We Keep Coding

Stored Functions

I have an issue where I'm trying to make a stored function to search for a user's username and password. The arguments to the function should be the username and password and it must return true if the username and password combo exist and false if it doesn't. This is what I've created so far with no success:
delimiter $$
create function cred(u varchar(15), p varchar(6))
returns char(5)
begin
declare a CHAR(5);
if (select username = u and pwd = p from customers) then set a = 'true';
else set a = 'false';
end if;
end$$
delimiter ;
select cred('dJete', 'abc112');

You need to use return-statement in function to return the value. Also, minor fixes to the actual query where you match the customer:
create function cred(in_username varchar(15), in_password varchar(6))
returns char(5)
begin
declare v_cnt int;
select count(*) into v_cnt
from customers
where username = in_username and pwd = in_password;
if (v_cnt>0) then
return 'true';
else
return 'false';
end if;
end
$$

Mysql stored procedure problems

I am new to MySQL stored procedures. I wrote login validation, but it will not work.
CREATE PROCEDURE `Login_validation`(
IN `Username` VARCHAR(50),
IN `password` VARCHAR(50))
LANGUAGE SQL
NOT DETERMINISTIC
CONTAINS SQL
SQL SECURITY DEFINER
COMMENT ''
BEGIN
IF EXISTS(SELECT * FROM user_details where FIRSTNAME=#Username) THEN
BEGIN
IF EXISTS(SELECT * FROM user_details where FIRSTNAME=#Username and Password=#password) THEN
BEGIN
SELECT 'SUCCESS' STATUSDISCRTIPTION, '100' STATUSCODE;
END;
ELSE
BEGIN
SELECT 'USERNAME AND PASSWORD NOT MATCHING' STATUSDISCRTIPTION, '101' STATUSCODE;
END;
END IF;
END;
ELSE
BEGIN
SELECT 'USERNAME NOT EXISTS' STATUSDISCRTIPTION , '101' STATUSCODE;
END;
END IF;
END
This my stored procedure, I got SELECT 'USERNAME NOT EXISTS' STATUSDISCRTIPTION , '101' STATUSCODE; this output only. if loop not working.
call Login_validation('Malathi','123456')
malathi name is there in table. What is the problem?

The notation #username if for user variables, not to be confused with stored procedures parameters.
Use where FIRSTNAME = Username

MySQL Stored Procedure - IF EXISTS ... THEN returning unexpected result

The below is my Stored Procedure(Routine) to check whether or not a user with Username(input) exists in the database.
Inside the database, I already have a user with Username - 'dev'.
However, when I ran the below routine, it returned me with res = 1, which I expected it to be -1.
I called the routine this way. Please correct me too if I am calling it the wrong way. I am really new to MySQL Routines.
CALL usp_GetUserValidation ('dev', #ErrorCode)
Can any MySQL Routine pros here enlighten me on this? Thank you in advance guys :)
DELIMITER $$
CREATE PROCEDURE usp_GetUserValidation(IN `#Username` VARCHAR(255), OUT `#ErrorCode` INT)
LANGUAGE SQL
NOT DETERMINISTIC
CONTAINS SQL
SQL SECURITY DEFINER
COMMENT 'To validate user login'
BEGIN
IF EXISTS
(SELECT UserID
FROM mt_User
WHERE UserName = #Username)
THEN
SET #ErrorCode = -1;
ELSE
SET #ErrorCode = 1;
END IF;
SELECT #ErrorCode AS res;
END$$
DELIMITER ;

It was simply your naming conventions for the parameters. It is finicky and does not like User Variable # signs in them.
You are just testing I can see, as you are returning both a resultset with the info and the OUT variable.
drop procedure if exists usp_GetUserValidation;
DELIMITER $$
CREATE PROCEDURE usp_GetUserValidation(IN pUsername VARCHAR(255), OUT pErrorCode INT)
LANGUAGE SQL
NOT DETERMINISTIC
CONTAINS SQL
SQL SECURITY DEFINER
COMMENT 'To validate user login'
BEGIN
IF EXISTS
(SELECT UserID
FROM mt_User
WHERE UserName = pUsername)
THEN
SET pErrorCode = -1;
ELSE
SET pErrorCode = 1;
END IF;
SELECT pErrorCode AS res;
END$$
DELIMITER ;
Schema:
-- drop table if exists mt_user;
create table mt_User
( UserID int auto_increment primary key,
UserName varchar(100) not null,
unique key(UserName)
);
insert mt_User(UserName) values ('dev');
select * from mt_User;
Test:
set #var1:=-4;
call usp_GetUserValidation('dev',#var1);
-- returns (-1) ---- Yea, we like that
select #var1;
-- (-1)
set #var1:=-4;
call usp_GetUserValidation('dev222',#var1);
-- returns 1 ---- Yea, we like that
select #var1;
-- 1

MySQL Stored Procedure with If...else not executing

CREATE DEFINER=`root`#`localhost` PROCEDURE `Mobile_ForgotPassword`(IN`v_email` VARCHAR(30), IN `v_valid` INT)
NO SQL
IF (v_valid = 0) THEN
SELECT email FROM user_registration WHERE email = v_email;
ELSE
SELECT password FROM user_registration WHERE email = v_email;
END IF;
I have this MySQL Stored procedure and its not working. Whenever i try to execute this script on phpmyadmin, getting error on line 4 that i have syntax error. As i am using phpmyadmin, delimiter already added dynamically and i have a privileges to root account. I tried removing DEFINER but still it isn't working. As per my knowledge, i am not seeing any syntax error in script or i am not getting it. Anyone ?

CREATE DEFINER=`root`#`localhost` PROCEDURE `Mobile_ForgotPassword`(IN `v_email` VARCHAR(30), IN `v_valid` INT)
NO SQL
IF (v_valid = 0) THEN
SELECT email FROM user_registration WHERE email = v_email LIMIT 1;
ELSE
SELECT password FROM user_registration WHERE email = v_email LIMIT 1;
END IF;
Removed default Delimiter from textbox under script editor in phpMyAdmin

You need to add DELIMITER
DELIMITER |
CREATE PROCEDURE `Mobile_ForgotPassword`(IN`v_email` VARCHAR(30), IN `v_valid` INT)
NO SQL
IF (v_valid = 0) THEN
SELECT email FROM user_registration WHERE email = v_email;
ELSE
SELECT PASSWORD FROM user_registration WHERE email = v_email;
END IF;
|
DELIMITER ;

MYSQL: Procedure with if statement

I'm trying to make a routine that first checks a users password, if it's correct it shall return some values from a different table or change some values in a row.
Is this even possible without making two queries that you handle in PHP? First call for the password, check if its correct then allow the user to make the name change.
Here an example of getting the Rows in User with email and password.
DELIMITER $$
CREATE DEFINER=`root`#`localhost` PROCEDURE `get_user_info`(
IN in_Email VARCHAR(45),
IN in_Pass VARCHAR(45)
)
BEGIN
SELECT * FROM User WHERE Email = in_Email AND Pass = in_Pass;
END
And this is what Ive got so far:
DELIMITER $$
CREATE DEFINER=`root`#`localhost` PROCEDURE `change_pass`(
in_Email VARCHAR(45),
in_PassOld VARCHAR(45),
in_PassNew VARCHAR(45)
)
BEGIN
SET #PassOld = (SELECT Pass From User WHERE Email = in_Email);
IF(#PassOld = in_PassOld) THEN
UPDATE User SET Pass = in_PassNew WHERE Email = in_Email;
END IF;
ENDND IF;
END
Thanks for all the help!

You should really hash those passwords, use the following code
DELIMITER $$
CREATE DEFINER=`root`#`localhost` PROCEDURE `change_pass`(
in_Email VARCHAR(45),
in_PassOld VARCHAR(45),
in_PassNew VARCHAR(45)
)
BEGIN
DECLARE KnowsOldPassword INTEGER;
SELECT count(*) INTO KnowsOldPassword
FROM User
WHERE Email = in_Email AND passhash = SHA2(CONCAT(salt, in_PassOld),512);
IF (KnowsOldPassword > 0) THEN
UPDATE User
SET Passhash = SHA2(CONCAT(salt, inPassNew),512)
WHERE Email = in_Email;
END IF;
END $$
DELIMITER ;
The salt is an extra field in table user that is more or less random, but does not need to be secret. It serves to defeat rainbow tables.
You can set salt to a short string char(10) or randomish data. e.g.
salt = ROUND(RAND(unix_timestamp(now())*9999999999);
You don't need to update the salt, just generate it once and then store it.
For more on this issue see:
Salting my hashes with PHP and MySQL
How should I ethically approach user password storage for later plaintext retrieval?
A comment on your code
IF(#PassOld == in_PassOld) THEN //incorrect
IF(#PassOld = in_PassOld) THEN //correct, SQL <> PHP :-)