tags:

views:

313

answers:

4
Q: 

Iterate over a rowset, get a field which matches parameter, and then another field from that row

I have a stored procedure which has to get a password from my Users table.

I am using a Username as a parameter. What is the best way to get the row where the Username field's contents match the Username parameter, and then the password (as this is the Username/password pair for one user).

Cursors are one way to iterate over a rowset but these aren't desirable.

I am currently reading a few TSQL books, but haven't come across this sort of problem. Any good recommendations for TSQL books? I am on Sql Server 2005.

+1  A: 

It sounds like you just need a standard SELECT query:

SELECT username_column, password_column
FROM your_table
WHERE username_column = @usernameparam

(Or am I misunderstanding the question?)

LukeH  2009-03-31 15:56:31
That would actually work actually. Fundamental mistake in my thinking of a more complex solution. Now I just need to have an out value of password_column :)
dotnetdev  2009-03-31 15:58:39
Probably the easiest question you have answered all day. =)
JohnFx  2009-03-31 15:58:51
A: 

SELECT password FROM table WHERE username = @username

gbn  2009-03-31 15:57:50
A: 

Hi,

Assuming that your users table has the columns UserName and Password then a SELECT will work just fine.

SELECT username, password FROM Users WHERE username = @username

However, storing passwords in this manner might not be the best idea security wise.

jheppinstall  2009-03-31 15:59:02
+1  A: 

get a password from my Users table

This is your first problem: NEVER store real passwords in a database. Look into the HashBytes() function and use that for password matching. If you think you need to keep a real password around, perhaps to allow users to recover lost passwords, go talk to the folks over at reddit.

way to iterate over a rowset

This is your second problem. You're thinking in terms of iterating over the rows yourself. This is called imperative programming. While imperative code works great for your normal client code, it's backwards when you're working with a database. Instead, you want to start using declarative programming and think in terms a sets: you write some code that declares to the database the set of records you need returned:

SELECT [password] /*shudder*/ FROM [table] WHERE [username] = @username
Joel Coehoorn  2009-03-31 16:07:55
It's funny you should mention this because I have read about the distinction between the two. I think my imperative nature is from C# coding and using iterations, loops etc everyday.
dotnetdev  2009-03-31 16:12:18

related questions

Sql to query a dbs scheme
Transform Columns into Rows
SQL Client for Mac OS X that works with MS SQL Server
How do you get leading wildcard full-text searches to work in SQL Server?
SQL Server 2000: Is there a way to tell when a record was last modified?
What's the BEST way to remove the time portion of a datetime value (SQL Server)
I need to know how much disk space a table is using in SQL Server
What's the best way to determine if a temporary table exists in SQL Server?
Appropriate pagefile size for SQL Server
Have you ever encountered a query that SQL Server could not execute because it referenced too many tables?
ASP.NET MVC "CRUD" Database Sample
How do I unit test persistence?
Best Book for a new Database Developer
Can I logically reorder columns in a table?
Best way to copy a database in SQL Server 2005/8?
Is Windows Server 2008 "Server Core" appropriate for a SQL Server instance?
Why doesn't SQL Full Text Indexing return results for words containing #?
Client collation and SQL Server 2005
Editing database records by multiple users
Deploying SQL Server Databases from Test to Live
SQL Server 2005 implementation of MySQL REPLACE INTO?
Upgrading SQL Server 6.5
How do I version my MS SQL database in SVN?
How to export data from SQL Server 2005 to MySQL
Check for changes to a SQL table?