--叫是先查询用户名如果存在,再比对密码。
@UserName nvarchar(50),
@PassWord nvarchar(50),
@InputLogin int output
AS
begin
if exists( Select * From Users Where UserName = @UserName )
begin
select @InputLogin = 1
end
else
begin
select @InputLogin = 0
end
end
@UserName nvarchar(50),
@PassWord nvarchar(50),
@InputLogin int output
AS
begin
if exists( Select * From Users Where UserName = @UserName )
begin
select @InputLogin = 1
end
else
begin
select @InputLogin = 0
end
end
-------------------------------------------------------------------
這樣寫好像不怎麼好
試試:
set @UserName='XXX or 1=1'
怎麼查都是Ok
@PassWord nvarchar(50),
@InputLogin int output --0 用户名不存在,1 密码错误, 2 正确
AS
begin
if Not exists( Select 1 From Users Where UserName = @UserName )
set @InputLogin = 0
else if Not exists( Select 1 From Users Where UserName = @UserName And PassWord=@PassWord)
set @InputLogin = 1
else
set @InputLogin = 2
end
再说我的密码都是MD532加密的很复杂应该注入也不怕的