MariaDB/SQL query Login system

:information_source: Attention Topic was automatically imported from the old Question2Answer platform.
:bust_in_silhouette: Asked By joleera

hi;
i did connect database but if i enter with wrong user password and name i can login how to fix thank you

remote func AuthenticatePlayer(username, password, player_id):
var gateway_id = get_tree().get_rpc_sender_id()
var result
if not db.query("SELECT password FROM users WHERE password=password"):
	password = password
	result = false
else:
	print("Succees")
	result = true

or
i try

if db.query("SELECT password FROM users WHERE password=password"):

when i do this i cant login in right user password and name

:bust_in_silhouette: Reply From: joleera

i try
if db.query(“SELECT password FROM users WHERE password=password”):
when i do this i cant login in right user password and name

:bust_in_silhouette: Reply From: aipie

Hi,

I don’t know which module you are using to query with mariadb.

I would expect that

db.query("your_select_query")

would return what you are selecting.
In your case it is either all users with a password equal to the literal string “password” or no records at all.

Your if expects a boolean value.

In a sample I saw, it returns an array of dictionaries.

So it would then become something like

var temp = db.query("SELECT password FROM users WHERE password=password")
if temp.size()=0:

But this really depends on the extension of mysql/mariadb you are using. You need to check the documentation of the extension for that.

Also you are actually comparing with “password” and not the parameter password.

"select password from users where password = " + password

And lastly you are not using the username in your query (you would get all users with the same password or it could be a wrong password, but because someone else is using that password the login would be succesfull.