string name=this.TextBoxName.Text.Trim();
string pwd=this.TextBoxPwd.Text.Trim();
if(name.IndexOf("'")>-1 || pwd.IndexOf("'")>-1)
{
this.LabelInfo.Text="当前信息: 用户登录";
this.TableTitle.Rows.Clear();
this.FillTableCell("登录失败,无此用户或密码不正确!");
return;
}
SqlConnection myConn = new SqlConnection(majun.ConnString);
string sqlstr="select * from userlogin where (用户名='"+name+"') and ("+
"密码='"+pwd+"')";
SqlCommand myCommand = new SqlCommand(sqlstr,myConn);
myConn.Open();
SqlDataReader dr=myCommand.ExecuteReader();
if(dr.Read())
{
dr.Close();
myConn.Close();
}
else
{
dr.Close();
myConn.Close();
this.LabelInfo.Text="当前信息: 用户登录";
this.TableTitle.Rows.Clear();
this.FillTableCell("登录失败,无此用户或密码不正确!");
}
string pwd=this.TextBoxPwd.Text.Trim();
if(name.IndexOf("'")>-1 || pwd.IndexOf("'")>-1)
{
this.LabelInfo.Text="当前信息: 用户登录";
this.TableTitle.Rows.Clear();
this.FillTableCell("登录失败,无此用户或密码不正确!");
return;
}
SqlConnection myConn = new SqlConnection(majun.ConnString);
string sqlstr="select * from userlogin where (用户名='"+name+"') and ("+
"密码='"+pwd+"')";
SqlCommand myCommand = new SqlCommand(sqlstr,myConn);
myConn.Open();
SqlDataReader dr=myCommand.ExecuteReader();
if(dr.Read())
{
dr.Close();
myConn.Close();
}
else
{
dr.Close();
myConn.Close();
this.LabelInfo.Text="当前信息: 用户登录";
this.TableTitle.Rows.Clear();
this.FillTableCell("登录失败,无此用户或密码不正确!");
}
解决方案 »
免费领取超大流量手机卡,每月29元包185G流量+100分钟通话, 中国电信官方发货