Data comparison error in database

Question

Data comparison error in database

Navigation

#1 by (1 votes)

0

Trying logearme with username and password from your own database, does not make the correct comparison in if and skips to condition else .

Code

import mysql.connector
import sys
from Tkinter import *
dato={
"user":"root",
"password":"",
"database":"baseusuarios",
"host":"127.0.0.1"
}
conexion=mysql.connector.connect(** dato)
cursor=conexion.cursor(buffered=True)

def Usuario():
ventUsuario=Tk()
ventUsuario.geometry("250x200+500+120")
ventUsuario.title("Sistema")
Usu=Label(ventUsuario,text="Usuario:",font=("Agency FB",14)).place(x=5,y=10)
cajaU=Entry(ventUsuario)
cajaU.place(x=100,y=20)
Contrasena=Label(ventUsuario,text="Contraseña:",font=("Agency FB",14)).place(x=5,y=50)
cajaC=Entry(ventUsuario,show="*")
cajaC.place(x=100,y=60)
botonU=Button(ventUsuario,text="Ingresar",command=lambda:ingresar(cajaU,cajaC))
botonU.place(x=100,y=100)
botonA=Button(ventUsuario,text="Crear una cuenta",command=lambda:cuentas(ventUsuario))
botonA.place(x=75,y=150)
ventUsuario.mainloop()

def ingresar(cajaU,cajaC):
     Usuario=cajaU.get()
     Contra=cajaC.get()
     nom="hola"
     ventIngresar=Tk()
     ventIngresar.geometry("300x200+500+120")
     ventIngresar.title("Ingresando al Sistema")

     if(cursor.execute("SELECT * FROM 'usuarios' WHERE 'nombre'='" + Usuario 
        + "' AND 'contrasena'='"+ Contra +  "'")):
          var2nombre=Label(ventIngresar,text="Has ingresado correctamente al sistema",font=("Agency FB",14)).place(x=10,y=10)
     else: 
        varnombre=Label(ventIngresar,text="Usuario o Contraseña incorrecta",font=("Agency FB",14)).place(x=10,y=10)
     ventIngresar.mainloop()

mysql python

asked by Miguel Vidal Durón 17.04.2017 в 01:30

source

1 answer

sql query in mysql shows repeated records Press Keyboard Keys

score 1 · Answer 1

There are several errors in your code:

The .get () method is for dictionaries, usually to give specific values in case you do not find the key you are looking for. I leave you some basic examples of entry - Exit:

>> dict = {'Nombre': 'Miguel', 'Age': 17}
>> dict.get('Nombre')
'Miguel'
>> dict['Nombre']
'Miguel'
>>dict.get('Uncampoquenoexiste')
(no devuelve nada)
>>> dict['Uncampoquenoexiste']
 Traceback (most recent call last):
   File "<stdin>", line 1, in <module>
 KeyError: 'Uncampoquenoexiste'
>> gict.get('Uncampoquenoexiste', 'ValorPorDefecto')
'ValorPorDefecto'

If you do it on a STR, it gives an error (which I think is your case):

>>> cajaU = 'Miguel'
>>> cajaU.get()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
AttributeError: 'str' object has no attribute 'get'

If you are already passing the function to the correct parameters (the text), you can simply use that text:

def ingresar(cajaU,cajaC):
     Usuario=cajaU
     Contra=cajaC

If not, you should tell us how and with what objects you are calling this login function.

Additionally to this error. In the code you have passed, you have an error of SQL INJECTION .

If your password field I enter: 'or 1 = 1 I will always get to the first user of the database. You have to use something to clean the strings that you enter in database queries to avoid this.

To see the query you are doing, make a print of the literal that contains the cursor.execute: *

print (("SELECT * FROM usuarios WHERE nombre = '" + User + "' AND contrasena = '" + Contra + "'"))

Copy and paste what you have given into your database and verify that what you are doing is correct and that a user returns.