How to validate user ID and password login from SQL Server thru C#

infotechpegasus's Avatar, Join Date: Apr 2012
Newbie Member
First Question
I have cases to validate user login (ID and Password) , check to database in sql server 2008..
I have created stored procedure to login , but how can I make the sp return value whether the user ID and password is wrong..
thx
0
bzforum's Avatar, Join Date: May 2012
Go4Expert Member
Call the sp from c# and fill it in a DataTable and then count the rows of the datatable

PHP Code:
select from login where usrname='abc' and password='123' 
if the number of rows is zero the login is incorrect if the rows returned is 1 then the credentials are correct...

remember you will have to disallow the use of these characters * ; '' @ etc so that there are no injections...
coderzone like this
0
pein87's Avatar
Ambitious contributor
instead of select all just select what you need. If you have a monsterous usertable like vbulletin or other software does it is unneeded load to query the entire thing. Store that request data as either an array with two fields or two separate variables. No hard coding these values because you what it to be dynamic.

Code: Csharp
string uName = Request.Form['username'];

string passWrd = Request.Form['password'];
Code: SQL
SELECT usrname, password FROM login WHERE usrname = uName  AND password = passWrd;

or with an array.

Code: Csharp
string[] userCreds = { Request.Form['username'], Request.Form['password'] };

/* alternate way to do it
string[] userCreds = new string[2];

userCreds[0] = Request.Form['username'];
userCreds[1] = Request.Form['password'];
*/
Code: SQL
SELECT usrname, password FROM login WHERE usrname = userCreds[0]  AND password = userCreds[1];

Be sure to make a reference to System.Web and use it or else Request will not work.