public static String AdminUserLogin(string username, string password)
{
//创建数据库连接和命令的对象
SqlConnection myConnection = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
SqlCommand myCommand = new SqlCommand("AdminUserLogin", myConnection);
//指明Sql命令的操作类型是使用存储过程
myCommand.CommandType = CommandType.StoredProcedure;
//给存储过程添加参数
SqlParameter parameterUsername = new SqlParameter("@UserName", SqlDbType.NVarChar, 50);
parameterUsername.Value = username;
myCommand.Parameters.Add(parameterUsername);
SqlParameter parameterPassword = new SqlParameter("@Password", SqlDbType.NVarChar, 50);
parameterPassword.Value = password;
myCommand.Parameters.Add(parameterPassword);
SqlParameter parameterUserID = new SqlParameter("@ID", SqlDbType.Int, 4);
//指出该参数是存储过程的OUTPUT参数
parameterUserID.Direction = ParameterDirection.Output;
myCommand.Parameters.Add(parameterUserID);
//打开数据库连接
myConnection.Open();
//进行数据库操作
myCommand.ExecuteNonQuery();
//关闭数据库连接
myConnection.Close();
//使用存储过程的输出参数返回UserID并赋值给userId
int userId = (int)(parameterUserID.Value);
//判断userId的值,如果为零则说明登录失败,函数返回空字符串,
//反之把userId转换为字符串返回。
if (userId == 0)
{
return null;
}
else
{
return userId.ToString();
}
}
CREATE Procedure AdminUserLogin
(
@UserName nvarchar(50),
@Password nvarchar(50),
@ID int OUTPUT
)
AS
SELECT
@ID =ID
FROM
UserInfo
WHERE
User_Name = @UserName
AND
Password = @Password
IF @@Rowcount < 1
SELECT
@ID = 0
GO