語法錯誤：在Python mysql的登錄無效語法

Question

C:\Python34\python.exe C:/Users/Stig/Desktop/python/main.py 
File "C:/Users/Stig/Desktop/python/main.py", line 9 
    if(query.execute("SELECT * FROM 'USERS' where 'username'" + `username` + "' AND `password`='" + `password`)): 
                   ^
SyntaxError: invalid syntax 

Code:

import MySQLdb 
from tkinter import * 

root = Tk() 

def makeLoggedInWindow(): 
    if(query.execute("SELECT * FROM 'USERS' where 'username'", 'username', "' AND `password`='", 'password', "'")): 
     window = Tk() 
     db.commit() 
     label_3 = Label(window, text="Du er nu logget ind!") 
     label_3.pack() 
    else: 
     db.commit() 
     print ("Login fejlede!") 

label = Label(root, text="Velkommen til mit log ind script!") 
db = MySQLdb.connect(host="localhost", 
        user="root", 
        db="users") 

query = db.cursor() 

loop = 'true' 
label_1 = Label(root, text="Username: ") 
label_2 = Label(root, text="Password: ") 
username = Entry(root) 
password = Entry(root, show='*') 
button_1 = Button(root, text="Log ind!", command=makeLoggedInWindow) 

label_1.pack() 
label_2.pack() 
username.pack() 
password.pack() 
button_1.pack() 

root.mainloop() 

能有人幫助？

Answer 1

你缺少=後username字段名。另外你爲什麼不使用Python命令替換爲更清楚：

"SELECT * FROM USERS where username={0} AND password={1}".format(username,password) 

Answer 2

你回溯表明您使用的是舊repr語法 - 的`backticks`。而且你在這裏提出的代碼是不正確的。

的反引號沒有工作在Python 2，但在Python 3

所有的一切不再，這種技術是很大的缺陷 - repr不能保證給SQL兼容輸出;並且您將很容易受到SQL注入的影響。您應該使用SQL中的佔位符代替查詢：

query.execute("SELECT * FROM USERS where username = %s AND password = %s", 
    (username, password))