我做了一个登陆的窗口
如何做写上用户名,密码,然后和数据库中表中的记录比较,如果正确转到一个页?
就是这样的sql语句:sql="select * from admin where user='"+user+""' and pwd='"+pwd+"'
如何做写上用户名,密码,然后和数据库中表中的记录比较,如果正确转到一个页?
就是这样的sql语句:sql="select * from admin where user='"+user+""' and pwd='"+pwd+"'
调试欢乐多
string sPassword = Request.Form["password"].ToString();
sUserName = sUserName.Replace("'","’");
sPassword = sPassword.Replace("'","’");
this.sqlConnection1.ConnectionString = System.Configuration.ConfigurationSettings.AppSettings["数据库"];
this.sqlCommand1.CommandText="SELECT name,xm,gs,admin FROM zj_user where name='"+sUserName+"' and pass='"+sPassword+"'";
this.sqlConnection1.Open();
this.sqlCommand1.Connection = this.sqlConnection1;
SqlDataReader ReaderUserInfo = this.sqlCommand1.ExecuteReader();
if(ReaderUserInfo.Read())
{
Response.Redirect("你要的也面");
}
Response.Redirect(你想要去的页面)
要做一个权限判断,不然就可以直接输入URL进入了.
还有最好不要在sql语句中拼接字符串这样输入or 1=1就可以登陆了.
能不能给解释一下啊
this.sqlConnection1, 这些都做什么?
{
if(tbxName.Text.Trim() == "")
{
lblNote.Text = "请输入登录用户名!";
return;
}
else
{
string sSql = "Select a.F_OrgID,a.F_UserID,a.F_UserName,a.F_Pwd,b.F_OrgName From T_AIU a,T_Organization b Where a.F_OrgID = b.F_OrgID And a.F_UserID = '" + tbxName.Text.Trim() + "'";
string sConn = ConfigurationSettings.AppSettings["NCMT"];
SqlConnection conn = new SqlConnection(sConn);
SqlDataAdapter apt = new SqlDataAdapter(sSql,conn);
DataSet ds = new DataSet();
try
{
apt.Fill(ds,"dtAIU");
DataView dv = ds.Tables["dtAIU"].DefaultView; if(dv.Count > 0)
{
Session["OrgID"] = dv[0]["F_OrgID"].ToString().Trim();
Session["OrgName"] = dv[0]["F_OrgName"].ToString().Trim();
Session["UserID"] = dv[0]["F_UserID"].ToString().Trim();
Session["UserName"] = dv[0]["F_UserName"].ToString().Trim(); //验证密码
if(tbxPwd.Text.Trim() != dv[0]["F_Pwd"].ToString().Trim())
{
lblNote.Text = "密码不正确!";
return;
}
else
{
Response.Redirect("Main.htm");
}
}
else
{
lblNote.Text = "该用户还没有注册,请与管理员联系!";
return;
} }
catch(Exception ex)
{
lblNote.Text = ex.Message;
}
}
}