使用Python和SQLite登录脚本。-LoginscriptusingPythonandSQLite

1  

user = raw_input "User:"
pswd = getpass.getpass "Password"

db = sqlite3.connect('/SABB/DATASETS/SENHAS')
c = db.cursor()
c.execute('SELECT * from sabb WHERE usuario="%s" AND senha="%s"' % (user, pswd))
if c.fetchone() is not None:
    print "Welcome"
else:
    print "Login failed"

First: fetchone() and fatchall() don't return True, but a matching result. We want to use fetchone() because we are interested in one row in the database. If no row is found, fetchone() will return None.

首先:fetchone()和fatchall()不会返回True，而是一个匹配的结果。我们希望使用fetchone()，因为我们对数据库中的一行感兴趣。如果没有找到任何行，fetchone()将不会返回任何行。

We check if we got a matching result and print Welcome if we do. If fetchone() returns None, it goes to else statement - Login Failed

我们检查是否有匹配的结果，并打印Welcome。如果fetchone()返回None，它会转到else语句——登录失败

Here's my test log

这是我的测试日志

>>> import sqlite3
>>> database = sqlite3.connect("my.db")
>>> db = database.cursor()
>>> Player = "iScrE4m"
>>> Played = 10
>>> db.execute("SELECT * FROM players WHERE Name='%s' AND Played='%i'" % (Player, Played))

>>> print db.fetchone()
(1, u'iScrE4m', 1, 1494, 10, 5, 5)
>>> Played = 8
>>> db.execute("SELECT * FROM players WHERE Name='%s' AND Played='%i'" % (Player, Played))

>>> print db.fetchone()
None
>>> 

2  

From how I've read your source code, you're getting the username and password from your user, but not actually using this anywhere. Instead you'll want to substitute the actual username and password in your WHERE statements. I believe the code below would be the most pythonic:

从我如何读取你的源代码，你得到用户的用户名和密码，但实际上并没有在任何地方使用。相反，您需要在WHERE语句中替换实际的用户名和密码。我相信下面的代码是最python化的:

# Get login details from user
user = input('User: ')
password = getpass.getpass('Password: ')

# Connect to database
db = sqlite3.connect('path/to/database')
c = db.cursor()

# Execute sql statement and grab all records where the "usuario" and
# "senha" are the same as "user" and "password"
c.execute('SELECT * FROM sabb WHERE usuario = ? AND senha = ?', (user, password))

# If nothing was found then c.fetchall() would be an empty list, which
# evaluates to False 
if c.fetchall():
    print('Welcome')
else:
    print('Login failed')

Please note that you should always the method provided by cursor.execute() for substituting data entered by a user into a database call. Using the format() or % substitution method leaves you open to sql injection.

请注意，您应该始终使用cursor.execute()提供的方法来将用户输入的数据替换为数据库调用。使用format()或%替换方法可以打开sql注入。

Do not do this:

c.execute('SELECT * from sabb WHERE usuario="%s" AND senha="%s"' % (user, pswd))

Imagine if someone passed in:

想象一下如果有人路过:

• User = Bob
• 用户=鲍勃
• Password = my_cool_password" OR 1=1; --
• 密码= my_cool_password”或1=1;- - -

The cursor would evaluate: SELECT * from sabb WHERE usuario="Bob" AND senha="my_cool_password" OR 1=1; -- ";

游标将计算:从sabb中选择*，其中usuario="Bob"和senha="my_cool_password"或1=1;——”;

It'd allow me to log in as any user. By trivially changing my input I could execute any command on the database that I wish (including deleting a login, adding a login, dropping the entire table etc).

它允许我以任何用户的身份登录。通过简单地更改输入，我可以在数据库中执行任何我想要的命令(包括删除登录名、添加登录名、删除整个表等等)。

0  

You must learn to read the documentation properly.

你必须学会正确地阅读文档。

In your second approach, you are checking if a cursor object is greater than 0 rather than checking if the returned list of results has a length greater than 0. Since the variable has some object, the expression will evaluate to True.login is not a status as you may have assumed.

在第二种方法中，检查游标对象是否大于0，而不是检查返回的结果列表的长度是否大于0。由于变量有某个对象，表达式将求值为True。登录不是您可能认为的状态。

Your final code should be:

您的最终代码应该是:

db = sqlite3.connect('/SABB/DATASETS/SENHAS')
c = db.cursor()
c.execute("SELECT * from sabb WHERE usuario = 'user' AND senha = 'pswd'")
if (len(list(c)) > 0):
    print "Welcome"
else:
    print "Login failed"

0  

db = sqlite3.connect('/SABB/DATASETS/SENHAS')

c = db.cursor()

login = c.execute('SELECT * from sabb WHERE usuario = "user" AND senha = "pswd"')

if (len(login.fetchall()) > 0):
     print "Welcome"
else:
     print "Login failed"