1

i'm reading in text values from 2 lineedit widgets and using the data from those to act as a log in system but i'm unable because the program is currently only checking if the Username is in the SQLITE database, i'm unsure why.

My connection is done from 

QSqlDatabase login = QSqlDatabase::addDatabase("QSQLITE");
login.setDatabaseName("/Users/Daniel/Dropbox/Stock_Control.sqlite");
if(!login.open())
    ui->label->setText("Unable To Connect To Database");

My Log in code is below 

static Home *home = new Home;
QSqlQuery query;
QString Username = ui->Username_lineEdit->text();
QString Password = ui->Password_lineEdit->text();
query.prepare("SELECT Login, Password FROM Program_account WHERE Login = '"+ Username +"' AND Password = '"+ Password +"'");
if(!query.exec())
{
    qDebug() << "SQL QUERY Login:" << query.executedQuery();
    qDebug() << "SQL ERROR Login:" << query.lastError();
}
else if(!query.first())
{
    qDebug() << "SQL QUERY Login:" << query.executedQuery();
    qDebug() <<  query.value(1);
    qDebug() << "SQL ERROR Login:" << query.lastError();
    tries++;
    int x = 10 - tries;
    ui->label->setText("Incorrect Username or Password " + QString::number(x) + " tries until timeout");
}
else
{
    qDebug() << "SQL QUERY Login:" << query.executedQuery();
    qDebug() <<  query.value(1);
    qDebug() <<  query.last();
    qDebug() << "SQL ERROR Login:" << query.lastError();
    tries = 0;
    home->show();
    close();
}

When query.value(1) is run the output is QVariant(Invalid), im guessing this is the source of my problem but i dont know why not how to fix it.

Thank you

Improve this question
3
  • 1
    I don't see the query.value(1) call anywhere in the above code. Could you elaborate? Commented Dec 30, 2014 at 20:27
  • I'm i must have changed it whilst i was testing, but query.value(0) gives me the value of the login field in the database Program_account, but query.value(1) returns QVariant(Invalid) and i'm guessing that I is why the program is allowing any password from the Password QLineEdit, but allows only Usernames that are in the database. Commented Dec 30, 2014 at 20:37
  • 1
    Pay attention that filling your query like you do, you are subject to SQL injection (test it with a login "myLogin OR 1=1;"). Use query.bindValue() or .addBindValue() is much better. Also, I don't know how qDebug can print QVariant objects but I advise you to just explicitly convert your data: query.value(0).toString(). Commented Dec 31, 2014 at 15:23

1 Answer 1

Reset to default
1

From looking at the above code I'm betting that the QSqlQuery object isn't getting properly initialized and is thus not executing the statement successfully.

You have to pass the connection to the QSQlQuery when you create it or set it manually like the following:

QSqlQuery query(login);

Since this never gets set you execute the query against nothing and it fails. The error messaging on the QSQlQuery object in this scenario is less than ideal.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.