Important: Please read the Qt Code of Conduct - https://forum.qt.io/topic/113070/qt-code-of-conduct
SQLite3 with PYQT5
Hello, I am trying to make so that when the user fills up 4 of my text edit widgets, and clicks on the save button, it saves the information entered into a sqlite3 database. This is my code:
def InsertFindingsData(self): conn = sqlite3.connect('Findings.db') c = conn.cursor() c.execute("CREATE TABLE IF NOT EXISTS Findings(name TEXT, description TEXT, remediation TEXT, criticality REAL)") c.execute( "INSERT INTO Findings VALUES('%s'. '%s'. '%s'. '%s')" % (''.join(self.NameYourFindingTextEdit), (''.join(self.NewFindingDescriptionTextEdit), (''.join(self.NewFindingRemediationTextEdit), (''.join(self.NewFindingCriticalityTextEdit)))))) conn.commit() c.close() conn.close() QMessageBox.about(self, 'Inserted', 'Data Inserted Successfully')
However, I keep getting:
c.execute( "INSERT INTO Findings VALUES('%s', '%s', '%s', '%s')" % (''.join(self.NameYourFindingTextEdit), TypeError: can only join an iterable
Apart from this - I don't see what this could be related to Qt - you don't use QSqlQuery so no Qt here.
I am not sure what you mean by sql injection.
I am doing this under pyqt5 and its having issue with the Text Edits I have? How could this possibly not be related to QT?
Because at no point does your code show any use of Qt GUI elements in relation with your database related code. The only sign is QMessageBox which has nothing to do with it.
SQL injection happens when you allow arbitrary user input inside your SQL query which is what you are doing.
As for you main issue:
''.join(self.NameYourFindingTextEdit)will not generate what you want. You are "joining" a QTextEdit ? QLineEdit ?
Check what your query looks like.
Check for the SQLite errors your are getting
And check "binding values" for SQLite
DouglinhasZN last edited by
@SGaist I see, well I have made some changes, but its giving me another error:
sqlite3.InterfaceError: Error binding parameter 0 - probably unsupported type.
def InsertFindingsData(self): conn = sqlite3.connect('Findings.db') c = conn.cursor() c.execute("CREATE TABLE IF NOT EXISTS Findings(name TEXT, description TEXT, remediation TEXT, criticality FLOAT)") c.execute("INSERT INTO Findings(name, description, remediation, criticality) VALUES(?,?,?,?)", (self.NameYourFindingTextEdit,self.NewFindingDescriptionTextEdit,self.NewFindingRemediationTextEdit,self.NewFindingCriticalityTextEdit)) conn.commit() c.close() conn.close()
I am guessing that your XXXTextEdit objects are all Qt widgets, correct ? If so, why would SQLite have any idea what to do with these ? They are not SQL types in any way. You want to insert the content of these widgets, not the widget themselves.
DouglinhasZN last edited by
@SGaist I thought by adding their names it would automatically be adding whats input into them? im a beginner, not very experienced with all this.
No it won't. The SQLite3 library knows nothing about Qt types even less about QWidgets.
If you were using Qt's SQL classes you could use QDataWidgetMapper.
Denni 0 Banned last edited by Denni 0
@DouglinhasZN I have a python SQLite3 Database Class Template that I can share with you if you like -- I might have even already posted it here somewhere. I will see if I can get that posted a bit later today or maybe this weekend.
I can also show you how to use that in conjunction with your PyQt code but SGaist is correct they do not know anything about one another but then that is how it should be when doing this. More coming later.
@SGaist So if my goal is to save whatever is entered into the textedits widgets into a sqlite, then its impossible? I would have to use another method like utilising QT sql?
In some of the videos I saw, where they used MySQL they were able to perform what I am wanting to do, so I assumed it'd be a similar formula for SQLite3
edit: wow I got it to work.
I had to add toPlainText() instead of text()
name = self.NameYourFindingTextEdit.toPlainText() description = self.NewFindingDescriptionTextEdit.toPlainText() remediation = self.NewFindingRemediationTextEdit.toPlainText() criticality = self.NewFindingCriticalityTextEdit.toPlainText()
then add to the execute:
c.execute("INSERT INTO Findings(name, description, remediation, criticality) VALUES(?,?,?,?)", (name,description,remediation,criticality))