Question

我试图在python中创建一个连接到sql服务器的脚本并检查用户输入以查看它是否与sql服务器匹配，如果它确实在该帐户中签名但是我的sql端出现语法错误剧本谢谢:)）

import MySQLdb

db = MySQLdb.connect(host="localhost",    # your host, usually localhost
                     user="root",         # your username
                     passwd="",  # your password
                     db="login")        # name of the data base

# you must create a Cursor object. It will let
#  you execute all the queries you need
cur = db.cursor()

while (True):
    username = raw_input("Username: ")
    password = raw_input("Password: ")
    if(cur.execute("SELECT * FROM USERS WHERE username =" + username + "AND password =" + password)):
        db.commit()
        print ("Logged in!")
    else:
        db.commit()
        print ("Failed to authenticate!")

Answer 1

您的用户名未与AND运算符分开。字符串将变为：

SELECT * FROM USERS WHERE username =johnAND password =1234

在用户名和密码值周围加上引号是个好主意：

if(cur.execute("SELECT * FROM USERS WHERE username = \'" + username + "\' AND password = \'" + password + "\'")):

并且还对来自用户输入的每个字符串使用mysql_escape *函数并转到SQL查询。

我不确定转义语法（\＆＃39;）对于python是否正确，它适用于C，PHP和其他...

mysql使用SQL语法登录python错误

1 个答案: