 |  |  |  |  |  |  |  |
Update a column in SQL using C#
Please support our C# advertiser: $4.95 a Month - ASP.NET Web Hosting – Click Here!
 |
Hi,
I'm workin on a website where i need to update a password using a stored procedure. I tested the stored procedure on SQL server and its working fine. but somehow i cannot seem to call it from C#. Can any one please help me?
Stored Procedure
CREATE PROCEDURE dbo.sp_ChangePassword
(
@Password VARCHAR(50),
@newPassword VARCHAR(50),
@Username VARCHAR(50)
)
AS
UPDATE Login SET Password = @newPassword
WHERE UserName = @UserName AND Password = @Password
RETURN
Code in c#
SqlConnection conn = new SqlConnection(@"Data Source=R2\SQLEXPRESS;Initial Catalog=Student;Integrated Security=True");
SqlCommand chpass = new SqlCommand("sp_ChangePassword",conn);
chpass.CommandType = CommandType.StoredProcedure;
chpass.Connection = conn;
SqlParameter usr_param = chpass.Parameters.Add("@Username", SqlDbType.VarChar);
SqlParameter currp_param = chpass.Parameters.Add("@Password", SqlDbType.VarChar);
SqlParameter newpass_param = chpass.Parameters.Add("@newPassword", SqlDbType.VarChar);
usr_param.Direction = ParameterDirection.Input;
currp_param.Direction = ParameterDirection.Input;
newpass_param.Direction = ParameterDirection.Input;
usr_param.Value = Piname.Text;
currp_param.Value = currpass.Text;
newpass_param.Value = newpass.Text;
try
{
chpass.ExecuteNonQuery();
errLabel.Text = "Password Sucessfully Changed";
}catch(Exception exp){errLabel.Text=exp.message;}
I'm workin on a website where i need to update a password using a stored procedure. I tested the stored procedure on SQL server and its working fine. but somehow i cannot seem to call it from C#. Can any one please help me?
Stored Procedure
CREATE PROCEDURE dbo.sp_ChangePassword
(
@Password VARCHAR(50),
@newPassword VARCHAR(50),
@Username VARCHAR(50)
)
AS
UPDATE Login SET Password = @newPassword
WHERE UserName = @UserName AND Password = @Password
RETURN
Code in c#
SqlConnection conn = new SqlConnection(@"Data Source=R2\SQLEXPRESS;Initial Catalog=Student;Integrated Security=True");
SqlCommand chpass = new SqlCommand("sp_ChangePassword",conn);
chpass.CommandType = CommandType.StoredProcedure;
chpass.Connection = conn;
SqlParameter usr_param = chpass.Parameters.Add("@Username", SqlDbType.VarChar);
SqlParameter currp_param = chpass.Parameters.Add("@Password", SqlDbType.VarChar);
SqlParameter newpass_param = chpass.Parameters.Add("@newPassword", SqlDbType.VarChar);
usr_param.Direction = ParameterDirection.Input;
currp_param.Direction = ParameterDirection.Input;
newpass_param.Direction = ParameterDirection.Input;
usr_param.Value = Piname.Text;
currp_param.Value = currpass.Text;
newpass_param.Value = newpass.Text;
try
{
chpass.ExecuteNonQuery();
errLabel.Text = "Password Sucessfully Changed";
}catch(Exception exp){errLabel.Text=exp.message;}
•
•
Join Date: Nov 2006
Posts: 436
Reputation: 
Solved Threads: 72
Posting Pro in Training
The code looks basicaly correct, however a couple things to point out.
1) You should avoid creating procs that start with "sp_" because this tells SQL to first look in the system procedures.
2) In your proc, you may consider also testing to see if that username already exists, and raise an error if not. Also check that the current password is correct.
3) You must open the connection before executing the sproc.
4) Use the schema as part of the sproc name to avoid confusion when working with multiple schemas.
5) Consider encrypting the passwords so when (not if) someone gets access to that table they don't get all of your users and passwords.
if exists(select * from login where username=@username)
begin
... do you update stuff
end
else
raiserror('Invalid User',16,-1)
you can shorten your code a wee bit by using this:
--Jerry
1) You should avoid creating procs that start with "sp_" because this tells SQL to first look in the system procedures.
2) In your proc, you may consider also testing to see if that username already exists, and raise an error if not. Also check that the current password is correct.
3) You must open the connection before executing the sproc.
4) Use the schema as part of the sproc name to avoid confusion when working with multiple schemas.
5) Consider encrypting the passwords so when (not if) someone gets access to that table they don't get all of your users and passwords.
if exists(select * from login where username=@username)
begin
... do you update stuff
end
else
raiserror('Invalid User',16,-1)
you can shorten your code a wee bit by using this:
C# Syntax (Toggle Plain Text)
--Jerry
|
Similar Threads
- Changing the datatype of a Column (MS SQL)
- SQL, Dataview, DataTable and DataAdapter.Update (VB.NET)
- update on a column that is full of HTML (MS SQL)
- Need urgent help. Problem with SQL and win server. (Windows NT / 2000 / XP)
- dynamically update pages (HTML and CSS)
- retrieving a particular value with a sql query (PHP)
- Computed column in view VS trigger on update (MS SQL)
- Default value of a column (MS SQL)
- Auto update columns? (Database Design)
Other Threads in the C# Forum
- Previous Thread: how to count how many Fridays in amonth
- Next Thread: c# and sql and asp
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest C# Posts
- Today's Posts
- Unanswered Threads
.net access algorithm alignment app application array bitmap box c# c#gridviewcolumn check checkbox client color combo combobox communication concurrency control conversion csharp custom data database datagrid datagridview dataset datatable datetime degrees draganddrop drawing enabled encryption enum excel file focus form format forms function gdi+ getoutlookcontactusinfcsvfile globalization hospitalmanagementsystem image input install java list localization mandelbroth math messagebox microsoftc#visualexpress mono mouseclick mysql operator path photoshop picturebox pixelinversion plotting pointer post programming radians read regex remote remoting richtextbox save server sleep socket sql sql-server statistics string stringformatting sun table text textbox thread time timer update usercontrol validate validation visualstudio webbrowser winforms wpf xml