表名 table 字段id(int,主键),adminname,adminpass
配置文件web.config:<add key="connStr" value="Server=(local);uid=sa;pwd=123456;Database=aaa" />
数据库操作类(独立文件Class.cs):
public class Db
{
public string strConn = ConfigurationSettings.AppSettings["connStr"];
}CS代码(C#):
public partial class admin_Login : System.Web.UI.Page
{
Db myhero = new Db();
protected void Page_Load(object sender, EventArgs e)
{ }
protected void btnLogin_Click(object sender, EventArgs e)
{
string sUserName = txtUserName.Text;
string sPassWord = txtPassWord.Text;
string sql_str; sql_str = "select adminname,adminpass from admin where adminname= '" + sUserName + "' and adminpass ='" + sPassWord + "'";
SqlConnection scon = new SqlConnection(myhero.strConn);
scon.Open();
SqlCommand scmd = new SqlCommand(sql_str,scon);
SqlDataReader sdr = scmd.ExecuteReader(); if (this.TextBox1.Text.Trim().ToUpper() == Session["CheckCode"].ToString().Trim().ToUpper())//验证码检查
{
if (sdr.Read())
{
Session["guanli"] = txtUserName.Text;
Msg.Text = "登陆成功!!!";
Response.Redirect("manage.aspx");
}
else
{
Session["guanli"] = null;
Msg.Text = "用户名或密码错误,登陆不成功!!!";
}
}
else
{
Msg.Text = "验证码错误!!!";
}
sdr.Close();
scon.Close();
}
}哪里出问题了,为啥验证不了数据?只有验证码可以用。
配置文件web.config:<add key="connStr" value="Server=(local);uid=sa;pwd=123456;Database=aaa" />
数据库操作类(独立文件Class.cs):
public class Db
{
public string strConn = ConfigurationSettings.AppSettings["connStr"];
}CS代码(C#):
public partial class admin_Login : System.Web.UI.Page
{
Db myhero = new Db();
protected void Page_Load(object sender, EventArgs e)
{ }
protected void btnLogin_Click(object sender, EventArgs e)
{
string sUserName = txtUserName.Text;
string sPassWord = txtPassWord.Text;
string sql_str; sql_str = "select adminname,adminpass from admin where adminname= '" + sUserName + "' and adminpass ='" + sPassWord + "'";
SqlConnection scon = new SqlConnection(myhero.strConn);
scon.Open();
SqlCommand scmd = new SqlCommand(sql_str,scon);
SqlDataReader sdr = scmd.ExecuteReader(); if (this.TextBox1.Text.Trim().ToUpper() == Session["CheckCode"].ToString().Trim().ToUpper())//验证码检查
{
if (sdr.Read())
{
Session["guanli"] = txtUserName.Text;
Msg.Text = "登陆成功!!!";
Response.Redirect("manage.aspx");
}
else
{
Session["guanli"] = null;
Msg.Text = "用户名或密码错误,登陆不成功!!!";
}
}
else
{
Msg.Text = "验证码错误!!!";
}
sdr.Close();
scon.Close();
}
}哪里出问题了,为啥验证不了数据?只有验证码可以用。
而且不要這樣寫: sql_str = "select adminname,adminpass from admin where adminname= '" + sUserName + "' and adminpass ='" + sPassWord + "'";
{
Session["guanli"] = txtUserName.Text;
Msg.Text = "登陆成功!!!";
Response.Redirect("manage.aspx");
}
在验证时用的是Session["guanli"],不是从数据库查询的sdr值
一般用参数,这样更安全.
if (this.TxtVal.Text.Trim() == Session["RandCode"].ToString().Trim())
{
SqlParameter par1 = new SqlParameter("@id", this.txtusername.Text.Trim());
SqlParameter par2 = new SqlParameter("@pwd", Tools.Encrypt(this.txtPas.Text.Trim())); SqlDataReader reader = SqlHelper.ExecuteReader(SqlHelper.ConnectionStringLocalTransaction, CommandType.Text, "select * from user_table where id=@id and pwd=@pwd and flag='1'", par1, par2);
if (reader.Read())
{
Session["username"] = txtusername.Text.Trim();
Server.Transfer("usermanage.aspx");
}
else
{
Tools.MessageBox(this, "用户名或密码错误,请重新输入!"); return;
}
}
else
{
Tools.MessageBox(this, "验证码错误,请重新输入!"); return;
}
sql_str = "select count(adminname) from admin where adminname= '" + sUserName + "' and adminpass ='" + sPassWord + "'";
SqlCommand scmd = new SqlCommand(sql_str,scon);
obj ret = scmd.ExecuteScalar();
if (ret!=null && int.Parse(ret.ToString())>0)
{
//登录成功
}
.....
{
strConn = ConfigurationSettings.AppSettings["connStr"];
SqlConnection scon = new SqlConnection(strConn);
scon.Open();
string strSQL = "select adminpass from admin where adminname= '" + sUserName + "'";
SqlCommand scmd = new SqlCommand(sql_str,scon);
SqlDataReader sdr = scmd.ExecuteReader();
bool k = false;
if (this.TextBox1.Text.Trim().ToUpper() == Session["CheckCode"].ToString().Trim().ToUpper())//验证码检查
{
if(sdr.Read()){
if(sdr.GetValue(0).Equals(sPassWord)){
k = true;
}
}
return k;
}
else
{
Msg.Text = "验证码错误!!!";
}
sdr.Close();
scon.Close();
}