protected void btnUpdate_Click(object sender, EventArgs e)
{
string a = Session["username"].ToString(); SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["zyconnection"].ConnectionString); string b = "select userpassword from tb_user where username='a'";
if (txtOldpwd.Text.Trim()==b)
{
SqlCommand CMD = new SqlCommand("update (userpassword) set('" + txtNewpwd.Text + "') from tb_user where username='a'",conn);
CMD.ExecuteNonQuery();
Response.Write("<script>alert('修改成功')</script>");
}
else
Response.Write("<script>alert('原始密码输入不正确')</script>");
}
{
string a = Session["username"].ToString(); SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["zyconnection"].ConnectionString); string b = "select userpassword from tb_user where username='a'";
if (txtOldpwd.Text.Trim()==b)
{
SqlCommand CMD = new SqlCommand("update (userpassword) set('" + txtNewpwd.Text + "') from tb_user where username='a'",conn);
CMD.ExecuteNonQuery();
Response.Write("<script>alert('修改成功')</script>");
}
else
Response.Write("<script>alert('原始密码输入不正确')</script>");
}
// 这里不是应该执行上面的SQL
if (txtOldpwd.Text.Trim()==b)
// 这里不是应该执行上面的SQL
if (txtOldpwd.Text.Trim()==b)
我没看明白
不需要写成
select userpassword from tb_user where username='"+a+"'??
string b = "select userpassword from tb_user where username='a'"; // 你这里少了一段代码,执行上面的sql语句,从数据库查找对应的密码 if (txtOldpwd.Text.Trim()=="查找的密码")
protected void btnUpdate_Click(object sender, EventArgs e)
{
string a = Session["username"].ToString(); SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["zyconnection"].ConnectionString); string b = "select userpassword from tb_user where username='a'";
if (txtOldpwd.Text.Trim()==b) // 这里b就是上面那个SQL语句,不是查询得到的用户密码
{
SqlCommand CMD = new SqlCommand("update (userpassword) set('" + txtNewpwd.Text + "') from tb_user where username='a'",conn); // 这个UPDATE语句也是不对的。
CMD.ExecuteNonQuery();
Response.Write(" <script>alert('修改成功') </script>");
}
else
Response.Write(" <script>alert('原始密码输入不正确') </script>");
}
[/code]改过的代码:protected void btnUpdate_Click(object sender, EventArgs e)
{
string username = Session["username"].ToString(); SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["zyconnection"].ConnectionString); SqlCommand command = new SqlCommand("select userpassword from tb_user where username='" + username + "'", conn);
string oldPwd = command.ExecuteScalar().ToString().Trim();
if (txtOldpwd.Text.Trim() == oldPwd)
{
command.CommandText = "update tb_user set userpassword = '" + txtNewpwd.Text + "' where username='" + a + "'";
if (command.ExecuteNonQuery() != 0)
{
Response.Write(" <script>alert('修改成功。') </script>");
}
else
{
Response.Write(" <script>alert('修改失败。') </script>");
}
}
else
{
Response.Write(" <script>alert('原始密码输入不正确。') </script>");
}
}
另外,建议变量名不要用a b c d这样的,不利于日后的维护。
你明明定义string b = "select userpassword from tb_user where username='a'";
它就只是字符串而已,因为你还没有去数据库里面执行这个sql语句,然后返回密码啊参考9楼的改过的代码把,基本上就是他写的那样了