1

I have a html login form.which collects a users username and password . I also have a script which collects them and stores it . I was wondering if it was possible to check if the username and password already exists in the MySQL database before storing in the database.

Html form: 

<!DOCTYPE html>
<html>
<head>
    <title>login</title>
</head>
<body>
    <form action="login.py" method="GET">
        First name:<br>
        <input type="text" name="user_name"><br>
        Last name:<br>
        <input type="text" name="password"><br>
    </form>
</body>
</html>



Login script





import cgitb
   cgitb.enable()

   import cgi
   form = cgi.FieldStorage()
   user_name = form["user_name"].value
   password = form["password"].value

   import pymysql
   conn = pymysql.connect(db='userdb', 
   user='root', passwd='12346', 
   host='localhost')
   cursor = conn.cursor()

   query= "INSERT INTO users VALUES 
   ('{user_name}',{password})"   
 cursor.execute(query.format(user_name=user- 
    name, password=password))
    conn.commit()

Is it possible to check if the username and password from the html form has a match in the database?

cody c
  • 21
  • 3
  • Avoid SQL inection by using [cursor.execute](https://dev.mysql.com/doc/connector-python/en/connector-python-api-mysqlcursor-execute.html) correctly (aka don't use `query.format`). – danblack Nov 30 '18 at 02:40
  • And don't store user passwords in clear text. Use a [salted hash](https://stackoverflow.com/a/23768422/3929826)! – Klaus D. Nov 30 '18 at 03:18

1 Answers1

0

Make unique or primary key on user_name and if a duplicate occurs and exception will be thrown.

If you're storing passwords in an unhashed format, shame on you, er fix it,

If you have passwords as hashes you can't tell if they are duplicates (which isn't a bad thing).

danblack
  • 12,130
  • 2
  • 22
  • 41