我正在尝试使用Python执行查询,但是,当尝试获取用户在网站上输入的电子邮件和密码时,它返回“您的SQL语法有误;请查看与您的MySQL相对应的手册正确的语法的服务器版本,以在第1行的''dsfs'附近使用(dsfs是不正确的密码)
@login_blueprint.route('/login', methods=['GET', 'POST'])
def login():
if request.method == 'POST' and 'email' in request.form:
try:
email = request.form['email']
password = request.form['password']
database = mysql.connector.connect(
host=DBHost,
user=DBUser,
passwd=DBPass,
database=DB
)
cursor = database.cursor()
query = "SELECT * FROM users WHERE (email, password) = %s, %s"
values = (email, password)
cursor.execute(query, values)
cursor.fetchall()
return render_template('dashboard.html', email=email)
except Exception as error:
print(error)
return jsonify(result='that account does not exist')
return render_template('login.html')
当我注册详细信息时,它可以很好地工作并将数据输入到MySQL表中。
@register_blueprint.route('/register', methods=['GET', 'POST'])
def register():
if request.method == 'POST' and 'email' in request.form:
email = request.form['email']
password = request.form['password']
database = mysql.connector.connect(
host=DBHost,
user=DBUser,
passwd=DBPass,
database=DB
)
cursor = database.cursor()
query = "INSERT INTO users (email, password) VALUES (%s, %s)"
values = (email, password)
cursor.execute(query, values)
database.commit()
return jsonify(result='account created, proceed to login')
return render_template('register.html')
答案 0 :(得分:0)
只需更改SQL语法:
query = "SELECT * FROM users WHERE email = %s AND password = %s"
values = (email, password)
cursor.execute(query, values)
cursor.fetchall()
fetchall()方法的空值不会引发任何异常,它返回空元组