附代码
protected void Button3_Click(object sender, EventArgs e)
{
string user, pwd;
user = User.Text;
pwd = oldpwd.Text;
if (user != "" && pwd != "")
{
string connsql = "Data Source=PC-200809241637\\SQLEXPRESS;Initial Catalog=库存表;Integrated Security=True";
SqlConnection conn = new SqlConnection(connsql);
conn.Open(); string mysql = "SELECT * from yonghu where 用户名='"+user+"'and 密码='"+pwd+"'";
SqlCommand cmd = new SqlCommand(mysql, conn);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
if (newpwd.Text != "" && newpwd2.Text != "" && newpwd.Text == newpwd2.Text)
{
SqlCommand ccmd = new SqlCommand("update yonghu set 密码='" + newpwd.Text + "' where 用户名='"+user+"',conn);
ccmd.ExecuteNonQuery();
Label5.Text = "密码修改成功";
}
else { Label5.Text = "输入的新密码不一致"; } }
else
{
Label5.Text = "用户名或密码错误";
}
conn.Close();
}
SqlCommand ccmd = new SqlCommand("update yonghu set 密码='" + newpwd.Text + "' where 用户名='"+user+"',conn);这行的最后,说是常量中有换行符还有这么用@参数防止SQL注入 帮忙小改下
protected void Button3_Click(object sender, EventArgs e)
{
string user, pwd;
user = User.Text;
pwd = oldpwd.Text;
if (user != "" && pwd != "")
{
string connsql = "Data Source=PC-200809241637\\SQLEXPRESS;Initial Catalog=库存表;Integrated Security=True";
SqlConnection conn = new SqlConnection(connsql);
conn.Open(); string mysql = "SELECT * from yonghu where 用户名='"+user+"'and 密码='"+pwd+"'";
SqlCommand cmd = new SqlCommand(mysql, conn);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
if (newpwd.Text != "" && newpwd2.Text != "" && newpwd.Text == newpwd2.Text)
{
SqlCommand ccmd = new SqlCommand("update yonghu set 密码='" + newpwd.Text + "' where 用户名='"+user+"',conn);
ccmd.ExecuteNonQuery();
Label5.Text = "密码修改成功";
}
else { Label5.Text = "输入的新密码不一致"; } }
else
{
Label5.Text = "用户名或密码错误";
}
conn.Close();
}
SqlCommand ccmd = new SqlCommand("update yonghu set 密码='" + newpwd.Text + "' where 用户名='"+user+"',conn);这行的最后,说是常量中有换行符还有这么用@参数防止SQL注入 帮忙小改下
解决方案 »
- 急等:有关存储过程中in(@Temp)的查询问题
- 关于做数字报版本的热区特效
- .net实现鼠标右键列出菜单
- 如何生成缩略图
- 如何在动态绑定中加密查询字符串QueryString
- 从asp.net页面向word中导入内容,如何做到 同时对字体加以设置
- 小白求急救!!!!.net系统无法与外部系统同步~~哭~~~~
- 怎样使用命令按钮在新窗口中打开站点下的网页文件??不好意思,好久没有上网了,今天用163拨号多提两个:)
- 怎样实现如左图所示用键盘控制treeview节点选择?
- 请问:我在vs中用了javascript脚本,那么怎样定义一个全局变量才能使javascript和c#都可以用!
- 如何记住页面回发前DIV中滚动条的位置
- asp.net接收消息??
"update yonghu set 密码='" + newpwd.Text + "' where 用户名='"+user+"'改成
"update yonghu set 密码='" + newpwd.Text + "' where 用户名='"+user+"'"末尾少了以个"
create procedure updateAdmin
@name nvarchar(50),
@pwd nvarchar(50),
@power int
as
update Admin set password=@pwd, power=@power where name=@name
goC#代码 public bool UpdateAdmin(string name, string pwd, int power)
{
SqlCommand cmd = new SqlCommand("updateAdmin", Conn);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@name", SqlDbType.NVarChar).Value = name;
cmd.Parameters.Add("@pwd", SqlDbType.NVarChar).Value = pwd;
cmd.Parameters.Add("@power", SqlDbType.Int).Value = power;
Conn.Open();
int result = cmd.ExecuteNonQuery();
Conn.Close();
if (result > 0)
return true;
else
return false;
}
不知道这样写有什么不好的地方。望高手指教
//最后面少了个双引号 string str = "update yonghu set password=@password where username=@username";
SqlCommand cmd = new SqlCommand(str,conn);
cmd.Parameters.AddWithValue("@username", username.Text);
cmd.Parameters.AddWithValue("@password", password.Text);
错的更多了,都是缺少using指令(SqlConnection,SqlCommand SqlDataReader ) 这些,大家详细看看,是不是哪里有虾米问题?
行 44: {
行 45: SqlCommand ccmd = new SqlCommand("update yonghu set 密码='"+newpwd.Text+"' where 用户名='"+user+"'",conn);
行 46: ccmd.ExecuteNonQuery();行 47:
行 48: Label5.Text = "密码修改成功";