Home/ Questions/Q 9300157
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T22:43:15+00:00

Need your advice with this code… I have table login information of customers. I

  • 0

Need your advice with this code…
I have table login information of customers.
I am using SQL Server.
Everything works fine except of when i am entering apphabet with numbers as @password value I am keep getting error, while there is no error with numbers only. Please help me find the mistake!!!!

    CREATE PROCEDURE [dbo].[usp_login] 
    @customer_id numeric(5,0) = -1,     
    @password nchar(20) = '',           
    @customer_level numeric(2,0) = -1   
AS

BEGIN
    SET NOCOUNT ON;

    DECLARE @SQL AS varchar(300)
    DECLARE @WHERE1 AS varchar(200) = ''

    SET @SQL = 'SELECT *FROM Login'

    IF (@customer_id != -1)
    BEGIN
        SET @WHERE1 = @WHERE1 + 'id=' +  CONVERT(varchar,@customer_id)
    END

    IF (@password != '')
    BEGIN
        IF (@WHERE1 != '')
            SET @WHERE1 = @WHERE1 + ' and ' 
        SET @WHERE1 = @WHERE1 + 'password=' + @password
    END

    IF (@customer_level != -1)
    BEGIN
        IF (@WHERE1 != '')
            SET @WHERE1 = @WHERE1 + ' and ' 
        SET @WHERE1 = @WHERE1 + 'customer_level=' +  CONVERT(varchar,@customer_level)
    END


    IF (@WHERE1 != '')
        SET @SQL = @SQL + ' where ' + @WHERE1

    EXEC(@SQL)
    RETURN @@ROWCOUNT

END
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Since you are executing dynamic sql, you need to wrap string types with single quotes.

    --Problems starts here
SET @WHERE1 = @WHERE1 + 'password=' + @password

--You can correct it as below
SET @WHERE1 = @WHERE1 + 'password=''' + @password + ''''
    • 0