2014-04-01 35 views
0

SQL:我似乎无法让我的存储过程返回正确的值

ALTER PROCEDURE UserLogin (@username varchar(30), @password varchar(20)) 
AS 
    SELECT * 
    FROM [User] 
    WHERE User_ID = @username AND Password = @password 

    IF @@ROWCOUNT = 1 
     RETURN 1 
    ELSE 
     RETURN 0 

VB:

Imports System.Data 
Imports System.Data.SqlClient 
Imports System.Diagnostics 

Public Class Login 
    Inherits System.Web.UI.Page 
    Dim connectionString As String = "Data Source=SIMON;Initial Catalog=AlphaSYS39414;Persist Security Info=True;User ID=xxxxx;Password=xxxxxx" 

    Protected Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click 
     Using connection As New SqlConnection(connectionString) 
      Dim account As String = txtusername.Text 
      Dim mypassword As String = txtpassword.Text 
      Dim ResponseNum As Integer 
      connection.Open() 
      Dim cmd As SqlCommand = New SqlCommand("UserLogin", connection) 
      cmd.CommandType = CommandType.StoredProcedure 
      cmd.Parameters.Add(New SqlParameter("@username", account)) 
      cmd.Parameters.Add(New SqlParameter("@password", mypassword)) 
      ResponseNum = cmd.ExecuteNonQuery() 
      Debug.Print(ResponseNum) 
      If ResponseNum = 1 Then 
       Response.Redirect("https://google.com") 
      Else 
       Response.Redirect("https://yahoo.com") 
      End If 
     End Using 
    End Sub 
End Class 

我试图让我的代码存储过程值返回1或0,然后相应地重定向,但每次似乎都返回-1。有什么建议么?

回答

0

您的第一个SELECT会妨碍您。

ALTER PROCEDURE UserLogin (@username varchar(30), @password varchar(20)) 
AS 
    IF EXISTS (SELECT * FROM [User] WHERE User_ID = @username AND Password = @password) 
     RETURN 1 
    ELSE 
     RETURN 0 

您是否确实将密码保存在SQL Server表中?不是最安全的事情。

+0

请接受/ upvote如果你觉得这个答案有用,所以其他人可以从中受益。 – dean