October 2, 2008 at 7:17 am
Can someone plz have a look my code?
I wrote a stored procedure at sql server:
create procedure myproc
(@username varchar(20),@pwsd int, @validation int output)
as
begin
if (exists(select username,pwsd from logintable where username=@username and pwsd = @pwsd))
set @validation =1
else
set @validation =0
end
(the logintable contains 3 attributes, Id, username and pwsd)
and there are 2 textboxes and 1 submit button on a website form under vs.net, once user inputed the correct information and clicked the button, the page will be automatically navigate to the desired page if it was wrong a msg will be shown in the label.
this is the code in C# .net
protected void Submit1_ServerClick(object sender, EventArgs e)
{
if ParameterDirection.Output =1
Response.Redirect("default2.aspx", true);
}
it doesn't work, and I have no idea about where was it wrong?
thanks in advance ~!
October 2, 2008 at 7:44 am
ParameterDirection.Output is an enum. It does not indicate the value of your output parameter. To get the value of the output parameter, you need to get it from the parameters collection after executing the procedure.
I am not a big fan of creating a login system within a database engine that already has it's own login management, so I think your overall approach of having your own table for login information is not the way to go. However, if you are going to do this, I would recommend raising an error in your procedure if the login fails and putting a try/catch block around the procedure call to catch a login failure.
October 2, 2008 at 10:08 am
zomg!! don't store passwords.. wtb some hash and please pass the salt.
October 2, 2008 at 5:12 pm
sry for asking the stupid question, im a new for sql and C#, the login control in .net is too complicated for me, I just want a simple login function, btw, how could I validate a user if I don't store the password or username ?
October 2, 2008 at 6:30 pm
If you use the built-in tools within .NET - you can have it build you a database-driven version of a login scenario, using forms authentication. It will handle everything for you, and will come up with a scenario which doesn't involve storing passwords in database tables.
In other words - it will likely be something better than we would come up with, and it will do it in a fraction of the time. You could actually have it set up and running in a few minutes, and the HARD part would be to create the users (and not spend weeks/months coming up with a scenario that isn't laughably easy to bypass).
To get started, just located the .NET web site administration tool (it's an icon in VS).
----------------------------------------------------------------------------------
Your lack of planning does not constitute an emergency on my part...unless you're my manager...or a director and above...or a really loud-spoken end-user..All right - what was my emergency again?
October 3, 2008 at 2:40 am
solved ~! thx for all~!
Viewing 6 posts - 1 through 5 (of 5 total)
You must be logged in to reply to this topic. Login to reply