[英]The data from an HTML form is not being passed to MySQL using Flask (Python)
[英]Tried using Python flask to make data sent from HTML <form> a tuple to match selected data from a MySQL table if exit, but something went wrong
// SELECT
myDatabaseCursor.execute("SELECT username, password FROM member")
myDatabase.commit()
// get data from form to make a tuple
userCheck = (request.form["signInUsername"], request.form["signInPassword"])
// iterate selected data tuple into a list
results = []
for selectedData in myDatabaseCursor:
results.append(selectedData)
// check if there is a match in MySQL database
if userCheck in results:
session["status"]="logged"
session["user_name"]=request.form["signInUsername"]
return redirect("/member")
else:
return redirect("/error/?message=wrong username or password")
當我運行我的服務器並嘗試輸入用戶名和正確的密碼時,成功登錄; 嘗試輸入用戶名和錯誤的密碼,在數據庫中沒有任何匹配項,登錄被拒絕。一切都好......
但是,當我嘗試輸入用戶名和錯誤的密碼時,密碼列中有匹配項,但不屬於正確的用戶名,仍然成功登錄。
我現在真的很困惑,希望你們對這種情況有所了解。
謝謝,感謝您的回復。
您可以更改查詢以支持WHERE
子句。 類似的東西:
# get data from form to make a tuple
username, password = (
request.form["signInUsername"],
request.form["signInPassword"]
)
# SELECT
myDatabaseCursor.execute(
"""
SELECT username, password
FROM member
WHERE username = '{username}' AND password = '{password}'
""".format(username=username, password=password)
)
myDatabase.commit()
# set userCheck to True or False if the myDatabaseCursor result is not empty..
# TODO
# if row was in returned table
if userCheck:
session["status"]="logged"
session["user_name"]=request.form["signInUsername"]
return redirect("/member")
else:
return redirect("/error/?message=wrong username or password")
問題可能出在session['status']
上。 您永遠不會將其設置為例如“未登錄”,因此如果您不關閉瀏覽器,則在首次成功登錄后狀態將始終為“已登錄”。
嘗試在腳本的開頭初始化您的變量,即session["status"]=None
然后在每個其他頁面中檢查狀態是否實際上是“已記錄”,就像您可能已經在做的那樣。
session["status"]=None
// SELECT
myDatabaseCursor.execute("SELECT username, password FROM member")
myDatabase.commit()
// get data from form to make a tuple
userCheck = (request.form["signInUsername"], request.form["signInPassword"])
// iterate selected data tuple into a list
results = []
for selectedData in myDatabaseCursor:
results.append(selectedData)
// check if there is a match in MySQL database
if userCheck in results:
session["status"]="logged"
session["user_name"]=request.form["signInUsername"]
return redirect("/member")
else:
return redirect("/error/?message=wrong username or password")
無論如何,為了最佳實踐,您應該修改代碼以應用@matthewking 描述的邏輯,僅檢索您需要檢查的密碼。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.