我用设计页面,加上div等等的设计了一个很简单的登陆界面,现在想将登陆信息和数据库中的信息比较,好确定登陆权限,我在登陆按钮的事件中写了如下代码想用数据库中的信息做比较,但是不能引用login.aspx中的名称和信息,怎么办,我刚开始学不太懂,希望大神们指点一下,能加一下QQ更感谢了,我们下个月要交一个系统作业,我想做的好一点~我的QQ是1484848401. protected void LoginButton_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(@"Data Source=FACE;Initial Catalog=仓库管理系统;Integrated Security=True");
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from userlog where username='" + UserName + "'"; } }
}
{
SqlConnection conn = new SqlConnection(@"Data Source=FACE;Initial Catalog=仓库管理系统;Integrated Security=True");
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from userlog where username='" + UserName + "'"; } }
}
protected void LoginButton_Click(object sender, EventArgs e)
{
using(SqlConnection conn = new SqlConnection(@"Data Source=FACE;Initial Catalog=仓库管理系统;Integrated Security=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from userlog where username='" + This.TextBox1.Text.Trim() + "'";
using(SqlDataReader reader = cmd.ExecuteNonQuery())
{
if(reader.Read())
{
Response.Redirect("index.aspx"); //有配置的记录,进行跳转
}
else
{
Response.Redirect("login.aspx"); //没有配置的记录,跳转重新登录 }
} } }
}
protected void LoginButton_Click(object sender, EventArgs e)
{
using(SqlConnection conn = new SqlConnection(@"Data Source=FACE;Initial Catalog=仓库管理系统;Integrated Security=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from userlog where username='" + This.TextBox1.Text.Trim() + "'";
using(SqlDataReader reader = cmd.ExecuteNonQuery())
{
if(reader.Read())
{
Response.Redirect("index.aspx"); //有配置的记录,进行跳转
}
else
{
Response.Redirect("login.aspx"); //没有配置的记录,跳转重新登录 }
} } }
}
protected void LoginButton_Click(object sender, EventArgs e)
{
using(SqlConnection conn = new SqlConnection(@"Data Source=FACE;Initial Catalog=仓库管理系统;Integrated Security=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from userlog where username='" + This.TextBox1.Text.Trim() + "'";
using(SqlDataReader reader = cmd.ExecuteNonQuery())
{
if(reader.Read())
{
Response.Redirect("index.aspx"); //有配置的记录,进行跳转
}
else
{
Response.Redirect("login.aspx"); //没有配置的记录,跳转重新登录
}
} } }
}
protected void userLogin_Click(object sender, EventArgs e)
{
int result = -1;
string username = TextUsername.Text;
string pass = TextPass.Text;
SqlParameter[] param = new SqlParameter[]{
new SqlParameter("@username ", username ),
new SqlParameter("@pass ", pass )
};
string sql = "select count(*) from userlog where username=@username and password=@pass ";
result = (int)ExecuteScalar(CommandType.Text, sql, param);
if(result>0)
//验证通过
else
//失败 }
[code=C/C++]using System.Data;
using System.Data.SqlClient;
using System.Configuration;
using System.Data.Common;
using System.Collections.Generic;
/// <summary>
/// 数据访问抽象基础类
/// Copyright (C) 2004-2008 By LiTianPing
/// </summary>
public abstract class DbHelperSQL
{
//数据库连接字符串(web.config来配置),可以动态更改connectionString支持多数据库.
public static string connectionString = ConfigurationManager.AppSettings["DbHelperConnectionString"].ToString();
public DbHelperSQL()
{
} #region 公用方法
/// <summary>
/// 判断是否存在某表的某个字段
/// </summary>
/// <param name="tableName">表名称</param>
/// <param name="columnName">列名称</param>
/// <returns>是否存在</returns>
public static bool ColumnExists(string tableName, string columnName)
{
string sql = "select count(1) from syscolumns where [id]=object_id('" + tableName + "') and [name]='" + columnName + "'";
object res = GetSingle(sql);
if (res == null)
{
return false;
}
return Convert.ToInt32(res) > 0;
}
public static int GetMaxID(string FieldName, string TableName)
{
string strsql = "select max(" + FieldName + ")+1 from " + TableName;
object obj = GetSingle(strsql);
if (obj == null)
{
return 1;
}
else
{
return int.Parse(obj.ToString());
}
}
public static bool Exists(string strSql)
{
object obj = GetSingle(strSql);
int cmdresult;
if ((Object.Equals(obj, null)) || (Object.Equals(obj, System.DBNull.Value)))
{
cmdresult = 0;
}
else
{
cmdresult = int.Parse(obj.ToString());
}
if (cmdresult == 0)
{
return false;
}
else
{
return true;
}
}
/// <summary>
/// 表是否存在
/// </summary>
/// <param name="TableName"></param>
/// <returns></returns>
public static bool TabExists(string TableName)
{
string strsql = "select count(*) from sysobjects where id = object_id(N'[" + TableName + "]') and OBJECTPROPERTY(id, N'IsUserTable') = 1";
//string strsql = "SELECT count(*) FROM sys.objects WHERE object_id = OBJECT_ID(N'[dbo].[" + TableName + "]') AND type in (N'U')";
object obj = GetSingle(strsql);
int cmdresult;
if ((Object.Equals(obj, null)) || (Object.Equals(obj, System.DBNull.Value)))
{
cmdresult = 0;
}
else
{
cmdresult = int.Parse(obj.ToString());
}
if (cmdresult == 0)
{
return false;
}
else
{
return true;
}
}
public static bool Exists(string strSql, params SqlParameter[] cmdParms)
{
object obj = GetSingle(strSql, cmdParms);
int cmdresult;
if ((Object.Equals(obj, null)) || (Object.Equals(obj, System.DBNull.Value)))
{
cmdresult = 0;
}
else
{
cmdresult = int.Parse(obj.ToString());
}
if (cmdresult == 0)
{
return false;
}
else
{
return true;
}
}
#endregion #region 执行简单SQL语句 /// <summary>
/// 执行SQL语句,返回影响的记录数
/// </summary>
/// <param name="SQLString">SQL语句</param>
/// <returns>影响的记录数</returns>
public static int ExecuteSql(string SQLString)
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand(SQLString, connection))
{
try
{
connection.Open();
int rows = cmd.ExecuteNonQuery();
return rows;
}
catch (System.Data.SqlClient.SqlException e)
{
connection.Close();
throw e;
}
}
}
} public static int ExecuteSqlByTime(string SQLString, int Times)
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand(SQLString, connection))
{
try
{
connection.Open();
cmd.CommandTimeout = Times;
int rows = cmd.ExecuteNonQuery();
return rows;
}
catch (System.Data.SqlClient.SqlException e)
{
connection.Close();
throw e;
}
}
}
}
/// <summary>
/// 执行多条SQL语句,实现数据库事务。
/// </summary>
/// <param name="SQLStringList">多条SQL语句</param>
public static int ExecuteSqlTran(List<String> SQLStringList)
{
using (SqlConnection conn = new SqlConnection(connectionString))
{
conn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection = conn;
SqlTransaction tx = conn.BeginTransaction();
cmd.Transaction = tx;
try
{
int count = 0;
for (int n = 0; n < SQLStringList.Count; n++)
{
string strsql = SQLStringList[n];
if (strsql.Trim().Length > 1)
{
cmd.CommandText = strsql;
count += cmd.ExecuteNonQuery();
}
}
tx.Commit();
return count;
}
catch
{
tx.Rollback();
return 0;
}
}
}
/// <summary>
/// 执行带一个存储过程参数的的SQL语句。
/// </summary>
/// <param name="SQLString">SQL语句</param>
/// <param name="content">参数内容,比如一个字段是格式复杂的文章,有特殊符号,可以通过这个方式添加</param>
/// <returns>影响的记录数</returns>
public static int ExecuteSql(string SQLString, string content)
{
using (SqlConnection connection = new SqlConnection(connectionString))
{
SqlCommand cmd = new SqlCommand(SQLString, connection);
System.Data.SqlClient.SqlParameter myParameter = new System.Data.SqlClient.SqlParameter("@content", SqlDbType.NText);
myParameter.Value = content;
cmd.Parameters.Add(myParameter);
try
{
connection.Open();
int rows = cmd.ExecuteNonQuery();
return rows;
}
catch (System.Data.SqlClient.SqlException e)
{
throw e;
}
finally
{
cmd.Dispose();
connection.Close();
}
}
}
/// <summary>
/// 执行带一个存储过程参数的的SQL语句。
/// </summary>
/// <param name="SQLString">SQL语句</param>
/// <param name="content">参数内容,比如一个字段是格式复杂的文章,有特殊符号,可以通过这个方式添加</param>
/// <returns>影响的记录数</returns>
public static object Execute[code]
string userName = this.tbUserName.Text.Trim();