1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to validate user ID and password login from SQL Server thru C#

Discussion in 'C#' started by infotechpegasus, Apr 18, 2012.

  1. infotechpegasus

    infotechpegasus New Member

    Joined:
    Apr 18, 2012
    Messages:
    2
    Likes Received:
    0
    Trophy Points:
    0
    Location:
    under the code
    Home Page:
    First Question :D
    I have cases to validate user login (ID and Password) , check to database in sql server 2008..
    I have created stored procedure to login , but how can I make the sp return value whether the user ID and password is wrong..
    thx :D
     
  2. bzforum

    bzforum New Member

    Joined:
    May 20, 2012
    Messages:
    25
    Likes Received:
    7
    Trophy Points:
    0
    Occupation:
    CEO & Founder
    Location:
    Mumbai , India
    Home Page:
    Call the sp from c# and fill it in a DataTable and then count the rows of the datatable

    PHP:
    select from login where usrname='abc' and password='123' 
    if the number of rows is zero the login is incorrect if the rows returned is 1 then the credentials are correct...

    remember you will have to disallow the use of these characters * ; '' @ etc so that there are no injections...
     
    coderzone likes this.
  3. pein87

    pein87 New Member

    Joined:
    Aug 6, 2010
    Messages:
    173
    Likes Received:
    47
    Trophy Points:
    0
    Occupation:
    Web Dev
    Location:
    Limbo
    instead of select all just select what you need. If you have a monsterous usertable like vbulletin or other software does it is unneeded load to query the entire thing. Store that request data as either an array with two fields or two separate variables. No hard coding these values because you what it to be dynamic.

    Code:
    
    string uName = Request.Form['username'];
    
    string passWrd = Request.Form['password'];
    
    Code:
    SELECT usrname, password FROM login where usrname = uName  AND password = passWrd;
    or with an array.

    Code:
    
    string[] userCreds = { Request.Form['username'], Request.Form['password'] };
    
    /* alternate way to do it
    string[] userCreds = new string[2];
    
    userCreds[0] = Request.Form['username'];
    userCreds[1] = Request.Form['password'];
    */
    
    
    Code:
    SELECT usrname, password FROM login where usrname = userCreds[0]  AND password = userCreds[1];
    Be sure to make a reference to System.Web and use it or else Request will not work.
     

Share This Page