Can';t使用Python从postgreSQL数据库检索哈希密码
因此,我正在用python cgi编写一个简单的登录脚本。它在本地主机上不工作(显示500个错误),因此单独运行代码会发现代码问题。代码如下:Can';t使用Python从postgreSQL数据库检索哈希密码,python,postgresql,hash,cgi,Python,Postgresql,Hash,Cgi,因此,我正在用python cgi编写一个简单的登录脚本。它在本地主机上不工作(显示500个错误),因此单独运行代码会发现代码问题。代码如下: #!/usr/bin/python2.7 import cgi import cgitb import hashlib import psycopg2 from dbconfig import * cgitb.enable() print "Content-Type: text/html" def checkPass(): email = "
#!/usr/bin/python2.7
import cgi
import cgitb
import hashlib
import psycopg2
from dbconfig import *
cgitb.enable()
print "Content-Type: text/html"
def checkPass():
email = "person@gmail.com"
password = "blahblah"
password = hashlib.sha224(password.encode()).hexdigest()
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
print str(result)
if __name__ == "__main__":
conn_string = "host=%s dbname=%s user=%s password=%s" % (host, database, dbuser, dbpassword)
conn = psycopg2.connect(conn_string)
cursor = conn.cursor()
checkPass()
Traceback (most recent call last):
File "login.py", line 28, in <module>
checkPass()
File "login.py", line 20, in checkPass
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
ProgrammingError: syntax error at or near "passhash"
LINE 1: SELECT * FROM logins WHERE email=%s passhash=%s
程序停留的那一行是postgre查询的cursor.execute。显示的错误如下所示:
#!/usr/bin/python2.7
import cgi
import cgitb
import hashlib
import psycopg2
from dbconfig import *
cgitb.enable()
print "Content-Type: text/html"
def checkPass():
email = "person@gmail.com"
password = "blahblah"
password = hashlib.sha224(password.encode()).hexdigest()
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
print str(result)
if __name__ == "__main__":
conn_string = "host=%s dbname=%s user=%s password=%s" % (host, database, dbuser, dbpassword)
conn = psycopg2.connect(conn_string)
cursor = conn.cursor()
checkPass()
Traceback (most recent call last):
File "login.py", line 28, in <module>
checkPass()
File "login.py", line 20, in checkPass
result = cursor.execute('SELECT * FROM logins WHERE email=%s passhash=%s') % (email, password)
ProgrammingError: syntax error at or near "passhash"
LINE 1: SELECT * FROM logins WHERE email=%s passhash=%s
需要注意的是,它指向passhash。我尝试将查询直接输入psql控制台中的db,如下所示:
SELECT * FROM logins WHERE passhash=storedhashedcode;
但是,这将返回一个关于不存在的哈希名称(即E342HEFHEH43HFHEFHERFHER…等)列的错误。我做错了什么?我能想到的唯一一件事就是散列的存储方式不同
注意-这是我用来存储密码等的代码,如果有帮助的话:
email = "person@gmail.com"
allpass = "blahblah"
password = hashlib.sha224(allpass.encode()).hexdigest()
cursor.execute('INSERT INTO logins (email, passhash) VALUES (%s, %s);', (email, password))
conn.commit()
任何帮助都将不胜感激
更新:
根据Decly的建议,我已将查询更改为:
result = cursor.execute('SELECT * FROM logins WHERE email=%s AND passhash=%s') % (email, password)
这将产生以下错误:
ProgrammingError: column "s" does not exist
LINE 1: SELECT * FROM logins WHERE email=%s AND passhash=%s
很明显,出于某种原因,它使用s作为列。为什么它不接受我的变量名?在:
'SELECT * FROM logins WHERE email=%s passhash=%s'
布尔表达式中缺少AND:
'SELECT * FROM logins WHERE email=%s AND passhash=%s'
在psql中编写查询时,缺少字符串文字的引号,因此postgresql正在推断列名,您应该编写:
SELECT * FROM logins WHERE passhash='storedhashedcode';
您也将parentesis放在了错误的位置,python语句应该是:
result = cursor.execute('SELECT * FROM logins WHERE email= %s AND passhash= %s', (email, password))
好的,我已经按照建议添加了AND,但是现在它抛出了与以前相同的错误,除了引用
%s
对不起,不是完全相同的错误,现在它将s当作字符串,而不是变量。明白了。显然你没有像我那样设置查询。现在还有另一个问题,但那完全是另一回事。我扩展了我的答案,你准备的语句有一个错误。就是这样,而且cursor.execute实际上没有返回任何东西。需要使用fetchone来实现这一点。