create procedure 存储过程名
@userid varchar(20),
@pwd varchar(20),
@RetValue int out
as
select 1 from UserTable where UserID=@userid and Password=@pwd
if(@@RowCount>0)
Begin
Set @RetValue=0--0表示用户名密码正确
Return
End
else
Begin
select 1 from UserTable where UserID=@userid
if(@@RowCount>0)
Begin
Set @RetValue=1--1表示用户名存在,但密码不正确
Return
End
End
Set @RetValue=2--2表示用户名不存在
Return--在.net中定义一个变量取@RetValue的值就行
@userid varchar(20),
@pwd varchar(20),
@RetValue int out
as
select 1 from UserTable where UserID=@userid and Password=@pwd
if(@@RowCount>0)
Begin
Set @RetValue=0--0表示用户名密码正确
Return
End
else
Begin
select 1 from UserTable where UserID=@userid
if(@@RowCount>0)
Begin
Set @RetValue=1--1表示用户名存在,但密码不正确
Return
End
End
Set @RetValue=2--2表示用户名不存在
Return--在.net中定义一个变量取@RetValue的值就行
Create Proc p1
(@userid varchar(20),
@pwd varchar(20))
as
declare @pwdx varchar(20)select @pwdx=pwd from [table] where @userid=userid
--这样写繁琐了一点,但能放防sql 注入if @@rowcount =0
select -2
else
begin
if @pwdx=@pwd
select 1
else
select -1
end
go
c# 例子
string userid="", pwd="", connectionstring=""; SqlConnection connection = new SqlConnection(connectionstring); SqlDataAdapter da = new SqlDataAdapter("exec p1 '" + userid + "','" + pwd + "'", connection); connection.Open(); DataSet ds = new DataSet(); da.Fill(ds); if (ds.Tables[0].Rows[0][0].ToString() == "1")
MessageBox.Show("OK");
else if (ds.Tables[0].Rows[0][0].ToString() == "-2")
MessageBox.Show("你的用户号不存在.");
else if (ds.Tables[0].Rows[0][0].ToString() == "-2")
MessageBox.Show("你输入的密码错误,请重新输入。只能输入三次"); connection.Close();
@uid varchar(20),
@pwd varchar(20),
as
declare @t_pwd varchar(20)
select @t_pwd = password from UserTable where uid=@uid and pwd=@pwd
if(@t_pwd = '')
Begin
return 0 --用户名不正确
End
else
begin
if (@t_pwd != @pwd)
return 1 --密码不正确
else
return 2 --没问题OK
end前台接存储过程的返回值用ParameterDirection.ReturnValue
然后通过ViewState保存登陆失败的次数,根据返回值判断情况
string strUserCD=txtEmployeeCode.Text;//窗体控件
string strPassWord=txtPassword.Text;
string cnstr=System.Configuration.ConfigurationSettings.AppSettings ["conPF"];
SqlConnection connection = new SqlConnection(cnstr);
SqlCommand cmd = new SqlCommand("h",connection);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add(new SqlParameter("@userid", SqlDbType.Int));
cmd.Parameters["@userid"].Value = strUserCD;
cmd.Parameters["@pwd"].Value = strPassWord;
cmd.Parameters["@RetValue"].Direction = ParameterDirection.Output;
cmd.ExecuteNonQuery();
string backstr = cmd.Parameters["@RetValue"].Value.ToString();
cmd.Dispose();
if (backstr=="0")
{
Response.Write("<script language=javascript>alert('zhengque')</script>");
}
if(backstr=="1")
{
Response.Write("<script language=javascript>alert('mimabuzhengque')</script>");
}
if(backstr=="2")
{
Response.Write("<script language=javascript>alert('yonghumingbucunzai')</script>");
}
这样写不正确啊
老是有错
在asp中不支持messabox
而且我从页面获取的参数如何传呢?
就是用户输入的两个值
cmd.Parameters[ "@userid "].Value = strUserCD;
cmd.Parameters[ "@pwd "].Value = strPassWord;
这个就传了值了
你是从那里传的值,从html??那样可以在链接中带参数传值