Answer the question
In order to leave comments, you need to log in
P
P
PashaLynx2020-11-11 18:53:44
PashaLynx, 2020-11-11 18:53:44
Sqlite - how to make search query 'strict'?
Hello. I am writing a small application in which there will be authorization. The authorization logic is simple, as can be seen from the code:
import sqlite3
"""
0 - пароль и логин не совпадают
1 - admin
2 - user
"""
conn = sqlite3.connect('manager.db')
c = conn.cursor()
x = c.execute('''SELECT name FROM users
WHERE login =?''', (a,))
y = c.execute('''SELECT name FROM users
WHERE pas =?''', (b,))
if x == y:
c = c.execute('''SELECT role FROM users
WHERE login =?''', (a,))
c = str(c.fetchall())
if c == "[('admin',)]":
print(1)
else:
print(2)
else:
print(0)And here's the problem - suppose that the password for some user is qwerty. If we enter qwer, then our request will pass positively, and the user will be logged in. Can this be fixed somehow?
1 answer(s)
@PashaLynx
P
PashaLynx, 2020-11-11 @PashaLynx
In short, I figured it out myself.
import sqlite3
a = 'leha'
b = '1234'
"""
0 - пароль и логин не совпадают
1 - admin
2 - user
"""
conn = sqlite3.connect('manager.db')
c = conn.cursor()
x = c.execute('''SELECT name FROM users
WHERE login =?''', (a,))
x = str(x.fetchall())
y = c.execute('''SELECT name FROM users
WHERE pas =?''', (b,))
y = str(y.fetchall())
if x != y:
print(0)
else:
c = c.execute('''SELECT role FROM users
WHERE login =?''', (a,))
c = str(c.fetchall())
if c == "[('admin',)]":
print(1)
else:
print(2)
Similar questions
A
D
M
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question