First Question I have cases to validate user login (ID and Password) , check to database in sql server 2008.. I have created stored procedure to login , but how can I make the sp return value whether the user ID and password is wrong.. thx
Call the sp from c# and fill it in a DataTable and then count the rows of the datatable PHP: select * from login where usrname='abc' and password='123' ; if the number of rows is zero the login is incorrect if the rows returned is 1 then the credentials are correct... remember you will have to disallow the use of these characters * ; '' @ etc so that there are no injections...
instead of select all just select what you need. If you have a monsterous usertable like vbulletin or other software does it is unneeded load to query the entire thing. Store that request data as either an array with two fields or two separate variables. No hard coding these values because you what it to be dynamic. Code: string uName = Request.Form['username']; string passWrd = Request.Form['password']; Code: SELECT usrname, password FROM login where usrname = uName AND password = passWrd; or with an array. Code: string[] userCreds = { Request.Form['username'], Request.Form['password'] }; /* alternate way to do it string[] userCreds = new string[2]; userCreds[0] = Request.Form['username']; userCreds[1] = Request.Form['password']; */ Code: SELECT usrname, password FROM login where usrname = userCreds[0] AND password = userCreds[1]; Be sure to make a reference to System.Web and use it or else Request will not work.
