SqlCommand cmd=new SqlCommand("select count(*) from userinfo where uid='''+username+''' and pwd='''+userpwd+'''",con);
应为
SqlCommand cmd=new SqlCommand("select count(*) from userinfo where uid='“+username+'” and pwd='“+userpwd+”'",con);
应为
SqlCommand cmd=new SqlCommand("select count(*) from userinfo where uid='“+username+'” and pwd='“+userpwd+”'",con);
SqlCommand cmd=new SqlCommand("select count(*) from userinfo where uid='''+username+''' and pwd='''+userpwd+'''",con);
应改为:
SqlCommand cmd=new SqlCommand("select count(*) from userinfo where uid='"+username+"' and pwd='"+userpwd+"'",con); 2:
string username=Request.Form["username"].ToString();
应改为:
if(Request.Form["userpwd"]!=null )
{
string userpwd=Request.Form["userpwd"].ToString();
}
3:
string userpwd=Request.Form["userpwd"].ToString();
应改为:
if(Request.Form["userpwd"]!=null )
{
string userpwd=Request.Form["userpwd"].ToString();
}
应为
SqlCommand cmd=new SqlCommand("select count(uid) from userinfo where uid='''+username+''' and pwd='''+userpwd+'''",con);
int count=Convert.ToInt32(cmd.ExecuteScalar()); 因为ExecuteScalar()只返回第一行第一列的值,其它的被丢掉.
int count=Convert.ToInt32(cmd.ExecuteScalar());
if (count>0)
{
Response.Redirect("main.aspx");
}
else
{
Response.Redirect("loginfaile.htm");
}
改为:
SqlCommand cmd=new SqlCommand("select count(*) from userinfo where uid='''+username+''' and pwd='"+userpwd+"',con);
DataSet ds=new DataSet();
DataAdapter da=new DataAdapter(sqlStr,con);
da.Fill(ds);
if(ds.Tables[0].Rows.Count>0)
{
Response.Redirect("main.aspx");
}
else
{
Response.Redirect("loginfaile.htm");
}