Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs)
If Page.IsValid Then
Dim conn As SqlConnection
conn = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|datadirectory|Database.mdf;Integrated Security=True;User Instance=True")
conn.Open()
Dim cmdstr As String
cmdstr = "select * from [User] where name ='" + TextBox1.Text.Trim() + "'and ps = '" + TextBox2.Text.Trim() + "'and flag='" + DropDownList1.SelectedIndex.ToString() + "'"
Dim cmd As SqlCommand
cmd = New SqlCommand(cmdstr, conn)
Dim sdr As SqlDataReader = cmd.ExecuteReader()
If sdr.read() Then
If DropDownList1.SelectedIndex.ToString() = "0" Then
Session("flag") = "普通用户"
Session("name") = TextBox1.Text
Response.Redirect("index.aspx")
ElseIf DropDownList1.SelectedIndex.ToString() = "1" Then
Session("flag") = "管理员"
Response.Redirect("indexmanager.aspx")
End If
Else
MsgBox("您输入用户名或者密码有误!", MsgBoxStyle.OkOnly)
TextBox1.Text = ""
TextBox2.Text = ""
End If
conn.Close() Response.Redirect("index.aspx")
End If
End Sub
If Page.IsValid Then
Dim conn As SqlConnection
conn = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|datadirectory|Database.mdf;Integrated Security=True;User Instance=True")
conn.Open()
Dim cmdstr As String
cmdstr = "select * from [User] where name ='" + TextBox1.Text.Trim() + "'and ps = '" + TextBox2.Text.Trim() + "'and flag='" + DropDownList1.SelectedIndex.ToString() + "'"
Dim cmd As SqlCommand
cmd = New SqlCommand(cmdstr, conn)
Dim sdr As SqlDataReader = cmd.ExecuteReader()
If sdr.read() Then
If DropDownList1.SelectedIndex.ToString() = "0" Then
Session("flag") = "普通用户"
Session("name") = TextBox1.Text
Response.Redirect("index.aspx")
ElseIf DropDownList1.SelectedIndex.ToString() = "1" Then
Session("flag") = "管理员"
Response.Redirect("indexmanager.aspx")
End If
Else
MsgBox("您输入用户名或者密码有误!", MsgBoxStyle.OkOnly)
TextBox1.Text = ""
TextBox2.Text = ""
End If
conn.Close() Response.Redirect("index.aspx")
End If
End Sub
if (Page.IsValid)
{
SqlConnection conn;
conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=|datadirectory|Database.mdf;Integrated Security=True;User Instance=True");
conn.Open();
string cmdstr="";
cmdstr="select * from [User] where name ='" + TextBox1.Text.Trim() + "'and ps = '" + TextBox2.Text.Trim() + "'and flag='" + DropDownList1.SelectedIndex.ToString() + "'";
SqlCommand cmd;
cmd=new SqlCommand(cmdstr,conn);
SqlDataReader sdr=cmd.ExecuteReader();
if(sdr.Read())
{
if(DropDownList1.SelectedIndex.ToString() == "0")
{
Session("flag") = "普通用户";
Session("name") = TextBox1.Text;
Response.Redirect("index.aspx");
}
else if (DropDownList1.SelectedIndex.ToString() == "1")
{
Session("flag") = "管理员";
Response.Redirect("indexmanager.aspx");
}
else
{
MessageBox.Show("您输入用户名或者密码有误!", "提示", MessageBoxButtons.OK);
TextBox1.Text = "";
TextBox2.Text = "";
}
}
}
conn.Close();
Response.Redirect("index.aspx");
Dim b As SqlConnection
Dim time As DateTime
b = New SqlConnection("Data Source=.\SQLEXPRESS;AttachDbFilename=|datadirectory|database.mdf;Integrated Security=True;User Instance=True")
b.Open()
time = Now()
If TextBox1.Text = "" Then
Label1.Text = "请输入您的昵称!"
ElseIf TextBox2.Text = "" Then
Label1.Text = "请输入您的E-mail!"
Else
Dim cmdst As String
Dim cmd As SqlCommand
cmdst = "insert into guestbook values('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + time + "')"
cmd = New SqlCommand(cmdst, b)
cmd.ExecuteNonQuery()
b.Close()
MsgBox("留言成功!", MsgBoxStyle.OkOnly)
Response.Redirect("guest.aspx") End If End Sub