存储过程调用出错
0
悬赏园豆:20
[已关闭问题]
string connectionstring = "Data Source=CE5BC36663C4490\\SQLEXPRESS;Initial Catalog=Shop online;Integrated Security=True";
SqlConnection conn = new SqlConnection(connectionstring);
int IsRight;
SqlCommand myCommand = new SqlCommand("Test2", conn);
myCommand.CommandType = CommandType.StoredProcedure;//存储过程类型
SqlParameter Name = new SqlParameter("@Name", SqlDbType.NChar);
SqlParameter Pwd = new SqlParameter("@Password", SqlDbType.NChar);
Name.Value = TextBox1 .Text ;
Pwd.Value = TextBox2 .Text ;
myCommand.Parameters.Add(Name);
myCommand.Parameters.Add(Pwd);
myCommand.Parameters.Add(new SqlParameter("@IsRight", SqlDbType.Int));
myCommand.Parameters["@IsRight"].Direction = ParameterDirection.Output;//输出参数
conn.Open();
myCommand.ExecuteNonQuery();
IsRight = (int)myCommand.Parameters["@IsRight"].Value;
if (IsRight == 0)
{
Response.Write("It's OK");
}
else if (IsRight == 1)
{
Response.Write("Password is wrong");
}
//else
//{
// Response.Write("User is wrong");
//}
conn.Close();
存储过程:
REATE PROCEDURE Test2
(
@Name nchar,
@Password nchar,
@IsRight int output
)
AS
if exists(select * from Customer where Name=@Name and Password=@Password)
set @IsRight=0
else
set @IsRight=1
Return IsNull(@IsRight,2)
GO
当输入密码正确 也提示 密码错误 ,即Password is wrong
另外 如果不用存储过程,怎么防止注入攻击。。
小弟初学,望高手帮忙。。。小弟积分不多了,所以给分很少,望见谅!
其他回答(2)
0
不用存储过程一样可以防止SQL 注入。
请参考下面文章
http://msdn.microsoft.com/zh-cn/library/hdb58b2f(VS.80).aspx
0
既然是用OUTPUT 就不用RETURN了。 使用SELECT
if exists(select * from Customer where Name=@Name and Password=@Password)
SELECT @IsRight=0
else
SELECT @IsRight=1
0
把异常发出来看看
