Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct

SQLite3 with PYQT5



  • Hello, I am trying to make so that when the user fills up 4 of my text edit widgets, and clicks on the save button, it saves the information entered into a sqlite3 database. This is my code:

        def InsertFindingsData(self):
    
            conn = sqlite3.connect('Findings.db')
            c = conn.cursor()
            c.execute("CREATE TABLE IF NOT EXISTS Findings(name TEXT, description TEXT, remediation TEXT, criticality REAL)")
    
            c.execute( "INSERT INTO Findings VALUES('%s'. '%s'. '%s'. '%s')" % (''.join(self.NameYourFindingTextEdit),
                                                                                                    (''.join(self.NewFindingDescriptionTextEdit),
                                                                                                    (''.join(self.NewFindingRemediationTextEdit),
                                                                                                    (''.join(self.NewFindingCriticalityTextEdit))))))
            conn.commit()
            c.close()
            conn.close()
            QMessageBox.about(self, 'Inserted', 'Data Inserted Successfully')
    

    However, I keep getting:

        c.execute( "INSERT INTO Findings VALUES('%s', '%s', '%s', '%s')" % (''.join(self.NameYourFindingTextEdit),
    TypeError: can only join an iterable
    

  • Qt Champions 2019

    Welcome SQL-Injection...
    Apart from this - I don't see what this could be related to Qt - you don't use QSqlQuery so no Qt here.



  • @Christian-Ehrlicher
    I am not sure what you mean by sql injection.
    I am doing this under pyqt5 and its having issue with the Text Edits I have? How could this possibly not be related to QT?


  • Lifetime Qt Champion

    Hi,

    Because at no point does your code show any use of Qt GUI elements in relation with your database related code. The only sign is QMessageBox which has nothing to do with it.

    SQL injection happens when you allow arbitrary user input inside your SQL query which is what you are doing.

    As for you main issue: ''.join(self.NameYourFindingTextEdit) will not generate what you want. You are "joining" a QTextEdit ? QLineEdit ?

    Check what your query looks like.
    Check for the SQLite errors your are getting
    And check "binding values" for SQLite



  • @SGaist I see, well I have made some changes, but its giving me another error:

    sqlite3.InterfaceError: Error binding parameter 0 - probably unsupported type.
    

    code:

     def InsertFindingsData(self):
    
            conn = sqlite3.connect('Findings.db')
            c = conn.cursor()
            c.execute("CREATE TABLE IF NOT EXISTS Findings(name TEXT, description TEXT, remediation TEXT, criticality FLOAT)")
            c.execute("INSERT INTO Findings(name, description, remediation, criticality) VALUES(?,?,?,?)", (self.NameYourFindingTextEdit,self.NewFindingDescriptionTextEdit,self.NewFindingRemediationTextEdit,self.NewFindingCriticalityTextEdit))
    
            conn.commit()
            c.close()
            conn.close()
    

  • Lifetime Qt Champion

    I am guessing that your XXXTextEdit objects are all Qt widgets, correct ? If so, why would SQLite have any idea what to do with these ? They are not SQL types in any way. You want to insert the content of these widgets, not the widget themselves.



  • @SGaist I thought by adding their names it would automatically be adding whats input into them? im a beginner, not very experienced with all this.


  • Lifetime Qt Champion

    No it won't. The SQLite3 library knows nothing about Qt types even less about QWidgets.

    If you were using Qt's SQL classes you could use QDataWidgetMapper.


  • Banned

    @DouglinhasZN I have a python SQLite3 Database Class Template that I can share with you if you like -- I might have even already posted it here somewhere. I will see if I can get that posted a bit later today or maybe this weekend.

    I can also show you how to use that in conjunction with your PyQt code but SGaist is correct they do not know anything about one another but then that is how it should be when doing this. More coming later.



  • @SGaist So if my goal is to save whatever is entered into the textedits widgets into a sqlite, then its impossible? I would have to use another method like utilising QT sql?
    In some of the videos I saw, where they used MySQL they were able to perform what I am wanting to do, so I assumed it'd be a similar formula for SQLite3

    edit: wow I got it to work.
    I had to add toPlainText() instead of text()

    name = self.NameYourFindingTextEdit.toPlainText()
            description = self.NewFindingDescriptionTextEdit.toPlainText()
            remediation = self.NewFindingRemediationTextEdit.toPlainText()
            criticality = self.NewFindingCriticalityTextEdit.toPlainText()
    

    then add to the execute:

     c.execute("INSERT INTO Findings(name, description, remediation, criticality) VALUES(?,?,?,?)", (name,description,remediation,criticality))
    

Log in to reply