How to select a single row in MYSQL from python and work on it?

Question

I am working on a project and in that, I've to work on sql. In the code, I've to work on a single row to match the values of a person.

def userid():
os.system('cls')
ii = input("enter your User ID: ")
curs.execute("SELECT ID FROM users")  #shows ID row of users table
rows = curs.fetchall()  #fetch all data of ID row

if (ii,) in rows:  #if value of ii is in the row, condition evaluates
    password()
else:
    exit()

def password():
    ps = getpass.getpass("enter your pin: ")
    curs.execute("SELECT pin FROM users")    #shows PIN row of users table
    row = curs.fetchall()   #fetch all data of pin row

if (ps,) in row:    #if data in row matches with data in ps, condition evaluates
    main()
else:
    exit()

this is the code and you can see, in the first function, I am successful in fetching user ID but when it comes to passwords, I want to match the password in the row containing the UserId entered by the user. But instead, all passwords it contains is getting matched and error is occurring. recently I discovered a keyword fetchone() but am not sure how to use it or it would work or not. Please help me, how can I work on only one row in sql using python.

Answer 1

You need to use WHERE clauses to filter the query results before the database returns them. For example

SELECT ID, PIN FROM users WHERE ID = 42

will return only the id and pin for the user with id 42, or nothing if there is no row with this id.

Using WHERE clauses, we can change your code like this:

def userid():
    os.system('cls')
    ii = input("enter your User ID: ")
    # I'm guessing ID is an integer value in the database?
    id_ = int(ii)
    # fetch matching id
    curs.execute("SELECT ID FROM users WHERE ID = %s", (id_,))  
    row = curs.fetchone()  #fetch all data of ID row

    if row:  # if the query returned a row, the id exists
        password(id_)
    else:
        exit()

def password(id_):
    ps = getpass.getpass("enter your pin: ")
    # Fetch the PIN only for our user's ID
    curs.execute("SELECT pin FROM users WHERE ID = %s", (id_,))    
    row = curs.fetchone()   #fetch all data of pin row

    # if data in row matches with data in ps, condition evaluates
    if (ps,) in row:    
        main()
    else:
        exit()

Note that when checking credentials like this, it's common to get the id and password and check them both in a single query:

id_ = int(input('What is your id number?'))
password = getpass.getpass('What is your PIN?')
cur.execute("""SELECT id, password FROM users WHERE id = %s AND password = %s""",
            (id_, password))

This is more efficient, because only one query is sent to the database, and potentially more secure, because if it fails the users does not know whether the id or password is wrong.