在这个Bellow Code中我不能获得Loginname的价值..为什么?另外如何使用Loginname作为输入输出变量? [英] In This Bellow Code I Cant Get Value Of Loginname .. Why? Also How Can Use Loginname As Input Output Variable?
问题描述
GO
/ ******对象:StoredProcedure [dbo]。[spEX_LoginUser]
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo]。[spEX_LoginUser]
(
@ loginname varchar(50),
@password varchar(50)
)
AS
BEGIN
如果EXISTS(SELECT LoginName,[Password] FROM EX_Candidate WHERE LoginName = @ loginname AND [Password] = @ password AND Appeared = 0)
BEGIN
SELECT 1 AS Status,@ loginname as LoginName,'Login Successful'AS ReturnMessage
END
else
BEGIN
SELECT 0 AS Status,@ loginname as LoginName,'User does not exists'作为ReturnMessage
END
END
首先,为什么要返回传入的值?使用它的代码已经知道了......或者它无法传递给你。
其次,永远不要以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
GO
/****** Object: StoredProcedure [dbo].[spEX_LoginUser]
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER PROCEDURE [dbo].[spEX_LoginUser]
(
@loginname varchar(50),
@password varchar(50)
)
AS
BEGIN
IF EXISTS(SELECT LoginName, [Password] FROM EX_Candidate WHERE LoginName=@loginname AND [Password]=@password AND Appeared=0)
BEGIN
SELECT 1 AS Status,@loginname as LoginName,'Login Successful' AS ReturnMessage
END
else
BEGIN
SELECT 0 AS Status,@loginname as LoginName,'User doesnot exists' as ReturnMessage
END
END
First, why return a value that you pass in? The code that uses it already knows it...or it couldn't pass it to you.
Second, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
这篇关于在这个Bellow Code中我不能获得Loginname的价值..为什么?另外如何使用Loginname作为输入输出变量?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!