F
F
fodiche2021-08-05 18:16:35
Python
fodiche, 2021-08-05 18:16:35

Why sends everyone's profile even though where user_id is specified?

The problem is that user_id is the ID of the user in the VK conversation, in the code I wrote that the selection goes only by the user_id of the ID of the user who wrote the message in the conversation and is in the database. but for some reason, when someone writes a profile, the bot drops the profile of all users in the database. help me please

if msg == "/профиль":  ///msg это метод отпраавки сообщение бота
          db = sqlite3.connect('server3.db')
          db.row_factory = sqlite3.Row
          cursor = db.cursor()
          for result in cursor.execute(f"SELECT money, biz, profitbiz, profitkaz, losemoneykaz, moneykaz FROM users WHERE {user_id}"):
            sender(id, f"Полный профиль @id{user_id}({fullname})\n\nБаланс:{result['money']}\n\nВыигранно в казино:{result['profitkaz']}\nПроигранно в казино:{result['losemoneykaz']}\nВсего потрачено в казино:{result['moneykaz']}\n\nБизнесы:{result['biz']}\nЕжедневный доход с бизнесов:{result['profitbiz']}")
          db.commit()

Answer the question

In order to leave comments, you need to log in

1 answer(s)
V
Vindicar, 2021-08-05
@fodich

1. Because the "WHERE {user_id}" condition will be true for any non-zero user_id. You need a WHERE id = {user_id} condition (assuming the user id column is called id).
2. Adjusted for the fact that you don't really need it. NEVER create queries by substituting a value into a string, it's too easy to make a mistake or catch a sql injection. Rewrite the query to use prepared statements.
cursor.execute("SELECT money, biz, profitbiz, profitkaz, losemoneykaz, moneykaz FROM users WHERE id = ?", (user_id, ))
Instead of each ? the element from the parameter tuple will be substituted in the request. In this case, the engine itself will take care of the correct shielding.
3. Reconnecting to the database every time a command is called is a bad idea. Create a connection when starting the bot and use it. Maximum - create a new cursor to call the command.

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question