Username是使用tkinter从Entrybox中提取的变量。我需要dbsalt以字符串形式返回cursor1.execute查询的结果,但它返回“none”或返回一个回溯,指出“NoneType没有属性getitem”。我不明白什么是不正确的。
def login_verification(self):
sql = ("SELECT salt FROM User WHERE username = %s")
username = self.KUEntry.get()
print username
cursor1.execute(sql, username)
dbsalt = cursor1.fetchone() [0]
print dbsalt
sql2 = ("SELECT PashHash FROM User WHERE username = %s")
cursor2.execute(sql2, username)
dbhash = cursor2.fetchone() [0]
print dbhash
test = hashlib.sha512(username + dbsalt).hexdigest()
print test
if test == dbhash:
self.intro_screen
else:
print "incorrect password"
最佳答案
您没有调用execute方法,而是分配给它。使用cursor.execute(..)调用它:
您应该使用'来引用字符串。
username = self.KUEntry.get()
cursor1.execute("SELECT salt FROM User WHERE username = '%s'" % username)
dbsalt = str(cursor1.fetchone())
print dbsalt
顺便说一句,使用参数传递样式比手动格式化字符串来防止SQL注入更好。
cursor1.execute("SELECT salt FROM User WHERE username = %s", [username])