 |  |  |  |  |  |  |  |
Update a column in SQL using C#
Please support our C# advertiser: Intel Parallel Studio Home
 |
Hi,
I'm workin on a website where i need to update a password using a stored procedure. I tested the stored procedure on SQL server and its working fine. but somehow i cannot seem to call it from C#. Can any one please help me?
Stored Procedure
CREATE PROCEDURE dbo.sp_ChangePassword
(
@Password VARCHAR(50),
@newPassword VARCHAR(50),
@Username VARCHAR(50)
)
AS
UPDATE Login SET Password = @newPassword
WHERE UserName = @UserName AND Password = @Password
RETURN
Code in c#
SqlConnection conn = new SqlConnection(@"Data Source=R2\SQLEXPRESS;Initial Catalog=Student;Integrated Security=True");
SqlCommand chpass = new SqlCommand("sp_ChangePassword",conn);
chpass.CommandType = CommandType.StoredProcedure;
chpass.Connection = conn;
SqlParameter usr_param = chpass.Parameters.Add("@Username", SqlDbType.VarChar);
SqlParameter currp_param = chpass.Parameters.Add("@Password", SqlDbType.VarChar);
SqlParameter newpass_param = chpass.Parameters.Add("@newPassword", SqlDbType.VarChar);
usr_param.Direction = ParameterDirection.Input;
currp_param.Direction = ParameterDirection.Input;
newpass_param.Direction = ParameterDirection.Input;
usr_param.Value = Piname.Text;
currp_param.Value = currpass.Text;
newpass_param.Value = newpass.Text;
try
{
chpass.ExecuteNonQuery();
errLabel.Text = "Password Sucessfully Changed";
}catch(Exception exp){errLabel.Text=exp.message;}
I'm workin on a website where i need to update a password using a stored procedure. I tested the stored procedure on SQL server and its working fine. but somehow i cannot seem to call it from C#. Can any one please help me?
Stored Procedure
CREATE PROCEDURE dbo.sp_ChangePassword
(
@Password VARCHAR(50),
@newPassword VARCHAR(50),
@Username VARCHAR(50)
)
AS
UPDATE Login SET Password = @newPassword
WHERE UserName = @UserName AND Password = @Password
RETURN
Code in c#
SqlConnection conn = new SqlConnection(@"Data Source=R2\SQLEXPRESS;Initial Catalog=Student;Integrated Security=True");
SqlCommand chpass = new SqlCommand("sp_ChangePassword",conn);
chpass.CommandType = CommandType.StoredProcedure;
chpass.Connection = conn;
SqlParameter usr_param = chpass.Parameters.Add("@Username", SqlDbType.VarChar);
SqlParameter currp_param = chpass.Parameters.Add("@Password", SqlDbType.VarChar);
SqlParameter newpass_param = chpass.Parameters.Add("@newPassword", SqlDbType.VarChar);
usr_param.Direction = ParameterDirection.Input;
currp_param.Direction = ParameterDirection.Input;
newpass_param.Direction = ParameterDirection.Input;
usr_param.Value = Piname.Text;
currp_param.Value = currpass.Text;
newpass_param.Value = newpass.Text;
try
{
chpass.ExecuteNonQuery();
errLabel.Text = "Password Sucessfully Changed";
}catch(Exception exp){errLabel.Text=exp.message;}
•
•
Join Date: Nov 2006
Posts: 436
Reputation: 
Solved Threads: 72
Posting Pro in Training
The code looks basicaly correct, however a couple things to point out.
1) You should avoid creating procs that start with "sp_" because this tells SQL to first look in the system procedures.
2) In your proc, you may consider also testing to see if that username already exists, and raise an error if not. Also check that the current password is correct.
3) You must open the connection before executing the sproc.
4) Use the schema as part of the sproc name to avoid confusion when working with multiple schemas.
5) Consider encrypting the passwords so when (not if) someone gets access to that table they don't get all of your users and passwords.
if exists(select * from login where username=@username)
begin
... do you update stuff
end
else
raiserror('Invalid User',16,-1)
you can shorten your code a wee bit by using this:
--Jerry
1) You should avoid creating procs that start with "sp_" because this tells SQL to first look in the system procedures.
2) In your proc, you may consider also testing to see if that username already exists, and raise an error if not. Also check that the current password is correct.
3) You must open the connection before executing the sproc.
4) Use the schema as part of the sproc name to avoid confusion when working with multiple schemas.
5) Consider encrypting the passwords so when (not if) someone gets access to that table they don't get all of your users and passwords.
if exists(select * from login where username=@username)
begin
... do you update stuff
end
else
raiserror('Invalid User',16,-1)
you can shorten your code a wee bit by using this:
C# Syntax (Toggle Plain Text)
--Jerry
|
Similar Threads
- Changing the datatype of a Column (MS SQL)
- SQL, Dataview, DataTable and DataAdapter.Update (VB.NET)
- update on a column that is full of HTML (MS SQL)
- Need urgent help. Problem with SQL and win server. (Windows NT / 2000 / XP)
- dynamically update pages (HTML and CSS)
- retrieving a particular value with a sql query (PHP)
- Computed column in view VS trigger on update (MS SQL)
- Default value of a column (MS SQL)
- Auto update columns? (Database Design)
Other Threads in the C# Forum
- Previous Thread: how to count how many Fridays in amonth
- Next Thread: c# and sql and asp
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest C# Posts
- Today's Posts
- Unanswered Threads
.net access algorithm array asp.net barchart bitmap box broadcast c# check checkbox client combobox control conversion csharp custom database databaseconnection datagrid datagridview dataset datetime dbconnection degrees design development draganddrop drawing encryption enum event eventhandlers excel file firefox form format forms function gdi+ grantorrevokepermissionthroughc#.net httpwebrequest image index input install java label libraries list listbox loop mandelbrot marshalbyrefobject math mouseclick movingimage mysql mysql.data.client operator path photoshop php picturebox pixelinversion post programming radians regex remoting resourcefile richtextbox server sleep socket sql statistics stream string study system.servicemodel table tcpclientchannel text textbox thread time timer update usercontrol validation visualstudio webbrowser windows winforms wpf wpfc# xml
