1，创建存储过程：

--返回值1:登录成功;2:密码错误;3：用户不存在;4:试错超过当天限制
--登录操作 存储过程--判断是否已存在该存储过程，存在则删除
if exists (select * from sysobjects where name='LogonProc' and type='p')
drop proc LogonProc
go
--创建存储过程
create proc LogonProc  @name  nvarchar(50),@password  nvarchar(5),@rejectMsg nvarchar(50) output
asdeclare @logondate datedeclare @result int;
--首先判断该用户是否存在if not exists(select * from tb_userinfo where name=@name)  beginset @rejectMsg='该用户不存在'return 3end--获取存储的登录日期,并与当前日期比对set @logondate=(select logondate from tb_UserInfo where Name= @name)if(@logondate!=CAST(getdate() as date))begin
--更新日期并将登录次数更新为0update tb_UserInfo set logondate=GETDATE(),Time=0 where Name= @nameend--存储日期与当前日期一致时，获取当前登录次数如果登录次数超过3次则拒绝再次登录declare @time intset @time=(select Time from tb_UserInfo where Name= @name)
--登录次数超过3次禁止再次登录if(@time>3)beginset @rejectMsg='登录错误已超过三次，账号今天已封禁'return 4endelsebegindeclare @pwd nvarchar(50)set @pwd=(select password from tb_UserInfo where Name=@name)if(@pwd=@password)begin update tb_UserInfo set Time=0 where Name=@nameset @rejectMsg='登录成功！'select * from tb_UserInfo where Name=@namereturn 1endelsebeginset @time=@time+1update tb_UserInfo set Time=@time where Name=@nameset @rejectMsg='第'+CONVERT(nvarchar(10),@time) +'次密码错误，超过三次，今天将不能再登录'return 2endendgo

2，C#调用存储过程

/// <summary>/// 账户登录/// </summary>/// <param name="name">登录名</param>/// <param name="pwd">登录密码</param>/// <param name="msg">返回的登录消息</param>/// <param name="userInfo">返回登录对象</param>/// <returns></returns>public bool Login(string name,string pwd,out string msg,out UserInfo userInfo){bool loginResult = false;//'返回值:1:OK;2:密码错误;3:用户不存在;4:登录超过三次禁止登录//存储过程：exec @result=LogonProc 'lisi','123',@rejectmsg outputSqlParameter[] paras = new SqlParameter[]{new SqlParameter("@result",SqlDbType.Int) { Direction = ParameterDirection.ReturnValue },new SqlParameter("@name",name),new SqlParameter("@password",pwd),new SqlParameter("@rejectMsg",SqlDbType.NVarChar,50) {Direction= ParameterDirection.Output }};string sqlcmd = "LogonProc";DataTable dt = SqlHelper.ExecuteStoredProcedure(sqlcmd, paras);int result = Convert.ToInt32(paras[0].Value);if (result == 1){userInfo = new UserInfo();userInfo.Id = dt.Rows[0].Field<int>("Id");userInfo.Name = dt.Rows[0].Field<string>("Name");userInfo.Nick = dt.Rows[0].Field<string>("Nick");userInfo.PassWord = dt.Rows[0].Field<string>("PassWord");userInfo.Phone = dt.Rows[0].Field<string>("Phone");userInfo.Time = dt.Rows[0].Field<int>("Time");userInfo.LogonDate = dt.Rows[0].Field<DateTime>("LogonDate");loginResult = true;}else{loginResult = false;userInfo = null;}msg = paras[3].Value.ToString();return loginResult;}/// <summary>/// 执行存储过程/// </summary>/// <param name="procedure"></param>/// <param name="paras"></param>/// <returns></returns>public static DataTable ExecuteStoredProcedure(string procedure,params SqlParameter[] paras){DataTable dt = new DataTable();using (SqlConnection con = new SqlConnection(constr)){using (SqlCommand com = new SqlCommand(procedure, con)){com.Parameters.AddRange(paras);com.CommandType = CommandType.StoredProcedure;using (SqlDataAdapter sda = new SqlDataAdapter(com)){sda.Fill(dt);}}}return dt;}