public static bool loginOrNot;private string cmdString;
private string conString;
private SqlConnection sqlConnection;
private SqlCommand sqlCommand;private string userName;
private string password;private void btnLogin_Click(object sender, EventArgs e)
{
this.userName = this.txtUserName.Text.ToString().Trim();
this.password = this.txtPassword.Text.ToString().Trim();
try
{
conString = "Data Source=localhost;Initial Catalog=BookManage;Integrated Security=True";
cmdString = "select count(*) as flag from Reader where ReaderName = '" +
userName + "' and ReaderPassword = '" + password + "'"; sqlConnection = new SqlConnection(conString);
sqlCommand = new SqlCommand(cmdString, sqlConnection); sqlConnection.Open();
sqlCommand.ExecuteNonQuery(); int flag = Convert.ToInt32(sqlCommand.ExecuteScalar().ToString());
sqlConnection.Close(); if (flag > 0)
loginOrNot = true;
else
loginOrNot = false;
}
catch (Exception ex)
{ }
}
private string conString;
private SqlConnection sqlConnection;
private SqlCommand sqlCommand;private string userName;
private string password;private void btnLogin_Click(object sender, EventArgs e)
{
this.userName = this.txtUserName.Text.ToString().Trim();
this.password = this.txtPassword.Text.ToString().Trim();
try
{
conString = "Data Source=localhost;Initial Catalog=BookManage;Integrated Security=True";
cmdString = "select count(*) as flag from Reader where ReaderName = '" +
userName + "' and ReaderPassword = '" + password + "'"; sqlConnection = new SqlConnection(conString);
sqlCommand = new SqlCommand(cmdString, sqlConnection); sqlConnection.Open();
sqlCommand.ExecuteNonQuery(); int flag = Convert.ToInt32(sqlCommand.ExecuteScalar().ToString());
sqlConnection.Close(); if (flag > 0)
loginOrNot = true;
else
loginOrNot = false;
}
catch (Exception ex)
{ }
}
cmdString = "select count(*) as flag from Reader where ReaderName = '" +
userName + "' and ReaderPassword = '" + password + "'"; 你应该改为参数形式的,不然别人弄个drop table就完了