String mysql = "select * from User where UserName =" + "'" + UserName + "'" + "And UserPwd=" + "'" + strMd5 + "'";
///这句改下
String mysql = "select * from [User] where UserName ='" + UserName
+ "' And UserPwd='" + strMd5 + "'"; 如果还报错,请吧错误信息贴出来,这样方便其他人快速找到问题所在。
String mysql = "select * from [User] where UserName ='" + UserName
+ "' And UserPwd='" + strMd5 + "'"; 调试没问题了。只是当我在登录页面中输入正确的用户名跟密码时,都提示说“用户名或密码错误”
好像在执行这个语句了 else
{
//显示错误信息
Label1.Visible = true;
Label1.Text = "用户名或密码错误";
}
if (mydr.Read())
{
//用户名写入Session 对象
Session["UserName"] = mydr[1];
//把权限编号写入session对象
Session["roleID"] = mydr[3];
//页面定位
Response.Redirect("Default.aspx"); }而是直接跳转到去执行
else
{
//显示错误信息
Label1.Visible = true;
Label1.Text = "用户名或密码错误";
}
string strMd5 = System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "md5");
生产的密码区分大小写,
还有Sql语句该加空格加空格
string Password = tbxpwd.Text.ToString().Replace("'","");
String mysql = "select * from User where UserName =" + "'" + UserName + "'" + "";
SqlCommand mycmd = new SqlCommand(mysql, myconn);
SqlDataReader mydr = mycmd.ExecuteReader();
try
{
if (mydr.Read())
{
if(System.Web.Security.FormsAuthentication.HashPasswordForStoringInConfigFile(Password, "md5").Equals(mydr[1].ToString()))
{
}
}
}
catch
{
}
调试看看值,或在查询分析器执行语句看看
最好用数据库操作类实现,到51aspx.com里看看