Attempting to do detail validation on a db created in sqlite 3 using python
Question:
I’m transitioning from keeping and checking login files on a text document to from a SQL database. In my current solution, I have got it working where I can check the file for the username and password and then report back if the username or password are correct individually. The code is as follows for my SQL implementation:
def check_login_on_db():
user = UserSignUpDetails(None, None, log_in_window_username_entry.get(),
log_in_window_password_entry.get())
enteredUsername = user.username
enteredPassword = user.password
conn = sqlite3.connect('database.db')
cursor = conn.cursor()
cursor.execute('SELECT * from SignUpDetails where username="%s"'%(enteredUsername))
values = cursor.fetchall()
for i in values:
if values[i] == None:
log_in_additional_info.config(text="This username is incorrect")
conn.close()
else:
if values[i] == enteredUsername:
if values[i+1] != enteredPassword:
log_in_additional_info.config(text="The password is incorrect")
conn.close()
else:
log_in_additional_info.config(text="")
conn.close
I’d appreciate any help on this.
I expected to get the error messages if I were to input details I know are wrong, but did not.
If I use this implementation, I get it to work and show the error, but I would much rather have it working where it tells me which part is wrong:
cursor.execute('SELECT * from SignUpDetails where username="%s"'%(enteredUsername))
if cursor.fetchone():
log_in_additional_info.config(
text="Success")
else:
log_in_additional_info.config(
text="Incorrect username or password")
Answers:
I think the use of the variable i here to represent a row makes things a little confusing. Let’s rename a few variables to help add some clarity.
While we are cleaning things up, I’m going to make a couple of additional changes. First, SQL tends to not like double quotes, so let’s flip your quotes around so SQL sees single quotes. Secondly, I am going to use the else clause (AKA no_break) of the for statement to handle the case that no row with a matching password was found.
Finally, as an aside, your code currently handles the case where two accounts could in theory have the same shared username. Is that actually what you want? If not you might do fetchone() and then get rid of the for loop:
Note, not tested, just from the top of my head.
def check_login_on_db():
user = UserSignUpDetails(
None,
None,
log_in_window_username_entry.get(),
log_in_window_password_entry.get()
)
enteredUsername = user.username
enteredPassword = user.password
with sqlite3.connect("database.db") as conn:
with conn.cursor() as cursor:
cursor.execute("SELECT * from SignUpDetails where username = '%s'" % (enteredUsername))
rows = cursor.fetchall() # can two accounts actually have the same username?
if not rows:
log_in_additional_info.config(text="This username is incorrect")
return
for row in rows:
if row[2] == enteredPassword:
log_in_additional_info.config(text="")
break
else:
log_in_additional_info.config(text="The password is incorrect")
If you did not like the else clause here then in this instance, you could also do:
def check_login_on_db():
user = UserSignUpDetails(
None,
None,
log_in_window_username_entry.get(),
log_in_window_password_entry.get()
)
enteredUsername = user.username
enteredPassword = user.password
with sqlite3.connect("database.db") as conn:
with conn.cursor() as cursor:
cursor.execute("SELECT * from SignUpDetails where username = '%s'" % (enteredUsername))
rows = cursor.fetchall() # can two accounts actually have the same username?
if not rows:
log_in_additional_info.config(text="This username is incorrect")
return
for row in rows:
if row[2] == enteredPassword:
log_in_additional_info.config(text="")
return
log_in_additional_info.config(text="The password is incorrect")
I’m transitioning from keeping and checking login files on a text document to from a SQL database. In my current solution, I have got it working where I can check the file for the username and password and then report back if the username or password are correct individually. The code is as follows for my SQL implementation:
def check_login_on_db():
user = UserSignUpDetails(None, None, log_in_window_username_entry.get(),
log_in_window_password_entry.get())
enteredUsername = user.username
enteredPassword = user.password
conn = sqlite3.connect('database.db')
cursor = conn.cursor()
cursor.execute('SELECT * from SignUpDetails where username="%s"'%(enteredUsername))
values = cursor.fetchall()
for i in values:
if values[i] == None:
log_in_additional_info.config(text="This username is incorrect")
conn.close()
else:
if values[i] == enteredUsername:
if values[i+1] != enteredPassword:
log_in_additional_info.config(text="The password is incorrect")
conn.close()
else:
log_in_additional_info.config(text="")
conn.close
I’d appreciate any help on this.
I expected to get the error messages if I were to input details I know are wrong, but did not.
If I use this implementation, I get it to work and show the error, but I would much rather have it working where it tells me which part is wrong:
cursor.execute('SELECT * from SignUpDetails where username="%s"'%(enteredUsername))
if cursor.fetchone():
log_in_additional_info.config(
text="Success")
else:
log_in_additional_info.config(
text="Incorrect username or password")
I think the use of the variable i here to represent a row makes things a little confusing. Let’s rename a few variables to help add some clarity.
While we are cleaning things up, I’m going to make a couple of additional changes. First, SQL tends to not like double quotes, so let’s flip your quotes around so SQL sees single quotes. Secondly, I am going to use the else clause (AKA no_break) of the for statement to handle the case that no row with a matching password was found.
Finally, as an aside, your code currently handles the case where two accounts could in theory have the same shared username. Is that actually what you want? If not you might do fetchone() and then get rid of the for loop:
Note, not tested, just from the top of my head.
def check_login_on_db():
user = UserSignUpDetails(
None,
None,
log_in_window_username_entry.get(),
log_in_window_password_entry.get()
)
enteredUsername = user.username
enteredPassword = user.password
with sqlite3.connect("database.db") as conn:
with conn.cursor() as cursor:
cursor.execute("SELECT * from SignUpDetails where username = '%s'" % (enteredUsername))
rows = cursor.fetchall() # can two accounts actually have the same username?
if not rows:
log_in_additional_info.config(text="This username is incorrect")
return
for row in rows:
if row[2] == enteredPassword:
log_in_additional_info.config(text="")
break
else:
log_in_additional_info.config(text="The password is incorrect")
If you did not like the else clause here then in this instance, you could also do:
def check_login_on_db():
user = UserSignUpDetails(
None,
None,
log_in_window_username_entry.get(),
log_in_window_password_entry.get()
)
enteredUsername = user.username
enteredPassword = user.password
with sqlite3.connect("database.db") as conn:
with conn.cursor() as cursor:
cursor.execute("SELECT * from SignUpDetails where username = '%s'" % (enteredUsername))
rows = cursor.fetchall() # can two accounts actually have the same username?
if not rows:
log_in_additional_info.config(text="This username is incorrect")
return
for row in rows:
if row[2] == enteredPassword:
log_in_additional_info.config(text="")
return
log_in_additional_info.config(text="The password is incorrect")