[英]mysql sign in with python error with SQL syntax
我試圖在連接到sql server的python中創建登錄腳本,並檢查用戶輸入以查看它是否與sql server匹配,以及是否確實登錄了該帳戶,但是我在腳本的sql端收到語法錯誤:)
import MySQLdb
db = MySQLdb.connect(host="localhost", # your host, usually localhost
user="root", # your username
passwd="", # your password
db="login") # name of the data base
# you must create a Cursor object. It will let
# you execute all the queries you need
cur = db.cursor()
while (True):
username = raw_input("Username: ")
password = raw_input("Password: ")
if(cur.execute("SELECT * FROM USERS WHERE username =" + username + "AND password =" + password)):
db.commit()
print ("Logged in!")
else:
db.commit()
print ("Failed to authenticate!")
您的用戶名未與AND運算符分開。 字符串將變為:
SELECT * FROM USERS WHERE username =johnAND password =1234
在用戶名和密碼值兩邊加上引號是一個很好的主意:
if(cur.execute("SELECT * FROM USERS WHERE username = \'" + username + "\' AND password = \'" + password + "\'")):
並在來自用戶輸入並進入SQL查詢的每個字符串上使用mysql_escape *函數。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.