Python/Flask - 将用户输入与数据库值进行比较
[英]Python/Flask - Comparing user input to database value
问题描述
Im trying some learning-by-doing here with Python and Flask and have run into something I don't quite understand - hoping someone out there might be able to help or explain this behavior.
我在这里尝试通过 Python 和 Flask 边做边学,但遇到了一些我不太明白的事情——希望那里的人能够帮助或解释这种行为。
I'm not building anything real, just trying to learn and understand what is going on here.我没有构建任何真实的东西,只是试图学习和理解这里发生的事情。
I'm playing with registration / login form in Python/Flask and am struggling with the login part.我正在使用 Python/Flask 中的注册/登录表单,并且正在努力处理登录部分。
I have built a registration from which writes name, email and password (unhashed, that comes later) to a simple table 'users' with a |我已经建立了一个注册,其中将名称、email 和密码(未散列,稍后会出现)写入一个简单的表“用户”,其中包含 | ID |身份证 | name |姓名 | email | email | password |密码 | structure, all values being varchar except ID which is INT and auto increments.结构,所有值都是 varchar,除了 ID 是 INT 和自动增量。
My imports are我的进口是
import os
from flask import Flask, session, request
from flask_session import Session
from sqlalchemy import create_engine
from sqlalchemy.orm import scoped_session, sessionmaker
from flask import Flask, render_template
app = Flask(__name__)
# Set up database
engine = create_engine(os.getenv("DATABASE_URL"))
db = scoped_session(sessionmaker(bind=engine))
I have a html login form that looks as follows我有一个 html 登录表单,如下所示
<form action="{{ url_for('login') }}" method="post">
<div class="form-group">
<label for="email">E-mail:</label>
<input type="email" name="email" class="form-control" placeholder="Enter email">
</div>
<div class="form-group">
<label for="pwd">Password:</label>
<input type="password" name="pwd" class="form-control" placeholder="Enter password">
</div>
<button type="submit" class="btn btn-primary">Login</button>
</form>
<p> {{ logintry }}
My Flask application route for 'login' is as follows我的“登录”的Flask申请路线如下
@app.route("/login", methods=['GET', 'POST'])
def login():
if request.method == 'POST':
uname = request.form.get("email")
passwd = request.form.get("pwd")
pwCheck = db.execute("SELECT password FROM users WHERE email = :uname", {"uname": uname}).fetchone()
if pwCheck == passwd:
return render_template("authenticated.html")
else:
return render_template("login.html", logintry="Login Failure")
else:
return render_template("login.html")
In this sample I am trying to log in with test@test.com email and password is 1234在此示例中,我尝试使用 test@test.com email 登录,密码为 1234
The problem I have is that the database value seems to be returned as我遇到的问题是数据库值似乎返回为
('1234',)
Whereas the user input is simply presented as而用户输入只是简单地呈现为
1234
And therefore they are not equal, and the login fails.因此它们不相等,登录失败。
Can anyone help guide me here, or maybe explain what is going on?任何人都可以在这里帮助指导我,或者解释发生了什么?
Thanks in advance.提前致谢。
1 个解决方案
解决方案1
1 已采纳 2020-06-03 19:27:14
There are two main things to understand here: 1. What the database is returning 2. What your form is returning这里有两件主要的事情要理解:1. 数据库返回什么 2. 你的表单返回什么
In order to understand how to get the login to work you must understand how to ensure that the input/results your form and database give you, can be compared.为了了解如何让登录起作用,您必须了解如何确保您的表单和数据库给您的输入/结果可以进行比较。
In your question you said that the database is returning ('1234',).在您的问题中,您说数据库正在返回('1234',)。 This is a tuple in python, and can be indexed.这是 python 中的一个元组,可以被索引。 Indexing your tuple, like so像这样索引你的元组
pwCheck[0]
would return '1234'.将返回“1234”。
So instead of comparing the raw result that your database query is returning, you should instead understand that your database is returning data that needs a little bit more processing before comparing against the form input.因此,与其比较您的数据库查询返回的原始结果,不如了解您的数据库返回的数据需要在与表单输入进行比较之前进行更多处理。
You could add an extra line which creates a new variable db_pwd, like so您可以添加一个额外的行来创建一个新变量 db_pwd,就像这样
db_pwd = pwCheck[0]
And then check if db_pwd == passwd然后检查 db_pwd == passwd
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.