1

Why my MySQL table gets an error in my flask app.

enter code here

from flask import Flask, render_template, request
import mysql.connector


app = Flask(__name__)

conn =mysql.connector.connect(host='localhost',
                          database='login',
                          user=' root',
                          password='')

cursor=conn.cursor()

@app.route('/')

def login():
    return render_template('login.html')

@app.route('/register')
def register():
   return render_template('register.html')


@app.route('/home')
def home():
    return render_template('home.html')

@app.route('/login_validation' , methods = ['POST'])
 def login_validation():
email = request.form.get('email')
password = request.form.get('password')


cursor.execute("SELECT * FROM 'user' WHERE 'email' LIKE () AND 'password' LIKE '()' "

                .format(email,password))


user = cursor.fetchall()
print(user)



# return f'Your Inputed Email : {email} <br> Your Inputed Password : {password}'



if __name__ =='__main__':
    app.run(debug=True)

when I fill my login form then show this error:

mysql.connector.errors.ProgrammingError: 1064 (42000): You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''user' WHERE 'email' LIKE () AND 'password' LIKE '()'' at line 1

note: I create a database table in XAMMP Mysql

So how I fix it?

Barmar
  • 741,623
  • 53
  • 500
  • 612
Tareq5321
  • 11
  • 1
  • Use backticks around table and column names, not single quotes. – Barmar Apr 21 '21 at 03:43
  • And what is `LIKE ()` supposed to mean? The argument to `LIKE` has to be a string. – Barmar Apr 21 '21 at 03:43
  • Those `()` should be `{}`. But you shouldn't use string formatting to construct queries. Use `%s` placeholders in the query, and put the parameters in the second argument to `cursor.execute()`. – Barmar Apr 21 '21 at 03:45
  • And why are you using `LIKE`? The username and password should match exactly, so use `=`. – Barmar Apr 21 '21 at 03:45
  • Not to mention you shouldn't store plaintext passwords, you should use a salted hash. – Barmar Apr 21 '21 at 03:46
  • cursor.execute("SELECT * FROM 'user' WHERE 'email' LIKE () AND 'password' LIKE '()' " .format(email,password)) – Tareq5321 Apr 21 '21 at 16:38
  • please can you write this query code for understand? – Tareq5321 Apr 21 '21 at 16:38
  • `cursor.execute('SELECT * FROM user WHERE email LIKE %s AND password LIKE %s', (email,password))` – Barmar Apr 21 '21 at 18:15

0 Answers0