Home > Net >  I can't find the correct syntax for SELECT * FROM
I can't find the correct syntax for SELECT * FROM

Time:01-05

It tells me that I have an error in the SQL syntax, but I also tried the simple version, only %s and although I enter the correct username and password (which are in the database) I can't log in (inccorect username or password). I also tried to replace (") with (') before SELECT.

line 34, in login mycursor.execute("SELECT * FROM accounts WHERE username = '%s' AND password = '%s'", (username, password, ))

@app.route('/')
@app.route('/login', methods =['GET', 'POST'])
def login():
    msg = ''
    if request.method == 'POST' and 'username' in request.form and 'password' in request.form:
        username = request.form['username']
        password = request.form['password']
        mycursor.execute("SELECT * FROM accounts WHERE username = '%s' AND password = '%s'", (username, password, ))
        account = mycursor.fetchone()
        if account:
            session['loggedin'] = True
            session['id'] = account['id']
            session['username'] = account['username']
            msg = 'Logged in successfully !'
            return render_template('index.html', msg = msg)
        else:
            msg = 'Incorrect username / password !'
    return render_template('login.html', msg = msg)

CodePudding user response:

Try the parameters without single quotes:

mycursor.execute("SELECT * FROM accounts WHERE username = %s AND password = %s", (username, password))

CodePudding user response:

Beware of the indentation error, this line should be indented to be within the if statement scope. Btw, you can eliminate the quotations around %s, it can infer the type without putting the quotations.

Page link:https//www.codepudding.com/net/251462.html

Prev:MySQL Parameterized query for time type
Next:MySQL "exists" function in "where" clause
  •  Tags:  
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding