SELECT FROM WHERE: 2 variables

Question

I have a database with username and password. I want to search for both these to be matching and if it matches, user can login (and if not error shows).

However the if condition of my code doesn't ever fulfil (even when username and password match).

My SQL query must be wrong, I tried finding a solution to searching for more than one variable in a query but couldn't find an answer that worked for me unfortunately, hence why I've asked.

def userLogin(self):
    username, password = self.getUserPass()
    con = sql.connect("database.db")
    cur = con.cursor()
    cur.execute("SELECT * FROM users WHERE (?) AND (?)", (username, password))
    if cur.fetchmany(size=1):
        print("Username and Password match!")
    else:
        print("Wrong username and password combination.")

Answer 1

Parameter substitution simply inserts the contents of the given variables into the query. So for user "myuser" and password "mypass", the query you're running is:

SELECT * FROM users WHERE ('myuser') AND ('mypass')

This isn't going to do what you expect because you haven't specified which columns to check. Start by writing a full example query that you could run from an interactive SQLite shell. For example, if your username column is called "user" and your password column is called "pass", your query might be:

SELECT * FROM users WHERE user='myuser' AND pass='mypass'

Then just replace the variable values (including quotes if it's a string) with question marks:

SELECT * FROM users WHERE user=? AND pass=?

Substitute that query into your code and it should act as you expect.