CREATE PROCEDURE UserLogin @Tablenum varchar(50),
@Username varchar(50),
@UserPassword varchar(50),
@iReturn int output as DECLARE @SqlStr NVARCHAR(1000)
set @SqlStr="select * from ["+ @Tablenum + "] where [username] = "+@Username
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=0
end else begin
set @SqlStr="select * from ["+@Tablenum+"] where [username]= "+@Username+" and [password] = "+@UserPassword
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=1
end else
begin
set @iReturn=2
end
end
GO
'====================================ASP调用=====================================================================
dim action,username,password,Tablename
action=Trim(Request.QueryString("action"))
if action="login" then username=Trim(Request.Form("username"))
password=Trim(Request.Form("password"))
Tablename="admin"
call userSignin(Tablename,username,password)'调用检验子程序SUB userSignin(Tablename,username,password)
Set MyComm = Server.CreateObject("ADODB.Command")
with MyComm
.ActiveConnection = conn
.CommandText = "userLogin"
.CommandType = 4
.Prepared = true
.Parameters.Append .CreateParameter("@Tablenum",200,1,50,Tablename) '//参数顺序:参数名,参数数据类型,参数类型,数据长度,参数值
.Parameters.Append .CreateParameter("@Username",200,1,50,username)
.Parameters.Append .CreateParameter("@UserPassword",200,1,50,password)
.Parameters.Append .CreateParameter("@iReturn",3,2,4)
.Execute
end with
loginvalue= MyComm(3)
'-------------------------------------------------
'---功能描述:验证用户登陆
'---0,用户不存在
'---1,密码错误
'---2,成功
'------------------------------------------------
select case loginvalue
case 0
response.write" 用户不存在"
case 1
response.write" 密码错误"
case 2
response.write" 登陆成功"
end select
end sub
end if
@Username varchar(50),
@UserPassword varchar(50),
@iReturn int output as DECLARE @SqlStr NVARCHAR(1000)
set @SqlStr="select * from ["+ @Tablenum + "] where [username] = "+@Username
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=0
end else begin
set @SqlStr="select * from ["+@Tablenum+"] where [username]= "+@Username+" and [password] = "+@UserPassword
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=1
end else
begin
set @iReturn=2
end
end
GO
'====================================ASP调用=====================================================================
dim action,username,password,Tablename
action=Trim(Request.QueryString("action"))
if action="login" then username=Trim(Request.Form("username"))
password=Trim(Request.Form("password"))
Tablename="admin"
call userSignin(Tablename,username,password)'调用检验子程序SUB userSignin(Tablename,username,password)
Set MyComm = Server.CreateObject("ADODB.Command")
with MyComm
.ActiveConnection = conn
.CommandText = "userLogin"
.CommandType = 4
.Prepared = true
.Parameters.Append .CreateParameter("@Tablenum",200,1,50,Tablename) '//参数顺序:参数名,参数数据类型,参数类型,数据长度,参数值
.Parameters.Append .CreateParameter("@Username",200,1,50,username)
.Parameters.Append .CreateParameter("@UserPassword",200,1,50,password)
.Parameters.Append .CreateParameter("@iReturn",3,2,4)
.Execute
end with
loginvalue= MyComm(3)
'-------------------------------------------------
'---功能描述:验证用户登陆
'---0,用户不存在
'---1,密码错误
'---2,成功
'------------------------------------------------
select case loginvalue
case 0
response.write" 用户不存在"
case 1
response.write" 密码错误"
case 2
response.write" 登陆成功"
end select
end sub
end if
SELECT TOP 1000 [Recno]
,[ActionID]
,[TableName]
,[StartTime]
,[EndTime]
,[RecCount]
FROM [NSMCHIS].[dbo].[NSMCHIS_log_Transfer]
where ActionID=16
order by RecCount desc
CREATE PROCEDURE UserLogin @Tablenum varchar(50),
@Username varchar(50),
@UserPassword varchar(50),
@iReturn int output as DECLARE @SqlStr NVARCHAR(1000)
set @SqlStr='select * from ['+ @Tablenum + '] where [username] = '''+@Username +''''
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=0
end else begin
set @SqlStr='select * from ['+@Tablenum+'] where [username]= '''+@Username+''' and [password] = '''+@UserPassword +''''
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=1
end else
begin
set @iReturn=2
end
end
GO
@Username varchar(50),
@UserPassword varchar(50),
@iReturn int output as DECLARE @SqlStr NVARCHAR(1000)
set @SqlStr='select * from ['+ @Tablenum + '] where [username] = '''+@Username+''''
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=0
end else begin
set @SqlStr='select * from ['+@Tablenum+'] where [username]= '''+@Username+''' and [password] ='''+@UserPassword+''''
exec(@SqlStr )
if(@@rowcount <1) begin
set @iReturn=1
end else
begin
set @iReturn=2
end
end
GO
@Tablenum varchar(50),
@Username varchar(50),
@UserPassword varchar(50),
@iReturn int output
as
begin
DECLARE @SqlStr NVARCHAR(1000)
set @SqlStr='select * from ['+ @Tablenum + '] where [username] = '''+@Username+''''
exec(@SqlStr )
if(@@rowcount <1)
set @iReturn=0
else
begin
set @SqlStr='select * from ['+@Tablenum+'] where [username]= '''+@Username+''' and [password] ='''+@UserPassword+''''
exec(@SqlStr )
if(@@rowcount <1)
set @iReturn=1
else
set @iReturn=2
end
end
GO
--------------
username 和 passowrd 应该是字符串吧? 那应该有字符中边界符
set @SqlStr="select * from ["+@Tablenum+"] where [username]= '"+@Username+"' and [password] = '"+@UserPassword
+ "'"
@Tablenum varchar(50),
@Username varchar(50),
@UserPassword varchar(50),
@iReturn int output
as DECLARE @SqlStr NVARCHAR(1000)
set @SqlStr='select * from ['+ @Tablenum + '] where [username] ='''+@Username +''''
exec(@SqlStr )
if(@@rowcount <1)
set @iReturn=0
else
begin
set @SqlStr='select * from ['+@Tablenum+'] where [username]='''+@Username+''' and [password]='''+@UserPassword+''''
exec(@SqlStr )
if(@@rowcount <1)
set @iReturn=1
else
set @iReturn=2 end
RETURN