我从数据库里读出一个字段"PassWord",想把它和用户提交的密码比较,但是结果总是不一致.
请各位指点迷津~~~!strSQLPassWord = "SELECT PassWord FROM UserInfor
WHERER(UserID='"+Request.Form["UserID"]+"'))";
objCommand = new SqlCommand(strSQLPassWord,objConnection);
objDataReader = objCommand.ExecuteReader();
objDataReader.Read();
if(objDataReader["PassWord"].ToString()==Request.Form["PassWord"])
Response.Write("登陆成功");
else
Response.Write("密码错误");
请各位指点迷津~~~!strSQLPassWord = "SELECT PassWord FROM UserInfor
WHERER(UserID='"+Request.Form["UserID"]+"'))";
objCommand = new SqlCommand(strSQLPassWord,objConnection);
objDataReader = objCommand.ExecuteReader();
objDataReader.Read();
if(objDataReader["PassWord"].ToString()==Request.Form["PassWord"])
Response.Write("登陆成功");
else
Response.Write("密码错误");
WHERER(UserID='"+Request.Form["UserID"]+"'))";Password是个关键字,应该括起来[Password]
WHERER拼错了
'1. 创建连接
Const strConnString as String
strConnString= "Data Source=.;Initial Catalog=test;User Id=sa;Password=;"
Dim objConn as New SqlConnection(strConnString)
'2. 创建Command对象
Dim strSQL as String = "SELECT COUNT(*) FROM UserAccount " & _
"WHERE Username=@Username AND Password=@Password"
Dim objCmd as New SqlCommand(strSQL, objConn)
'3. 创建参数
Dim paramUsername as SqlParameter
paramUsername = New SqlParameter("@Username", SqlDbType.VarChar, 25)
paramUsername.Value = txtUsername.Text
objCmd.Parameters.Add(paramUsername)
Dim paramPwd as SqlParameter
paramPwd = New SqlParameter("@Password", SqlDbType.Binary, 16)
paramPwd.Value = hashedDataBytes
objCmd.Parameters.Add(paramPwd)
'执行查询
objConn.Open()
Dim iResults as Integer = objCmd.ExecuteScalar()
objConn.Close()
If iResults <>0 then
'合法
Else
'不合法
End If
End Sub这样不更好。