[英]Can't retrieve hashed password from postgreSQL Database with Python
所以我在python cgi中編寫一個簡單的登錄腳本。 它在localhost上不起作用(顯示500錯誤),因此單獨運行代碼會發現存在代碼問題。 代碼如下:
#!/usr/bin/python2.7
import cgi
import cgitb
import hashlib
import psycopg2
from dbconfig import *
cgitb.enable()
print "Content-Type: text/html"
def checkPass():
email = "person@gmail.com"
password = "blahblah"
password = hashlib.sha224(password.encode()).hexdigest()
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
print str(result)
if __name__ == "__main__":
conn_string = "host=%s dbname=%s user=%s password=%s" % (host, database, dbuser, dbpassword)
conn = psycopg2.connect(conn_string)
cursor = conn.cursor()
checkPass()
程序卡住的行是postgre查詢的cursor.execute。 顯示的錯誤如下:
Traceback (most recent call last):
File "login.py", line 28, in <module>
checkPass()
File "login.py", line 20, in checkPass
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
ProgrammingError: syntax error at or near "passhash"
LINE 1: SELECT * FROM logins WHERE email=%s passhash=%s
應當指出,它指向密碼。 我嘗試將查詢直接輸入到psql控制台中的db中,如下所示:
SELECT * FROM logins WHERE passhash=storedhashedcode;
但是,這將返回有關哈希名稱(即e342hefheh43hfhfhefherf .... etc)不存在的列的錯誤。 我在這里做錯了什么? 我唯一能想到的就是哈希存儲方式不同。
注意-這是我用來存儲密碼等的代碼,如果有幫助的話:
email = "person@gmail.com"
allpass = "blahblah"
password = hashlib.sha224(allpass.encode()).hexdigest()
cursor.execute('INSERT INTO logins (email, passhash) VALUES (%s, %s);', (email, password))
conn.commit()
任何幫助將不勝感激!
更新:
根據Decly的建議,我將查詢更改為:
result = cursor.execute('SELECT * FROM logins WHERE email=%s AND passhash=%s') % (email, password)
現在會產生錯誤:
ProgrammingError: column "s" does not exist
LINE 1: SELECT * FROM logins WHERE email=%s AND passhash=%s
因此,出於某種原因,顯然使用s作為列。 為什么不使用我的變量名?
在:
'SELECT * FROM logins WHERE email=%s passhash=%s'
您在布爾表達式中缺少AND:
'SELECT * FROM logins WHERE email=%s AND passhash=%s'
當您在psql中編寫查詢時,缺少字符串文字的引號,因此postgresql會推斷列名,您應該編寫:
SELECT * FROM logins WHERE passhash='storedhashedcode';
您還將括號放在錯誤的位置,python語句應為:
result = cursor.execute('SELECT * FROM logins WHERE email= %s AND passhash= %s', (email, password))
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.