protected void btnOK_Click(object sender, EventArgs e)
{
string constr = "server=.;database=TestData;user id=sa;password=123;";
SqlConnection con = new SqlConnection(constr);
con.Open();
string strsql = "select Name,Password from LoginTable where Name='"+txtUserName.Text+"'+Password='"+txtPwd.Text+"'";
SqlCommand cmd = new SqlCommand(strsql,con);
SqlDataReader rd = cmd.ExecuteReader(); //用户代码未处理SqlException??这是什么意思啊
if (rd.Read())
{
if (rd.GetValue(0).ToString() == txtUserName.Text)
{
if (rd.GetValue(1).ToString() == txtPwd.Text)
{
Response.Redirect("Default.aspx");
}
else
{
Response.Write("<script>alert('密码错误!')</script>");
}
}
else
{
Response.Write("<script>alert('用户名错误!')</script>");
}
}
else
{
Response.Write("<script>alert('用户不存在')</script>");
}
con.Close();
}
{
string constr = "server=.;database=TestData;user id=sa;password=123;";
SqlConnection con = new SqlConnection(constr);
con.Open();
string strsql = "select Name,Password from LoginTable where Name='"+txtUserName.Text+"'+Password='"+txtPwd.Text+"'";
SqlCommand cmd = new SqlCommand(strsql,con);
SqlDataReader rd = cmd.ExecuteReader(); //用户代码未处理SqlException??这是什么意思啊
if (rd.Read())
{
if (rd.GetValue(0).ToString() == txtUserName.Text)
{
if (rd.GetValue(1).ToString() == txtPwd.Text)
{
Response.Redirect("Default.aspx");
}
else
{
Response.Write("<script>alert('密码错误!')</script>");
}
}
else
{
Response.Write("<script>alert('用户名错误!')</script>");
}
}
else
{
Response.Write("<script>alert('用户不存在')</script>");
}
con.Close();
}
{
SqlDataReader rd = cmd.ExecuteReader(); //
……
}
catch (Exceptions ex)//在这里捕获错误原因
{
throw ex;
}
看看错误原因
检查一下
肯定这地方有问题
跟踪一下
看看
,Password='" +txtpwd.Text+ "'";
string strsql="select Name,Password from LoginTable where Name='" +txtUserName.Text+ "'
and Password='" +txtpwd.Text+ "'";
protected void Button1_Click(object sender, EventArgs e)
{
string constr = "server=.;database=TestData;user id=sa;password=123;";
SqlConnection con = new SqlConnection(constr);
con.Open(); string strsql = "select Name,Password from LoginTable where Name= @Name and Password=@Password";
//使用SqlParameter防止SQL注入攻击
SqlCommand cmd = new SqlCommand(strsql, con);
cmd.Parameters.Add(new SqlParameter("@Name", txtUserName.Text));
cmd.Parameters.Add(new SqlParameter("@Password", txtPwd.Text));
SqlDataReader rd = cmd.ExecuteReader(); //用户代码未处理SqlException??这是什么意思啊
if (rd.Read())
{
if (rd.GetValue(0).ToString() == txtUserName.Text)
{
if (rd.GetValue(1).ToString() == txtPwd.Text)
{
Response.Redirect("Default.aspx");
}
else
{
Response.Write(" <script>alert('密码错误!') </script>");
}
}
else
{
Response.Write(" <script>alert('用户名错误!') </script>");
}
}
else
{
Response.Write(" <script>alert('用户不存在') </script>");
}
con.Close();
}
{ string constr = "server=.;database=TestData;user id=sa;password=123;";
SqlConnection con = new SqlConnection(constr);
if (con.State == ConnectionState.Closed)
{
con.Open();
}
try
{
string strsql = "select Name,Password from LoginTable where Name= @Name and Password=@Password";
//使用SqlParameter防止SQL注入攻击
SqlCommand cmd = new SqlCommand(strsql, con);
cmd.Parameters.Add(new SqlParameter("@Name", txtUserName.Text));
cmd.Parameters.Add(new SqlParameter("@Password", txtPwd.Text));
SqlDataReader rd = cmd.ExecuteReader(); //用户代码未处理SqlException??这是什么意思啊
if (rd.Read())
{
if (rd.GetValue(0).ToString() == txtUserName.Text)
{
if (rd.GetValue(1).ToString() == txtPwd.Text)
{
Response.Redirect("Default.aspx");
}
else
{
this.ShowAlarm("密码错误!");
} }
else
{
this.ShowAlarm("用户名错误!");
}
}
else
{
this.ShowAlarm("用户不存在!");
}
}
catch (Exception ex)
{
this.ShowAlarm("验证数据时发生错误!\\r\\r错误原因是:"+ex.ToString().Trim());
}
finally
{
if(con.State == ConnectionState.Open)
{
con.Close();
}
}
}
private void ShowAlarm(string strAlarm)
{
Response.Write("<script>alert('"+strAlarm.Trim()+"')</script>");
}