如果条件为真,则此存储过程不会更新列FailedLoginAttempts。谁能告诉我这可能有什么问题?
ALTER PROCEDURE UpdateFailedLoginAttempts
(
@username varchar(100),
@failureType varchar(100),
@maxInvalidPasswordAttempts int
)
AS
BEGIN
DECLARE @failureCount int
IF (@failureType='Password') BEGIN
SELECT @failureCount=FailedLoginAttempts FROM Users
WHERE Username=@username
UPDATE Users SET FailedLoginAttempts=@failureCount+1 WHERE Username=@username
IF(@failureCount >= @maxInvalidPasswordAttempts) BEGIN
UPDATE Users SET IsUserLocked = 1 WHERE Username=@username
END
END
END
我想要实现的是failureType是密码,那么它应该设置为@failureCount等于FailedLoginAttempts然后更新{{1}转到FailedLoginAttempts(增加失败尝试次数),然后检查@failureCount + 1是否大于或等于@failureCount。
答案 0 :(得分:2)
我注意到的一件事是你:
设置@failureCount = FailedLoginAttempts
更新FailedLoginAttempts = @failureCount + 1
检查@failureCount >= @maxInvalidPasswordAttempts
这不会检查更新的FailedLoginAttempts值,因此您可能必须在帐户被锁定之前再次失败一次。
由于您无论如何都必须运行更新,您可以考虑以下路线:
UPDATE u
SET u.IsUserLocked =
CASE
WHEN (FailedLoginAttempts + 1) >= @maxInvalidPasswordAttempts THEN 1
ELSE u.IsUserLocked
END
, u.FailedLoginAttempts = u.FailedLoginAttempts + 1
FROM Users AS u
WHERE u.Username = @username
它不需要制作多个语句,也不需要变量@failureCount
答案 1 :(得分:0)
您可以检查列FailedLoginAttempts的默认值是否为0而不是null?