I hope this question won't be shot down for being too elementary, but have been trying to understand the concept, not necessarily the code, of whether there is a standard method for checking a username and password from a SQLite3 database. I've seen so many different ways to do it online, but am wondering if there is a basic and perhaps industry-standard way of doing it. Right now, I'm using BottlePY, a simple HTML form and a SQLite3 database and just want to, after checking that the fields are not blank, see if the username and password are valid and in the database. I feel like there are a million security issues with doing it this was as well. Any guidance is appreciated.
...
else:
connection = sqlite3.connect('/Users/Air/Desktop/users.db')
cursor_v = connection.cursor()
cursor_v.execute("SELECT * FROM user WHERE cemail=?", (cemail,))
row = cursor_v.fetchone()
if row == None:
return "<p>User not found</p>"
else:
return "<p>Welcome</p>"
Aucun commentaire:
Enregistrer un commentaire