HI friends,
I've got one question. When I realize "log in" in my sql server, I am using
SP like this:
CREATE Procedure CustomerLogin
(
@.Email nvarchar(30),
@.Pwd nvarchar(10),
@.CustomerID int OUTPUT
)
AS
SELECT
@.CustomerID = CustomerID
FROM
Customers
WHERE
Email = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS
AND
Pwd =@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS
IF @.@.Rowcount < 1
SELECT
@.CustomerID = 0
GO
The problem is that if the password is "qweqwe" and I try to log in with
"qweqwe " or even "qweqwe " (I mean with space after last symbol) it
succeed!!!
Interesting but if I try to log in with " qweqwe" (I mean with space in
beginning) it not succeed.
I don't know why. Could you please somebody help me?Post the DDL for your Customers table. Specifically, what's datatype of
the Pwd column?
*mike hodgson* |/ database administrator/ | mallesons stephen jaques
*T* +61 (2) 9296 3668 |* F* +61 (2) 9296 3885 |* M* +61 (408) 675 907
*E* mailto:mike.hodgson@.mallesons.nospam.com |* W* http://www.mallesons.com
Mango wrote:
>HI friends,
>I've got one question. When I realize "log in" in my sql server, I am using
>SP like this:
>CREATE Procedure CustomerLogin
>(
> @.Email nvarchar(30),
> @.Pwd nvarchar(10),
> @.CustomerID int OUTPUT
> )
>AS
>
>SELECT
> @.CustomerID = CustomerID
>
>FROM
> Customers
>
>WHERE
> Email = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS
> AND
> Pwd =@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS
>
>IF @.@.Rowcount < 1
>SELECT
> @.CustomerID = 0
>GO
>
>The problem is that if the password is "qweqwe" and I try to log in with
>"qweqwe " or even "qweqwe " (I mean with space after last symbol) it
>succeed!!!
>Interesting but if I try to log in with " qweqwe" (I mean with space in
>beginning) it not succeed.
>I don't know why. Could you please somebody help me?
>
>|||the datatype of Pwd is nvarchar. I found that is working corect if i write
it like this:
CREATE Procedure CustomerLogin
(
@.Email nvarchar(80),
@.Pwd nvarchar(50),
@.CustomerID int OUTPUT
)
AS
SELECT
@.CustomerID = CustomerID
FROM
Customers
WHERE
Email + '1' = @.Email COLLATE SQL_Latin1_General_CP1_CS_AS + '1'
AND
Pwd + '1'=@.Pwd COLLATE SQL_Latin1_General_CP1_CS_AS + '1'
IF @.@.Rowcount < 1
SELECT
@.CustomerID = 0
GO
But I am sure this is not the best approach
"Mike Hodgson" <mike.hodgson@.mallesons.nospam.com> wrote in message
news:#t9fdRIGFHA.2608@.TK2MSFTNGP10.phx.gbl...
> Post the DDL for your Customers table. Specifically, what's datatype of
> the Pwd column?
> --
> *mike hodgson* |/ database administrator/ | mallesons stephen jaques
> *T* +61 (2) 9296 3668 |* F* +61 (2) 9296 3885 |* M* +61 (408) 675 907
> *E* mailto:mike.hodgson@.mallesons.nospam.com |* W*
http://www.mallesons.com
>
> Mango wrote:
>
using[vbcol=seagreen]
it[vbcol=seagreen]
>sql
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment