如何在 Python 中使用 SQLITE3 进行登录？

Question

ay yo this is my 1st post don't bully me... so im tryna make a login things using SQLITE3 in python (the module) and im trash (also if there is a better database module then can u tell me in I could use MySQL but I dont need to store 103213021032103123123 data so) and im not sure what to do here the code:

conn = sqlite3.connect("pooptest123.db")
c = conn.cursor()


def create_table():
    c.execute("CREATE TABLE login(Username VARCHAR, Passwords VARCHAR)")
    conn.commit


def enter():
    Username = input("Create username: ")
    Password = input("Create password: ")
    c.execute(
        "INSERT INTO login (Username, Passwords) VALUES (?, ?)", (Username, Password,)
    )
    conn.commit()


create_table()
enter()


def read():
    sql = 'SELECT * FROM login WHERE "Username" == Username'
    sql2 = "SELECT * FROM login WHERE 'Passwords' == Password"
    c.execute(sql, sql2)
    conn.commit


read()


def loginlol():
    sure = input("Login?(Y OR N: ")
    if sure == "y" or sure == "Y":
        b = input("Username: ")
        ca = input("Password: ")
        if b == sql:
            print("Username correct!")
        if c == sql2:

            print("Password correct!")
            print("Logging in...")


loginlol()

conn.close()

and it says this:

File "C:\Users\dontlookhere\AppData\Local\Programs\Python\Python38-32\login.py", line 20, in <module>
    read()
  File "C:\Users\dontlookhere\AppData\Local\Programs\Python\Python38-32\login.py", line 18, in read
    c.execute(sql, sql2)
sqlite3.ProgrammingError: Incorrect number of bindings supplied. The current statement uses 0, and there are 49 supplied.

sry im dumb so and trash with oop and idk what im doing ok anyways thx

Answer 1

Your first (but not last) mistake is

 c.execute(sql, sql2)

execute() can't run two queries. It runs sql as query but text in sql2 it uses as list of arguments for sql .

See your other execute :

c.execute(
    "INSERT INTO login (Username, Passwords) VALUES (?, ?)", (Username, Password,)
)

you have only one query INSERT and list of arguments (Username, Password,)

---

Other mistake is that you expect that SELECT will assign result to variables sql and sql2 but it doesn't work this way. execute uses query sql but after that you have to use c.fetchall() or c.fetchone() to get result from database.

Simply you have to get some tutorial for databases in Python and learn all from scratch.

---

EDIT:

Other big mistake is that you use two SELECT

'SELECT * FROM login WHERE "Username" == Username'
"SELECT * FROM login WHERE 'Passwords' == Password"

but this way you check username without password or password without username but you don't check password and username as pair.

Someone may use your useraname and my password and it will give True but it should gives True only for pair your username and your password or for pair my username and my password . You should check it in one query using

 WHERE Username == "?" AND Passwords == "?"

like

c.execute('SELECT * FROM login WHERE Username == "?" AND Passwords == "?"', (username, password)`

But there is other problem - you shouldn't keep password in plain text but you should keep it encrypted. But it is problem for different question.

---

More or less:

def read(username, password):

    sql = 'SELECT * FROM login WHERE Username == "?" AND Passwords == "?"'
    c.execute(sql, (userame, password)
    result = c.fetchone()

    return result

---

EDIT:

I see another problem - in your database you may have the same username many times - you should make it UNIQUE

---

EDIT:

Example code.

For test at start it drops table and create new one but normally you should create table only once.

I add UNIQUE so it will raise error when you try to create second user with the same name.

It still need to encrypt password

If username and password is correct then check() returns single row with user data. If username or password is wrong then it returns None .

Eventually in check() you can create query which use only Username =?to get user data and later it checks password in this data without usign second sql . This way you may get user data even if he put wrong password .

import sqlite3


def create_table():
    query = "DROP TABLE IF EXISTS login"
    cursor.execute(query)
    conn.commit()
    
    query = "CREATE TABLE login(Username VARCHAR UNIQUE, Password VARCHAR)"
    cursor.execute(query)
    conn.commit()

def enter(username, password):
    query = "INSERT INTO login (Username, Password) VALUES (?, ?)"
    cursor.execute(query, (username, password))
    conn.commit()

def check(username, password):
    query = 'SELECT * FROM login WHERE Username = ? AND Password = ?'
    cursor.execute(query, (username, password))
    result = cursor.fetchone()
    conn.commit()
    print('[DEBUG][check] result:', result)
    return result

def loginlol():
    answer = input("Login (Y/N): ")

    if answer.lower() == "y":
        username = input("Username: ")
        password = input("Password: ")
        if check(username, password):
            print("Username correct!")
            print("Password correct!")
            print("Logging in...")
        else:
            print("Something wrong")

# --- main ---

conn = sqlite3.connect("pooptest123.db")
cursor = conn.cursor()

create_table()

Username = input("Create username: ")
Password = input("Create password: ")

enter(Username, Password)

#check(Username, Password)

loginlol()

cursor.close()
conn.close()