mysql.connector for python：並非所有參數都在 SQL 語句中使用

Question

從事一個項目，我正在使用 MySQL 作為用戶數據庫。

我試圖通過將 request.form 更改為 request.form.get 來解決此問題，但無濟於事。

from flask import Flask, render_template, request, redirect, url_for, session
app = Flask(__name__)
import mysql.connector

mydb = mysql.connector.connect(
  host="localhost",
  user="root",
  password="",
  database="jimblonium"
)
mycursor = mydb.cursor()


@app.route('/')
def hello():
    return render_template('index.html')

@app.route("/login")
def login():
    return render_template ('login.html')

@app.route("/l", methods =['GET', 'POST'])
def passIt():
    username = request.form.get("username")
    password = request.form.get("password")
    if request.method == 'POST':
        # return username
        if request.method == 'POST':
            mycursor.execute('SELECT * FROM users WHERE username = % s AND password = % s', (username, password, ))
            account = mycursor.fetchone()
            if account:
                return "done!"

Answer 1

你可以試試：

myvar =  request.form["username"]
myvartwo = request.form["password"]

Answer 2

您的查詢中有語法錯誤，占位符是%s ，並且您正在使用% s插入空格。 您需要將其修改為：

mycursor.execute('SELECT * FROM users WHERE username = %s AND password = %s', (username, password, ))