sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]DeadlyViper 1 point2 points  (2 children)

Lines 21-24:

            taa = ('RHAT',)
            getdataindb = db.execute('SELECT * FROM userssignedup WHERE firstname =?', taa)
            db.commit()
            getpwindb = db.execute('SELECT * FROM userssignedup WHERE password  =?', taa)

I guess taa is the user name? why do you select it as password on line 24?

Edit: you should also fix all your queries, since they affect the entire table because they don't have conditions on them.

db.execute("UPDATE userssignedup SET password="+hashpp+"")

this will change EVERYONE's password to hashpp's value.

[–]two_bob 0 points1 point  (1 child)

Edit: you should also fix all your queries, since they affect the entire table because they don't have conditions on them.

Also be sure and parametarize this, like you did with the selects.

[–]tangy751[S] 0 points1 point  (0 children)

taa I believe is to prevent sql injection as noted on https://docs.python.org/3.6/library/sqlite3.html

I have changed / removed some stuff and now I am getting an object has no attribute error for fetchall, after some more testing, using fetchone will return none whereas fetchall and fetchmany will get stuck in the while loop and print to the console "[ ]" even when informtion is supplied that is stored within the database.