self.query = QSqlQuery() self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD))) self.query.addBindValue(USERNAME) self.query.addBindValue(PASSWORD) if(self.query.exec_()): print "Database query failed" self.ctr += 1 print self.ctr if self.ctr >= 3: print "3 wrong attemps will terminate in a second!" time.sleep(2) sys.exit() return False if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" print self.query.exec_() subprocess.Popen("__init__.py",shell=True) sys.exit() else: print "View Mode!" sys.exit() return True@Gelo said in Whats wrong with my code!:
self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
http://www.w3schools.com/sql/sql_injection.asp
if(self.query.exec_()):
why did you remove the not? it should be
if(not self.query.exec_()):print "3 wrong attemps will terminate in a second!"
you are not checking the attempts in the in the right place
print self.query.exec_()
why are you executing the query again?
if(not self.query.exec_()): print "Database query failed" else: if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" print self.query.exec_() subprocess.Popen("__init__.py",shell=True) sys.exit() else: print "View Mode!" sys.exit() return True else: self.ctr += 1 print self.ctr if self.ctr >= 3: print "3 wrong attemps will terminate in a second!" time.sleep(2) sys.exit() return False -
@Gelo said in Whats wrong with my code!:
self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
http://www.w3schools.com/sql/sql_injection.asp
if(self.query.exec_()):
why did you remove the not? it should be
if(not self.query.exec_()):print "3 wrong attemps will terminate in a second!"
you are not checking the attempts in the in the right place
print self.query.exec_()
why are you executing the query again?
if(not self.query.exec_()): print "Database query failed" else: if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" print self.query.exec_() subprocess.Popen("__init__.py",shell=True) sys.exit() else: print "View Mode!" sys.exit() return True else: self.ctr += 1 print self.ctr if self.ctr >= 3: print "3 wrong attemps will terminate in a second!" time.sleep(2) sys.exit() return False@VRonin i remove the not function because it does not print the message if i enter wrong inputs
-
if(not self.query.exec()):checks that the query did run correctly, it does not check your input.
The input is checked byif(self.query.next()):if that is true then username and password were found in the database.Please do not overlook the SQL injection bug:
self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD)))
http://www.w3schools.com/sql/sql_injection.asp -
def Submit_btn(self): USERNAME = self.username.text() PASSWORD = self.password.text() self.query = QSqlQuery() self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD))) self.query.addBindValue(USERNAME) self.query.addBindValue(PASSWORD) if(self.query.exec_()): print "Database query failed" self.ctr += 1 print self.ctr if self.ctr >= 3: print "3 wrong attemps will terminate in a second!" time.sleep(2) sys.exit() return False if(self.query.next()): if USERNAME == "admin": print "Login as Administrator" print self.query.exec_() subprocess.Popen("__init__.py",shell=True) sys.exit() else: print "View Mode!" sys.exit() return True@Gelo said in Whats wrong with my code!:
self.query = QSqlQuery() self.query.prepare("SELECT username FROM users WHERE username = '%s' and password = '%s'"%(USERNAME,str(PASSWORD))) self.query.addBindValue(USERNAME) self.query.addBindValue(PASSWORD)I just wonder this works... did you read http://pyqt.sourceforge.net/Docs/PyQt4/qsqlquery.html for how to use prepare statement and binding values?
To bind values to a prepared statement you need placeholders.
According to the examples on http://pyqt.sourceforge.net/Docs/PyQt4/qsqlquery.html it should be done like this:Named binding using named placeholders:
QSqlQuery query; query.prepare("INSERT INTO person (id, forename, surname) " "VALUES (:id, :forename, :surname)"); query.bindValue(":id", 1001); query.bindValue(":forename", "Bart"); query.bindValue(":surname", "Simpson"); query.exec();Positional binding using named placeholders:
QSqlQuery query; query.prepare("INSERT INTO person (id, forename, surname) " "VALUES (:id, :forename, :surname)"); query.bindValue(0, 1001); query.bindValue(1, "Bart"); query.bindValue(2, "Simpson"); query.exec();Binding values using positional placeholders (version 1):
QSqlQuery query; query.prepare("INSERT INTO person (id, forename, surname) " "VALUES (?, ?, ?)"); query.bindValue(0, 1001); query.bindValue(1, "Bart"); query.bindValue(2, "Simpson"); query.exec();Binding values using positional placeholders (version 2):
QSqlQuery query; query.prepare("INSERT INTO person (id, forename, surname) " "VALUES (?, ?, ?)"); query.addBindValue(1001); query.addBindValue("Bart"); query.addBindValue("Simpson"); query.exec();
