SELECT语句不使用Python抓取数据

试图在客户端登录时收集其信息。该信息先前已输入数据库。我得到了除电子邮件值以外的所有“1”，因为用户必须手动输入电子邮件，所以从我的表中检索数据时一定会出错。我想我的Python代码中缺少了一些东西。。。有什么想法吗

from content_management import Content

#form validations
from wtforms import Form, BooleanField, TextField, PasswordField, validators
#to encrypt the password
from passlib.hash import sha256_crypt
#for SQL injection
from MySQLdb import escape_string as thwart
import gc
from functools import wraps
from dbconnect import connection

TOPIC_DICT = Content()

app = Flask(__name__)

@app.route('/login/', methods=['GET','POST'])
def login_page():
    error = ''
    try:
        c, conn = connection()
        if request.method == "POST":
            data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            data = c.fetchone()[3]

            if sha256_crypt.verify(request.form['password'], data):
                email = request.form['email']
                #grab all the clients info
                clientcid = c.execute("SELECT cid FROM clients WHERE email = (%s)", (thwart(email),))
                phone = c.execute("SELECT phone FROM clients WHERE email = (%s)", (thwart(email),))
                rating = c.execute("SELECT rating FROM clients WHERE email = (%s)", (thwart(email),))
                first_name = c.execute("SELECT first_name FROM cpersonals WHERE cid = (%s)", (clientcid,))
                last_name = c.execute("SELECT last_name FROM cpersonals WHERE cid = (%s)", (clientcid,))
                address = c.execute("SELECT address FROM cpersonals WHERE cid = (%s)", (clientcid,))
                czip = c.execute("SELECT zip FROM cpersonals WHERE cid = (%s)", (clientcid,))
                reg_date = c.execute("SELECT reg_date FROM cpersonals WHERE cid = (%s)", (clientcid,))
                conn.commit()
                c.close()
                conn.close()
                gc.collect()


                session['logged_in'] = 'client'
                session['clientcid'] = clientcid
                session['email'] = email
                session['phone'] = phone
                session['rating'] = rating
                session['first_name'] = first_name
                session['last_name'] = last_name
                session['address'] = address
                session['czip'] = czip
                session['reg_date'] = reg_date
                flash("You are now logged in.")
                return redirect(url_for("dashboard"))

            else:
                error = "Invalid credentials, try again."

        gc.collect()
        return render_template("login.html", error = error)

    except Exception as e:
        #flash(e)
        error = "Invalid credentials, try again."
        return render_template("login.html", error = error)

编辑：尝试了以下操作，但现在无法登录…

if request.method == "POST":
            data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            data = c.fetchone()[3]

            if sha256_crypt.verify(request.form['password'], data):
                clientcid = c.fetchone()[0]
                phone = c.fetchone()[1]
                rating = c.fetchone()[4]
                conn.commit()
                c.execute("SELECT * FROM cpersonals WHERE cid = (%s)", (clientcid,))
                first_name = c.fetchone()[1]
                last_name = c.fetchone()[2]
                address = c.fetchone()[3]
                czip = c.fetchone()[4]
                reg_date = c.fetchone()[5]
                conn.commit()
                c.close()
                conn.close()

EDIT2:与前面的编辑相同，即使电子邮件和密码正确，此代码也无法确认登录凭据。一旦我返回到我发布的第一个代码块，它将确认登录（使用那些相同的凭据），但除了电子邮件之外，每个变量中仍然有“1”

@app.route('/login/', methods=['GET','POST'])
def login_page():
    error = ''
    try:
        c, conn = connection()
        if request.method == "POST":
            data = c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(request.form['email']),))
            data = c.fetchone()[3]
            password = request.form['password']

            if password == data:
                email = request.form['email']
                #grab all the clients info
                c.execute("SELECT * FROM clients WHERE email = (%s)", (thwart(email),))
                clients_table = c.fetchall()
                clientcid = clients_table[0]
                phone = clients_table[1]
                rating = clients_table[4]
                conn.commit()

                c.execute("SELECT * FROM cpersonals WHERE cid = (%s)", (clientcid,))
                cpersonals_table = c.fetchall()
                first_name = cpersonals_table[1]
                last_name = cpersonals_table[2]
                address = cpersonals_table[3]
                czip = cpersonals_table[4]
                reg_date = cpersonals_table[5] 
                conn.commit()

                c.close()
                conn.close()

                session['logged_in'] = 'client'
                session['clientcid'] = clientcid
                session['email'] = email
                session['phone'] = phone
                session['rating'] = rating
                session['first_name'] = first_name
                session['last_name'] = last_name
                session['address'] = address
                session['czip'] = czip
                session['reg_date'] = reg_date
                flash("You are now logged in.")
                return redirect(url_for("ask"))

            else:
                error = "Invalid credentials, try again."

        return render_template("login.html", error = error)

    except Exception as e:
        #flash(e)
        error = "Invalid credentials, try again."
        return render_template("login.html", error = error)

---

您的异常处理过于通用，请尝试在更少的代码行中捕获更具体的错误，即使是我的第二组代码？这并不能回答您的问题，但描述了为什么不应在密码上使用sha256。@GreatContini第4点？你是什么意思？@douglasrcjames你是否点击了链接并阅读了“错误使用或误用密码原语存储密码”一节？