PAGE HEADER: problem with space

HI friends,
I've got one question. When I realize "log in" in my sql server, I am using
SP like this:
CREATE Procedure CustomerLogin
(
@.Email nvarchar(30),
@.Pwd nvarchar(10),
@.CustomerID int OUTPUT
)
AS
SELECT
@.CustomerID = CustomerID
FROM
Customers
WHERE
Email = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS
AND
Pwd =@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS
IF @.@.Rowcount < 1
SELECT
@.CustomerID = 0
GO
The problem is that if the password is "qweqwe" and I try to log in with
"qweqwe " or even "qweqwe " (I mean with space after last symbol) it
succeed!!!
Interesting but if I try to log in with " qweqwe" (I mean with space in
beginning) it not succeed.
I don't know why. Could you please somebody help me?This is a multi-part message in MIME format.
--020209070906080502050607
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Post the DDL for your Customers table. Specifically, what's datatype of
the Pwd column?
--
*mike hodgson* |/ database administrator/ | mallesons stephen jaques
*T* +61 (2) 9296 3668 |* F* +61 (2) 9296 3885 |* M* +61 (408) 675 907
*E* mailto:mike.hodgson@.mallesons.nospam.com |* W* http://www.mallesons.com
Mango wrote:
>HI friends,
>I've got one question. When I realize "log in" in my sql server, I am using
>SP like this:
>CREATE Procedure CustomerLogin
>(
> @.Email nvarchar(30),
> @.Pwd nvarchar(10),
> @.CustomerID int OUTPUT
>)
>AS
>
>SELECT
> @.CustomerID = CustomerID
>
>FROM
> Customers
>
>WHERE
> Email = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS
> AND
> Pwd =@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS
>
>IF @.@.Rowcount < 1
>SELECT
> @.CustomerID = 0
>GO
>
>The problem is that if the password is "qweqwe" and I try to log in with
>"qweqwe " or even "qweqwe " (I mean with space after last symbol) it
>succeed!!!
>Interesting but if I try to log in with " qweqwe" (I mean with space in
>beginning) it not succeed.
>I don't know why. Could you please somebody help me?
>
>
--020209070906080502050607
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<tt>Post the DDL for your Customers table. Specifically, what's
datatype of the Pwd column?</tt> 
<div class="moz-signature">
<title></title>
<meta http-equiv="Content-Type" content="text/html; ">
-- 
 mike
hodgson | database administrator
| mallesons stephen jaques 
T +61 (2) 9296 3668 | F +61
(2) 9296 3885 | M +61
(408) 675 907 
E
<a href="http://links.10026.com/?link=mailto:mike.hodgson@.mallesons.nospam.com">
mailto:mike.hodgson@.mallesons.nospam.com</a> | W <a href="http://links.10026.com/?link=/">http://www.mallesons.com">
http://www.mallesons.com</a> 
</div>
 
 
Mango wrote:
<blockquote cite="miduqIMeBIGFHA.2180@.TK2MSFTNGP12.phx.gbl" type="cite">
<pre wrap="">HI friends,
I've got one question. When I realize "log in" in my sql server, I am using
SP like this:
CREATE Procedure CustomerLogin
(
@.Email nvarchar(30),
@.Pwd nvarchar(10),
@.CustomerID int OUTPUT
)
AS
SELECT
@.CustomerID = CustomerID
FROM
Customers
WHERE
Email = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS
AND
Pwd =@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS
IF @.@.Rowcount < 1
SELECT
@.CustomerID = 0
GO
The problem is that if the password is "qweqwe" and I try to log in with
"qweqwe " or even "qweqwe " (I mean with space after last symbol) it
succeed!!!
Interesting but if I try to log in with " qweqwe" (I mean with space in
beginning) it not succeed.
I don't know why. Could you please somebody help me?
</pre>
</blockquote>
</body>
</html>
--020209070906080502050607--|||the datatype of Pwd is nvarchar. I found that is working corect if i write
it like this:
CREATE Procedure CustomerLogin
(
@.Email nvarchar(80),
@.Pwd nvarchar(50),
@.CustomerID int OUTPUT
)
AS
SELECT
@.CustomerID = CustomerID
FROM
Customers
WHERE
Email + '1' = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS + '1'
AND
Pwd + '1'=@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS + '1'
IF @.@.Rowcount < 1
SELECT
@.CustomerID = 0
GO
But I am sure this is not the best approach
"Mike Hodgson" <mike.hodgson@.mallesons.nospam.com> wrote in message
news:#t9fdRIGFHA.2608@.TK2MSFTNGP10.phx.gbl...
> Post the DDL for your Customers table. Specifically, what's datatype of
> the Pwd column?
> --
> *mike hodgson* |/ database administrator/ | mallesons stephen jaques
> *T* +61 (2) 9296 3668 |* F* +61 (2) 9296 3885 |* M* +61 (408) 675 907
> *E* mailto:mike.hodgson@.mallesons.nospam.com |* W*
http://www.mallesons.com
>
> Mango wrote:
> >HI friends,
> >
> >I've got one question. When I realize "log in" in my sql server, I am
using
> >SP like this:
> >
> >CREATE Procedure CustomerLogin
> >
> >(
> >
> > @.Email nvarchar(30),
> >
> > @.Pwd nvarchar(10),
> >
> > @.CustomerID int OUTPUT
> >
> >)
> >
> >AS
> >
> >
> >
> >SELECT
> >
> > @.CustomerID = CustomerID
> >
> >
> >
> >FROM
> >
> > Customers
> >
> >
> >
> >WHERE
> >
> > Email = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS
> >
> > AND
> >
> > Pwd =@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS
> >
> >
> >
> >IF @.@.Rowcount < 1
> >
> >SELECT
> >
> > @.CustomerID = 0
> >
> >GO
> >
> >
> >
> >The problem is that if the password is "qweqwe" and I try to log in with
> >"qweqwe " or even "qweqwe " (I mean with space after last symbol)
it
> >succeed!!!
> >
> >Interesting but if I try to log in with " qweqwe" (I mean with space in
> >beginning) it not succeed.
> >
> >I don't know why. Could you please somebody help me?
> >
> >
> >
> >
>

Friday, March 23, 2012

problem with space

No comments:

Post a Comment

PAGE HEADER

Blog Archive

About Me