SQLite3 with PYQT5
-
Hello, I am trying to make so that when the user fills up 4 of my text edit widgets, and clicks on the save button, it saves the information entered into a sqlite3 database. This is my code:
def InsertFindingsData(self): conn = sqlite3.connect('Findings.db') c = conn.cursor() c.execute("CREATE TABLE IF NOT EXISTS Findings(name TEXT, description TEXT, remediation TEXT, criticality REAL)") c.execute( "INSERT INTO Findings VALUES('%s'. '%s'. '%s'. '%s')" % (''.join(self.NameYourFindingTextEdit), (''.join(self.NewFindingDescriptionTextEdit), (''.join(self.NewFindingRemediationTextEdit), (''.join(self.NewFindingCriticalityTextEdit)))))) conn.commit() c.close() conn.close() QMessageBox.about(self, 'Inserted', 'Data Inserted Successfully')However, I keep getting:
c.execute( "INSERT INTO Findings VALUES('%s', '%s', '%s', '%s')" % (''.join(self.NameYourFindingTextEdit), TypeError: can only join an iterable -
Welcome SQL-Injection...
Apart from this - I don't see what this could be related to Qt - you don't use QSqlQuery so no Qt here. -
Welcome SQL-Injection...
Apart from this - I don't see what this could be related to Qt - you don't use QSqlQuery so no Qt here.@Christian-Ehrlicher
I am not sure what you mean by sql injection.
I am doing this under pyqt5 and its having issue with the Text Edits I have? How could this possibly not be related to QT? -
Hi,
Because at no point does your code show any use of Qt GUI elements in relation with your database related code. The only sign is QMessageBox which has nothing to do with it.
SQL injection happens when you allow arbitrary user input inside your SQL query which is what you are doing.
As for you main issue:
''.join(self.NameYourFindingTextEdit)will not generate what you want. You are "joining" a QTextEdit ? QLineEdit ?Check what your query looks like.
Check for the SQLite errors your are getting
And check "binding values" for SQLite -
Hi,
Because at no point does your code show any use of Qt GUI elements in relation with your database related code. The only sign is QMessageBox which has nothing to do with it.
SQL injection happens when you allow arbitrary user input inside your SQL query which is what you are doing.
As for you main issue:
''.join(self.NameYourFindingTextEdit)will not generate what you want. You are "joining" a QTextEdit ? QLineEdit ?Check what your query looks like.
Check for the SQLite errors your are getting
And check "binding values" for SQLite@SGaist I see, well I have made some changes, but its giving me another error:
sqlite3.InterfaceError: Error binding parameter 0 - probably unsupported type.code:
def InsertFindingsData(self): conn = sqlite3.connect('Findings.db') c = conn.cursor() c.execute("CREATE TABLE IF NOT EXISTS Findings(name TEXT, description TEXT, remediation TEXT, criticality FLOAT)") c.execute("INSERT INTO Findings(name, description, remediation, criticality) VALUES(?,?,?,?)", (self.NameYourFindingTextEdit,self.NewFindingDescriptionTextEdit,self.NewFindingRemediationTextEdit,self.NewFindingCriticalityTextEdit)) conn.commit() c.close() conn.close() -
I am guessing that your XXXTextEdit objects are all Qt widgets, correct ? If so, why would SQLite have any idea what to do with these ? They are not SQL types in any way. You want to insert the content of these widgets, not the widget themselves.
-
I am guessing that your XXXTextEdit objects are all Qt widgets, correct ? If so, why would SQLite have any idea what to do with these ? They are not SQL types in any way. You want to insert the content of these widgets, not the widget themselves.
@SGaist I thought by adding their names it would automatically be adding whats input into them? im a beginner, not very experienced with all this.
-
No it won't. The SQLite3 library knows nothing about Qt types even less about QWidgets.
If you were using Qt's SQL classes you could use QDataWidgetMapper.
-
No it won't. The SQLite3 library knows nothing about Qt types even less about QWidgets.
If you were using Qt's SQL classes you could use QDataWidgetMapper.
@SGaist So if my goal is to save whatever is entered into the textedits widgets into a sqlite, then its impossible? I would have to use another method like utilising QT sql?
In some of the videos I saw, where they used MySQL they were able to perform what I am wanting to do, so I assumed it'd be a similar formula for SQLite3edit: wow I got it to work.
I had to add toPlainText() instead of text()name = self.NameYourFindingTextEdit.toPlainText() description = self.NewFindingDescriptionTextEdit.toPlainText() remediation = self.NewFindingRemediationTextEdit.toPlainText() criticality = self.NewFindingCriticalityTextEdit.toPlainText()then add to the execute:
c.execute("INSERT INTO Findings(name, description, remediation, criticality) VALUES(?,?,?,?)", (name,description,remediation,criticality))
