我正在使用Python MySQL模块构建教科书拍卖应用程序以连接到数据库。登录代码无效。出现提示时,我输入我知道在数据库中的用户名/密码,但它一直说用户名/密码无效。我错误地使用了光标对象吗?
#import the datetime package to use dates
import datetime
#import the mysql connector to access the database
import mysql.connector
#establish a connection to the database
cnx = mysql.connector.connect(user='uXXXXXX', password='pXXXXXX',
host='COMPDBSXXX', database='schemaXXXXXX')
#retrieve a cursor to execute queries
cursor = cnx.cursor()
logged_in = False
########----USER INTERFACE STARTS HERE----###################
print("Welcome to eGCC! Please select an action.")
print("\r")
print("1. LOGIN")
###---LOGIN----#################
while logged_in == False:
print("Enter eGCC username: ")
username = input()
print("Enter eGCC password: ")
password = input()
query = ("SELECT Username from egccuser")
cursor.execute(query)
for ID in cursor:
if ID == str(username):
userID = username
query = ("SELECT password from egccuser where Username = %s")
qdata = str(userID)
cursor.execute(query,qdata)
if cursor == password:
logged_in = True
if logged_in == False:
print("Error: Invalid Username/Password")
#close cursor
cursor.close()
#close the connection to the DBMS
cnx.close()
答案 0 :(得分:0)
专业提示:不要在线发布凭据
Iterating over a cursor will return a row (Which is a tuple) and not the ID.来自BaseCursor
def __iter__(self):
return iter(self.fetchone, None)
def fetchone(self):
"""Fetches a single row from the cursor. None indicates that
no more rows are available."""
self._check_executed()
if self.rownumber >= len(self._rows): return None
result = self._rows[self.rownumber]
self.rownumber = self.rownumber+1
return result
因此if ID == str(username):
永远不会成真。
我也有一种感觉if cursor == password:
也永远不会成真。由于游标不是字符串。
尚未对此进行测试(预计下午),但我的建议是设置一些调试点,看看是否输入了其中一个块。
旁注。为什么只需运行("SELECT Username from egccuser where Username = %s and password = %s")
即可进行迭代。
侧面注意:为了您的安全,以纯文本存储密码绝不是一个好习惯。盐的哈希可以被打破,但总比没有好。 Read more here