i write the procedure for login in this user can give username or emailid for the login. this is my code.... please check is there any change is required for this

ALTER procedure [dbo].[users_login] (@username varchar(50),@password varchar(50),
  @emailid varchar(50),@ret int output)
as
  begin
       select username,password,emailid from users where( username=@username or
        emailid=@emailid) and [password]=@password
       if(@@rowcount >0)
          begin
                set @ret=1
          end
       else
           begin
               set @ret=0
            end
  end

I wouldn't rely on @@rowCount. Plus, logic for user login / email looks "liberal", one can enter valid login and invalid email. My preferred logic would be:

ALTER procedure [dbo].[users_login] (@username varchar(50),@password varchar(50),
@emailid varchar(50),@ret int output)
as
begin

set @ret=0
if @emailid <> '' or @username <> ''
begin
  select @ret=1, username,password,emailid from users 
   where ( ( username=@username and @username <> '' )or 
 ( emailid= @emailid and @emailid <> '')) and [password]=@password
end

end

Please close thread once you get good enough help.

commented: Good suggestion. +7
Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.