return Users; }以下是数据访问层代码,数据访问层一般叫DAL public static List<User> GetUserInfo(string user,string password) { List<User> Users = new List<User>(); string sql = "select * from User where Password = '"+password+"' and User = '"+user+"'"; //写where子句的时候把Password放前面.因为Password经过加密,所以可以防止SQL注入攻击 SqlDataAdapter da = new SqlDataAdapter(sql,"这里是数据库连接字符串"); DataSet ds = new DataSet(); da.Fill(ds);
for(int i=0;i<ds.Tables[0].Rows.Count;i++) { User user = new User(ds.Tables[0].Rows[i]["ID"].ToString(),ds.Tables[0].Rows[i]["User"].ToString(),ds.Tables[0].Rows[i]["Password"].ToString()); Users.Add(user); }
return Users; }还会有一个Model层.叫做模板层.是数据表结构的印射.Model层是共用层,其他三层都要用到. 比如数据库中有张表User,里面有3个字段ID,User,Password 那么在模板层中应该有一个类,数据库中User表的一行对应一个User对象,一张表对应User对象的集合. public class User { string ID; string User; string Password;
using System.Data.SqlClient;
... void Page_Load(object sender, System.EventArgs e)
{
string username = this.TextBox1.Text.Trim();
string pwd = this.TextBox2.Text.Trim();
ConnectSql(username, pwd);
}
private void ConnectSql(string username, string pwd)
{
IDbConnection conn = null;
try
{
conn = new SqlConnection("server=192.168.0.220;uid=sa;pwd=;database=text");
conn.Open();
string mySel = "select * from [user] where name=" + "'" + username + "'";
SqlCommand com = new SqlCommand(mySel, (SqlConnection)conn);
SqlDataReader reader = com.ExecuteReader();
if (!reader.HasRows)
{
Response.Redirect("index.aspx?error=用户名错误");
}
else
{
while (reader.Read())
{
if (pwd != reader.GetString(2))
Response.Redirect("index.aspx?error=密码错误");
else
Response.Redirect("Main.html");
}
}
}
catch (SqlException)
{
Response.Write("在打开连接时出现连接级别的错误!");
}
finally
{
if (conn != null)
conn.Close();
}
}
这里是界面层一般叫UIL
protected void Button1_Click(object sender, EventArgs e)
{
List<User> Users = BLL.GetUserInfo(txtUserName.Text,txtPassword.Text);
if(Users.Length > 0)
{
Response.Write("登陆成功");
}
else
{
Response.Write("登陆失败");
}
}以下是逻辑层代码,业务逻辑层一般叫BLL
public static List<User> GetUserInfo(string user,string password)
{
string newPassword = GetMD5Hash(password); //这里对密码进行加密处理,数据库中存放的是经过MD5加密后的密,业务逻辑层一般都是处理复杂的逻辑.例如加密逻辑
List<User> Users = DAL.GetUserInfo(user,newPassword);
return Users;
}以下是数据访问层代码,数据访问层一般叫DAL
public static List<User> GetUserInfo(string user,string password)
{
List<User> Users = new List<User>();
string sql = "select * from User where Password = '"+password+"' and User = '"+user+"'"; //写where子句的时候把Password放前面.因为Password经过加密,所以可以防止SQL注入攻击
SqlDataAdapter da = new SqlDataAdapter(sql,"这里是数据库连接字符串");
DataSet ds = new DataSet();
da.Fill(ds);
for(int i=0;i<ds.Tables[0].Rows.Count;i++)
{
User user = new User(ds.Tables[0].Rows[i]["ID"].ToString(),ds.Tables[0].Rows[i]["User"].ToString(),ds.Tables[0].Rows[i]["Password"].ToString());
Users.Add(user);
}
return Users;
}还会有一个Model层.叫做模板层.是数据表结构的印射.Model层是共用层,其他三层都要用到.
比如数据库中有张表User,里面有3个字段ID,User,Password
那么在模板层中应该有一个类,数据库中User表的一行对应一个User对象,一张表对应User对象的集合.
public class User
{
string ID;
string User;
string Password;
//重载构造函数
User(string id,string user,string password)
{
this.ID=id;
this.User=user;
this.Password=password;
}
}