发表新帖
发表新帖

I am trying to create a stored procedure to create a login and a database user?

后端 未结
关注
4 1266
醉酒成梦
醉酒成梦 2021-01-07 03:58

I am developing a C# application with SQL Server, and would like to call a stored procedure to create a login and a user.

I am looking for the simplest way to do th

4条回答
  • 半阙折子戏
    半阙折子戏 (楼主)
    2021-01-07 04:17

    Consider using dymanic SQL to create a user. For example, to create a server login called @login with a database user called 'DEV' + @login:

    create procedure dbo.CreateLoginAndUser(
        @login varchar(100),
        @password varchar(100),
        @db varchar(100))
as
declare @safe_login varchar(200)
declare @safe_password varchar(200)
declare @safe_db varchar(200)
set @safe_login = replace(@login,'''', '''''')
set @safe_password = replace(@password,'''', '''''')
set @safe_db = replace(@db,'''', '''''')

declare @sql nvarchar(max)
set @sql = 'use ' + @safe_db + ';' +
           'create login ' + @safe_login + 
               ' with password = ''' + @safe_password + '''; ' +
           'create user DEV' + @safe_login + ' from login ' + @safe_login + ';'
exec (@sql)
go

    It might be easier to construct the SQL statement client-side. But even then, you couldn't use parameters with the create login statement. So be on your guard about SQL Injection.

    0 讨论(0)
 看不清?
提交回复
热议问题