HiveBrain v1.2.0
Get Started
← Back to all entries
patternsqlMinor

Updating user log in time while he logs in to the web page

Submitted by: @import:stackexchange-codereview··
0
Viewed 0 times
codereviewsqlsql-serverstackoverflowstored-procedure
thewhilelogsloguserupdatingtimepageweb

Problem

My intention is to store the user's last login date and time when he logs in to the web page. I pass his username and password to the stored procedure to check whether is it correct or not! I believe it'll be fine to store his last login date and time if any record matches.

USE [DBNAME]
GO
/****** Object:  StoredProcedure [dbo].[WP_LogInUser]    Script Date: 27-Apr-15 4:09:38 PM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
ALTER Procedure [dbo].[WP_LogInUser] 
    @Username   Nvarchar(100),
    @Password   Nvarchar(100)

as
Begin 
    if exists(Select Username from TableName where Username=@Username and UserPassword=@Password)
        Begin
            Update TableName Set UserLastLogin = GETUTCDATE() where Username=@Username and UserPassword=@Password and IsActive = 1
            Select UserID, Username, UserEmail, UserFullName, UserType from TableName where Username=@Username and UserPassword=@Password and IsActive = 1
        End
End


What do you think about it? Is it okay? Or can I make this even better?

Solution

The first point I notice looking at your code is that it looks as though you are storing passwords in plain text. You should not do this. It is highly irresponsible. They should be salted and hashed in almost all cases.

Secondly there is no point looking up the same information three times.

Once to check if it exists, secondly to update it, and thirdly to select it.

You can do all this in one operation.

ALTER PROCEDURE [dbo].[WP_LogInUser] @Username NVARCHAR(100),
                                     @Password NVARCHAR(100)
AS
  BEGIN
      UPDATE TableName
      SET    UserLastLogin = GETUTCDATE()
      OUTPUT INSERTED.UserID,
             INSERTED.Username,
             INSERTED.UserEmail,
             INSERTED.UserFullName,
             INSERTED.UserType
      FROM   TableName
      WHERE  Username = @Username
             AND UserPassword = @Password
             AND IsActive = 1
  END

Code Snippets

ALTER PROCEDURE [dbo].[WP_LogInUser] @Username NVARCHAR(100),
                                     @Password NVARCHAR(100)
AS
  BEGIN
      UPDATE TableName
      SET    UserLastLogin = GETUTCDATE()
      OUTPUT INSERTED.UserID,
             INSERTED.Username,
             INSERTED.UserEmail,
             INSERTED.UserFullName,
             INSERTED.UserType
      FROM   TableName
      WHERE  Username = @Username
             AND UserPassword = @Password
             AND IsActive = 1
  END

Context

StackExchange Code Review Q#88120, answer score: 2

Revisions (0)

No revisions yet.