This is my first time creating a sql procedure, and i need some help.
What i am trying to do is to create a procedure that returns true or false if the user has correctly inputed his email and password
DELIMITER $$
CREATE PROCEDURE login(IN email varchar(50), IN password varchar(30))
BEGIN
DECLARE @email VARCHAR(50);
DECLARE @password VARCHAR(50);
IF((SELECT COUNT(id) FROM users WHERE email = @email AND password = @password) = 0, 'true', 'false');
END$$
DELIMITER ;
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘@email VARCHAR(50);
DECLARE @password VARCHAR(50);
IF((SELECT COUNT(id’ at line 3
This is the error message, i am using phpMyAdmin
2
Answers
You want your procedure to return something but you don’t use ‘return’ in it
https://wiki.ispirer.com/sqlways/mysql/techniques/return-value-from-procedure
beside that, your code look very much vulnerable to SQL Injection
https://security.stackexchange.com/questions/68701/how-does-stored-procedure-prevents-sql-injection
Maybe you could consider doing this check in your application instead of inside the database
Maybe this example will help you:
Demo:
https://paiza.io/projects/sioJelUeAuqfrStgCe2h5w?language=mysql