一个ASP.net登录页面的代码
protected void btnLogin_Click(object sender, EventArgs e)
{
string UID = tbusername.ToString();
string PWD = tbpassword.ToString();
for (int i = 0; i < LimitSelect.Items.Count; i++)
{
if (LimitSelect.Items[i].Selected)
{
Label1.Text = LimitSelect.Items[i].Value;
}
}
string Power = Label1.Text;
string sqlstr = "SELECT username, pwd, Limits FROM UserInfo WHERE (username = '" + UID + "') AND (pwd = '" + PWD + "') AND (Limits = '" + Power + "')"; SqlConnection conn = new SqlConnection(@"Data Source=123-PC\SQLEXPRESS;Initial Catalog=LibraryMS;Integrated Security=True");
SqlCommand cmd = new SqlCommand(sqlstr,conn); if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
SqlDataReader reader = cmd.ExecuteReader();
SqlDataAdapter sqlcmd = new SqlDataAdapter(sqlstr,conn); if (reader.Read())
{
Session["username"] = UID;
Session["pwd"] = PWD;
Session["Limits"] = Power;
switch (Power)
{
case "0":
Response.Redirect("SysAdmin.aspx");
break;
case "1":
Response.Redirect("Manager.aspx");
break;
case "2":
Response.Redirect("Users.aspx");
break;
default:
Response.Redirect("Customers.aspx");
break;
}
}
}
protected void btnLogin_Click(object sender, EventArgs e)
{
string UID = tbusername.ToString();
string PWD = tbpassword.ToString();
for (int i = 0; i < LimitSelect.Items.Count; i++)
{
if (LimitSelect.Items[i].Selected)
{
Label1.Text = LimitSelect.Items[i].Value;
}
}
string Power = Label1.Text;
string sqlstr = "SELECT username, pwd, Limits FROM UserInfo WHERE (username = '" + UID + "') AND (pwd = '" + PWD + "') AND (Limits = '" + Power + "')"; SqlConnection conn = new SqlConnection(@"Data Source=123-PC\SQLEXPRESS;Initial Catalog=LibraryMS;Integrated Security=True");
SqlCommand cmd = new SqlCommand(sqlstr,conn); if (conn.State == ConnectionState.Closed)
{
conn.Open();
}
SqlDataReader reader = cmd.ExecuteReader();
SqlDataAdapter sqlcmd = new SqlDataAdapter(sqlstr,conn); if (reader.Read())
{
Session["username"] = UID;
Session["pwd"] = PWD;
Session["Limits"] = Power;
switch (Power)
{
case "0":
Response.Redirect("SysAdmin.aspx");
break;
case "1":
Response.Redirect("Manager.aspx");
break;
case "2":
Response.Redirect("Users.aspx");
break;
default:
Response.Redirect("Customers.aspx");
break;
}
}
}
我断点查看了一下
reader()里面
Depth = 0
FieldCount = 3
HasRows = false
IsClosed = false
RecordsAffected = -1
VisibleFieldCount = 3
--------
就说明没数据你断点看看 sqlstr ,然后在SQL中执行下
这是断点显示的
string PWD = tbpassword.ToString();
然后我吧tb空间的值都写上了啊,不会没值的
string PWD = tbpassword.Text;
string UID = tbusername.Text;
string PWD = tbpassword.Text;