About string parameters to stored procedure
- From: "Owen Wong" <pepwelcome@xxxxxxxxxxxx>
- Date: 3 Sep 2006 23:36:06 -0700
Hi, I wrote a stored procedure to check user's name (vartype: chr) and
password (chr, too).
Do I have to check whether there is an apostrophe ("'") in the name
string and password string? I tried to put some "'"s in the name string
and didn't replace them with double "'", but it seemed you can not
cheat the stored procedure about it.
-----------------
My stored procedure (SQL server 2000):
CREATE PROCEDURE dbo.userLogin
(
@userName varchar(20),
@password varchar(20),
@userID int output
)
AS
select @userID=[id] from [user] where [name]=@userName and
[password]=@password
return @userID
-------------------
.
- Follow-Ups:
- Re: About string parameters to stored procedure
- From: Dominick Baier
- Re: About string parameters to stored procedure
- Prev by Date: Re: IIS Authentication vs. WindowsIdentity
- Next by Date: Re: About string parameters to stored procedure
- Previous by thread: IIS Authentication vs. WindowsIdentity
- Next by thread: Re: About string parameters to stored procedure
- Index(es):
Relevant Pages
|
