public bool ReturnExe(string name, string pass)
{ SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["StoreroomConnectionString"].ConnectionString);
SqlCommand com = new SqlCommand("selectUsers", con);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@name", SqlDbType.VarChar).Value = name;
com.Parameters.Add("@passWord", SqlDbType.VarChar).Value = pass;
con.Open();
int o=Convert.ToInt32(com.ExecuteScalar());
con.Close();
if (i>0)
{
return true;
}
else
{
return false;
}
}
{ SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["StoreroomConnectionString"].ConnectionString);
SqlCommand com = new SqlCommand("selectUsers", con);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@name", SqlDbType.VarChar).Value = name;
com.Parameters.Add("@passWord", SqlDbType.VarChar).Value = pass;
con.Open();
int o=Convert.ToInt32(com.ExecuteScalar());
con.Close();
if (i>0)
{
return true;
}
else
{
return false;
}
}
{
DBuser user=new DBuser();
string name = this.TextBox1.Text.Trim();
string pwd =this.TextBox2.Text.Trim();
if (user.ReturnExe(name,pwd))
{
Response.Write("<script>alert('恭喜你登陆成功!');<script/>");
}
else
{
Response.Write("<script>alert('输入错误,请重新输入!');<script/>");
}
}
@name varchar(50),
@passWord varchar(50)
as
select @name,@passWord from Users
好像没有判断
{ SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["StoreroomConnectionString"].ConnectionString);
SqlCommand com = new SqlCommand("selectUsers", con);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@name", SqlDbType.VarChar).Value = name;
com.Parameters.Add("@passWord", SqlDbType.VarChar).Value = pass;
con.Open();
int o=Convert.ToInt32(com.ExecuteScalar());
con.Close();
if (o>0)
{
return true;
}
else
{
return false;
}
}是不是不能这样写啊????
你是要跟数据表里去比对是否存在该用户名和对应密码!~~
应该写成:
select * from Users where name=@name and password=@password至于外面你如果用ExecuteScalar()的话,你就把存储过程写成:
create proc selectUsers
@name varchar(50),
@passWord varchar(50)
as
select count(*) from Users where name=@name and password=@password这样是计算有几条用户名及密码满足条件的记录,在外面转化后int o=Convert.ToInt32(com.ExecuteScalar());
判断if(o>0)返回true 一般o为1只有一个用户满足。。
{ SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["StoreroomConnectionString"].ConnectionString);
SqlCommand com = new SqlCommand("selectUsers", con);
com.CommandType = CommandType.StoredProcedure;
com.Parameters.Add("@name", SqlDbType.VarChar).Value = name;
com.Parameters.Add("@passWord", SqlDbType.VarChar).Value = pass;
con.Open();
int o=Convert.ToInt32(com.ExecuteScalar());
con.Close();
if (o>0)
{
return true;
}
else
{
return false;
}
} 后面的判断应该有问题