[infotechpegasus]

First Question
I have cases to validate user login (ID and Password) , check to database in sql server 2008..
I have created stored procedure to login , but how can I make the sp return value whether the user ID and password is wrong..
thx

[bzforum]

Call the sp from c# and fill it in a DataTable and then count the rows of the datatable

PHP Code:

select * from login where usrname='abc' and password='123' ; 


if the number of rows is zero the login is incorrect if the rows returned is 1 then the credentials are correct...

remember you will have to disallow the use of these characters * ; '' @ etc so that there are no injections...

[pein87]

instead of select all just select what you need. If you have a monsterous usertable like vbulletin or other software does it is unneeded load to query the entire thing. Store that request data as either an array with two fields or two separate variables. No hard coding these values because you what it to be dynamic.

Code: Csharp

string uName = Request.Form['username'];

string passWrd = Request.Form['password'];

Code: SQL

SELECT usrname, password FROM login WHERE usrname = uName  AND password = passWrd;

or with an array.

Code: Csharp

string[] userCreds = { Request.Form['username'], Request.Form['password'] };

/* alternate way to do it
string[] userCreds = new string[2];

userCreds[0] = Request.Form['username'];
userCreds[1] = Request.Form['password'];
*/

Code: SQL

SELECT usrname, password FROM login WHERE usrname = userCreds[0]  AND password = userCreds[1];

Be sure to make a reference to System.Web and use it or else Request will not work.