1

i'm reading in text values from 2 lineedit widgets and using the data from those to act as a log in system but i'm unable because the program is currently only checking if the Username is in the SQLITE database, i'm unsure why.

My connection is done from 

QSqlDatabase login = QSqlDatabase::addDatabase("QSQLITE");
login.setDatabaseName("/Users/Daniel/Dropbox/Stock_Control.sqlite");
if(!login.open())
    ui->label->setText("Unable To Connect To Database");

My Log in code is below 

static Home *home = new Home;
QSqlQuery query;
QString Username = ui->Username_lineEdit->text();
QString Password = ui->Password_lineEdit->text();
query.prepare("SELECT Login, Password FROM Program_account WHERE Login = '"+ Username +"' AND Password = '"+ Password +"'");
if(!query.exec())
{
    qDebug() << "SQL QUERY Login:" << query.executedQuery();
    qDebug() << "SQL ERROR Login:" << query.lastError();
}
else if(!query.first())
{
    qDebug() << "SQL QUERY Login:" << query.executedQuery();
    qDebug() <<  query.value(1);
    qDebug() << "SQL ERROR Login:" << query.lastError();
    tries++;
    int x = 10 - tries;
    ui->label->setText("Incorrect Username or Password " + QString::number(x) + " tries until timeout");
}
else
{
    qDebug() << "SQL QUERY Login:" << query.executedQuery();
    qDebug() <<  query.value(1);
    qDebug() <<  query.last();
    qDebug() << "SQL ERROR Login:" << query.lastError();
    tries = 0;
    home->show();
    close();
}

When query.value(1) is run the output is QVariant(Invalid), im guessing this is the source of my problem but i dont know why not how to fix it.

Thank you

Root0x
  • 113
  • 1
  • 2
  • 12
  • 1
    I don't see the `query.value(1)` call anywhere in the above code. Could you elaborate? – MrEricSir Dec 30 '14 at 20:27
  • I'm i must have changed it whilst i was testing, but query.value(0) gives me the value of the login field in the database Program_account, but query.value(1) returns QVariant(Invalid) and i'm guessing that I is why the program is allowing any password from the Password QLineEdit, but allows only Usernames that are in the database. – Root0x Dec 30 '14 at 20:37
  • 1
    Pay attention that filling your query like you do, you are subject to SQL injection (test it with a login "myLogin OR 1=1;"). Use query.bindValue() or .addBindValue() is much better. Also, I don't know how qDebug can print QVariant objects but I advise you to just explicitly convert your data: query.value(0).toString(). – Martin Dec 31 '14 at 15:23

1 Answers1

1

From looking at the above code I'm betting that the QSqlQuery object isn't getting properly initialized and is thus not executing the statement successfully.

You have to pass the connection to the QSQlQuery when you create it or set it manually like the following:

QSqlQuery query(login);

Since this never gets set you execute the query against nothing and it fails. The error messaging on the QSQlQuery object in this scenario is less than ideal.

mabeechen
  • 121
  • 5