写了个登陆代码老是提示登陆失败,
我实在找不到原因了,不知道是不是哪个SQL语句有没有把两个文本框的值提出来,如果不是应该怎么办??如果不是,那是哪个地方出了问题????好急,高手,帮帮小弟.
两段代码都同样在下面了:都提示登陆失败
1:第一个登陆代码
Dim con As New SqlConnection
con.ConnectionString = "server=BT-BBT;uid=adoxq;pwd=86221xq;database=tz"
con.Open() Dim str As String = "select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'"
Dim cmd As New SqlCommand(str, con)
Dim dr As SqlDataReader = cmd.ExecuteReader
If dr.Read() Then
Response.Redirect("adocoffee\wangye\czdl.html")
Else
Response.Write("<script languge='javascript'> alert('登录失败,');window.top.location.href='login.aspx';</script>;return")
2:第二个登陆代码
Dim con As New SqlConnection
con.ConnectionString = "server=BT-BBT;uid=adoxq;pwd=86221xq;database=tz" Dim ds As DataSet = New DataSet
Dim da As SqlDataAdapter = New SqlDataAdapter("select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'", con)
con.Open()
da.Fill(ds)
If ds.Tables(0).Rows.Count = 0 Then
Response.Write("<script languge='javascript'> alert('登录失败,');window.top.location.href='login.aspx';</script>;return") Else
Session("user") = TextBox1.Text
Response.Redirect("adocoffee/wangye/czdl.html") End If
con.Close()
ds.Clear()
我实在找不到原因了,不知道是不是哪个SQL语句有没有把两个文本框的值提出来,如果不是应该怎么办??如果不是,那是哪个地方出了问题????好急,高手,帮帮小弟.
两段代码都同样在下面了:都提示登陆失败
1:第一个登陆代码
Dim con As New SqlConnection
con.ConnectionString = "server=BT-BBT;uid=adoxq;pwd=86221xq;database=tz"
con.Open() Dim str As String = "select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'"
Dim cmd As New SqlCommand(str, con)
Dim dr As SqlDataReader = cmd.ExecuteReader
If dr.Read() Then
Response.Redirect("adocoffee\wangye\czdl.html")
Else
Response.Write("<script languge='javascript'> alert('登录失败,');window.top.location.href='login.aspx';</script>;return")
2:第二个登陆代码
Dim con As New SqlConnection
con.ConnectionString = "server=BT-BBT;uid=adoxq;pwd=86221xq;database=tz" Dim ds As DataSet = New DataSet
Dim da As SqlDataAdapter = New SqlDataAdapter("select * from rigester where user='" + TextBox1.Text + "' and pwd='" + TextBox2.Text + "'", con)
con.Open()
da.Fill(ds)
If ds.Tables(0).Rows.Count = 0 Then
Response.Write("<script languge='javascript'> alert('登录失败,');window.top.location.href='login.aspx';</script>;return") Else
Session("user") = TextBox1.Text
Response.Redirect("adocoffee/wangye/czdl.html") End If
con.Close()
ds.Clear()
字符串拼的看不懂啊,是不是应该这样拼啊:
“select * from rigester where user=” + TextBox1.Text + “and pwd=” + TextBox2.Text;
个人愚见!
搂主的代码貌似没有什么问题。
~~~多了空格 ~~~多了空格改成
"select * from rigester where user= '" + TextBox1.Text + "' and pwd= '" + TextBox2.Text + "'"
------------------------------------
首先注意红色部分之间应该加个空格!!!!
Dim str As String = "select * from rigester where user= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '"另外跟踪一下,看是哪的问题。。
整体应该如下:
Dim str As String = "select * from rigester where user= '" + TextBox1.Text + "' and pwd= '" + TextBox2.Text + "'"
+ 应该换成 &
象姓名这样:
Dim str As String = "select * from rigester where user= '" & TextBox1.Text & " ' and pwd= '" & TextBox2.Text & " '"
------------------------------------------------------Dim str As String = "select * from rigester where username= '" + TextBox1.Text + " ' and pwd= '" + TextBox2.Text + " '" 你把你数据库表里的user 字段该成username 这样就可以了,user数据库系统自带的敏感字段.......
提个小建议啊:你的代码存在安全漏洞啊,很容易实现SQL注入攻击
是不能使用的!
Dim str As String = "select * from rigester where user= '" & TextBox1.Text.Trim("'","''") & " ' and pwd= '" & TextBox2.Text.Trim("'","''") & " '"
楼主请输入用户名为 ' OR 1=1 密码随便...看看能不能登陆哦?